Rafizi Ramli spent an hour defending the Central Database Hub (Padu) against critics who raised concerns over the security measures in place to protect personal data integrated from all government agencies.
The economy minister addressed the decision to develop the database in-house instead of appointing vendors or private firms.
According to him, while saving cost is important, the bigger goal, however, is to build a digitally capable civil service.
"Why must it be developed 100 percent by the public service? It’s not just about cost factors.
"Of course, it is important for us to save public funds, but also of importance is to build the expertise and internal capability of civil servants," he said.
Rafizi said the previous practice of appointing vendors or private companies to develop government applications is no longer appropriate while in-house development would allow Padu to immediately act on public feedback of the system.
"Any development of a digital product will involve an ongoing process. Ongoing improvements particularly based on user feedback,” he added.
The Statistics Department is among the agencies responsible for Padu, a system built and maintained entirely by the civil service.
Yesterday, the ministry changed Padu's Application Programming Interface (API) after a netizen reported a loophole within its system which allowed third parties to use MyKad numbers to override passwords.
An API is a software intermediary that allows two applications to talk to each other.
Commenting further, Rafizi drew comparisons with other existing software with periodic patches or bug fixes, stating that the process cannot be done if Padu is maintained by a third-party vendor.
“The other thing is in terms of risk mitigation, that's also why we decided it is best to be done by the civil service. Because that limits third-party access to the data.
“I think if we do this well, we can limit the risk of a security breach,” he explained.
Prior to Padu’s roll-out, Rafizi said the government had received approval from a panel of independent experts who audited the entire system, including its various security measures.
‘Data protected by various Acts’
Meanwhile, the minister also responded to rights group Lawyers for Liberty’s call for Padu to be suspended until the Personal Data Protection Act 2010 (PDPA) is amended to remove a clause that exempted the government from liability.
“I was hoping LFL would first understand (the difference) between (data under) PDPA and publicly available data.
“Each of these (government) agencies is covered by their regulations on data. If it’s JPJ (Road Transport Department) data, then data privacy falls under the Act that governs them.
“I would have thought that a ‘so-called’ lawyers group would have understood that. If we start talking about laws we don’t understand, we look silly,” he added.
LFL director Zaid Malek said Padu must be suspended to ensure the government, along with its agencies, is responsible for the protection and security of the data collected.
Prime Minister Anwar Ibrahim launched Padu on Tuesday. Rafizi said 261,158 Malaysians completed their registration on the system within the first 48 hours. - Mkini
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.