Thursday, March 31, 2022

MySejahtera app server in KL, data solely owned by govt: KJ

 


MySejahtera’s data server is located in Kuala Lumpur and not Singapore, Health Minister Khairy Jamaluddin told the Dewan Negara today.

Answering concerns raised by senate members on the pandemic contact tracing application, Khairy assured Malaysians not to worry about the security of their personal data.

He said all data collected through MySejahtera is wholly owned by the Malaysian government and is only used for purposes related to addressing the Covid-19 pandemic.

The minister also revealed that the company engaged by Putrajaya - KPIsoft, which is now known as Entomo - only manages the application and does not own any of the data.

He said the majority of shares in the company are owned by Malaysians, despite it being based in Singapore.

Non-disclosure agreement

KPIsoft has also signed a non-disclosure agreement (NDA) with the National Security Council with regard to the handling of all MySejahtera data.

"Among the main terms this NDA states that each and every data and information collected through the use of MySejahtera, are solely and unconditionally owned by the government.

"I want to give assurance that all the data being kept in the MySejahtera database is secured and will only be used for pandemic control purposes by the Health Ministry. In this regard, the management and usage of MySejahtera data are subjected to the Prevention and Control of Infectious Diseases Act 1988, Medical Act 1971, and international standards," he said.

According to Khairy, the government only keeps MySejahtera check-in data, which is used for contact tracing purposes, for 90 days, after which it will be erased through hard deletion to ensure no one can recover the information.

The same goes for the data of MySejahtera users who wish to remove their information from the application.

Data security

Regarding the security of the data being kept at the MySejahtera server, which is housed at AIMS Data Centre in Kuala Lumpur, the minister said data transactions from MySejahtera are uploaded into the cloud server network on daily basis and is only accessible through the application and several supporting apps related to the pandemic.

To provide further safeguard against hackers, government agencies in charge of cyber security conduct vulnerability and security penetration tests from time to time.

The National Cyber Security Agency also carries out an audit trail every month, said Khairy, referring to a security audit that enables the government to detect unauthorised access and extraction of data from the server. - Mkini

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.