AS reported in Code Blue, MySJ Sdn Bhd only acquires a license to the KPISoft’s software specifically for MySejahtera “and does not acquire any other rights or ownership interests” under the five-year licensing agreement.
Specifically, the agreement “grants MySJ rights to use the KPISoft software to exclusively develop, own the application trademark for MySejahtera, and test and support the MySejahtera app”.
Note that owning the application trademark may not be the same as owning the application in its entirety.
This makes sense as the licensing agreement states that all rights, title and interest in and to the KPISoft software, the trademarks, and the services, among others, shall be retained by KPISoft unless expressly provided otherwise in the agreement, as reported by Code Blue.
Therefore, how can the Government guarantee that only the Health Ministry (MOH) has access to this data and that the data will not be accessible by the server owner/operator, and in this case, KPISoft/Entomo and MySJ?
In addition to raising further questions on data security and integrity, the lack of clarification on MySJ is baffling.
Are we supposed to just ignore the rest of the issues raised in the Public Accounts Committee (PAC) report?
Or, is the MOH statement indirectly stating that these reports are untrue or never happened?
It has been reported that during the PAC hearing, a MOH official added that the best model for procuring the [MySejahtera] system is being negotiated, whereby the MOH must determine the system operator and maintainer should the ministry procure the entire MySejahtera system.
Therefore, was MySJ intended to be said operator and maintainer of MySejahtera? Again, this does not necessarily mean owning the data. Either way, if the sale/transfer did happen, why was it through direct negotiation?
This is particularly concerning given that there are valid questions surrounding the ownership of MySJ and KPISoft.
The directors of the MySJ reportedly include two founders of KPISoft, Raveenderen Ramamoothie and Anuar Rozhan, and also high-profile individuals with political and business links namely former president and CEO of Sapura Energy Tan Sri Shahril Shamsuddin, and Tan Sri Megat Najmuddin who was a former UMNO disciplinary committee member and later Parti Pribumi Bersatu Malaysia’s disciplinary board’s chairman.
Sapura Energy was reported to have suffered a whopping net loss of RM8.9 bil, yet it received an urgent appeal from the former prime minister Datuk Seri Najib Tun Razak to be bailed out.
Shahril, Raveenderen and Naveen Prashad Despande have been reported as directors in the company Revolusi Asia, which holds the majority share in MySJ. Although not named as a director, Anuar also reportedly has shares in Revolusi Asia.
Anuar is apparently the brother of former Astro Malaysia Holdings Bhd group CEO Datuk Rohana Rozhan, who has allegedly to have profited from the 1Malaysia Development Board (1MDB) scandal.
All in all, people are innocent until proven guilty and there is such a thing as coincidence. However, it is also reasonable for people to wonder if this is a case of collusion between political and business cronies.
Other companies that own shares in MySJ include Hasrat Budi, which has individuals from a property developer as shareholders, and P2 Asset Management which has been reported to consist of young directors aged 26 to 29-year-olds.
Who are these individuals? What are the interests of a supposed asset management company and a property developer in MySJ?
In any case, an open tender process with good governance standards would ensure these alleged linkages and potential conflicts of interest are accounted for and flagged.
According to Code Blue, both MySJ and KPISoft have the same registered address at Wisma Adiss Udarama Complex in Kuala Lumpur (KL) and the same business address at Q Sentral in KL Sentral.
The MOH statements that were meant to reassure the people of its data ownership, security and privacy are insufficient and rely mostly on the people to simply trust in their word. If anything, it raises more questions than answers.
Furthermore, it also completely ignores the issue surrounding MySJ (and the people involved).
Now that the dispute between MySJ shareholders has been brought to light, will the warring entities withdraw the case and look to “directly negotiate” behind closed doors with the Government again?
EMIR Research asserts the following points as the way forward for the authorities:
- Ownership and access to data in MySejahtera must remain only with the MOH
- There must be full transparency and due process with any dealings related to MySejahtera
- Apply strictest governance and integrity standards when dealing with vast amounts of highly sensitive personal data
- Investigate MySejahtera deals through an independent commission to ensure loopholes are addressed and prevent repeat cases in the future
- Re-affirm that user personal data are fully protected and have not been transferred to any other parties
- Ensure data integrity and privacy through sufficient legislative and systems (physical and digital) safeguards are in place
- Clarify all statements and concerns raised in the PAC report, particularly on the “sale” to MySJ
Authorities must come clean over these questionable dealings, take steps to protect sensitive personal data and clarify the situation once and for all. – March 29, 2022
Dr Rais Hussin and Ameen Kamal are part of the research team of EMIR Research.
The views expressed are solely of the author and do not necessarily reflect those of Focus Malaysia.
