“Suspend PADU, prioritise amendments to PDPA to mitigate security crisis,” govt told

AN MCA Youth leader has called for the suspension of the Central Database Hub (PADU), saying that priority should instead be placed on amending the Personal Data Protection Act (PDPA).

Johor MCA Youth chief Heng Zhi Li noted that the government’s PADU database poses various security concerns, in particular, the risk of third parties misusing the identity cards of others to register and update incorrect information without the individual’s knowledge.

“Although this policy has received Cabinet approval, government agencies such as the Employees Provident Fund (KWSP), Inland Revenue Board (LHDN), and Social Security Organisation (Perkeso) seem unwilling to provide effective information sharing,” he noted.

“Therefore, does their unwillingness indicate concerns about PADU data leakage and potential misuse?”

Heng further pointed out that government agencies already possess basic citizen information such as personal details, family income, address and occupation, thus rendering the implantation of PADU redundant.

As such, this repetitive collection of information not only wastes taxpayer resources but also increases the risk of data breaches, he added.

“Furthermore, to obtain targeted government aid, people might falsify information when completing PADU forms,” Heng stated.

“Without similar verification processes as conducted by LHDN and KWSP, the unrestricted uploading of data by the public not only compromises the data’s integrity and reliability but could also lead to legal issues.”

Citing several personal data breaches in Malaysian government institutions and units in the past, Heng said these all but highlight serious cybersecurity and personal data issues.

Among instances of previous personal breaches Heng cited included the leakage of 22.58 million citizens’ data from the National Registration Department (JPN) in May 2022, suspected leakage of 800,000 electoral data in Nov 2022 and the leakage of member information and medical records from Perkeso in Dec 2023.

“The government’s typical response to these data breaches has been a cursory ‘we will conduct an internal investigation’, and despite the matter being reported, the public is unable to take legal action against government agencies over the leaked data, and authorities are not held accountable for negligence,” he remarked.

“Therefore, the government should prioritise amending the PDPA. We need to strengthen existing regulations, extend the scope of the Act, and ensure all government units managing personal data are accountable for any leakages.

“Drawing on advanced practices from other countries, like the European Union’s General Data Protection Regulation (GDPR), we should adopt more robust measures to protect citizens’ privacy and data security.” – Jan 8, 2024


Main pic credit: Bernama

Subscribe and get top news delivered to your Inbox everyday for FREE