KUALA LUMPUR, Nov 19 — Malaysians need not fear their personal details in the MySejahtera app used to record their visits to shops and such will be misused, the Health Ministry said.

That is because the ministry said it owns the data and the app is equipped with security features that meet world standards.

“The data collected through the MySejahtera app is fully owned by the Health Ministry of Malaysia and supervised by the National Cyber Security Agency (Nacsa) and the National Security Council (NSC).

“This data is managed based on the Prevention and Control of Infectious Diseases Act 1988 and the Medical Act 1971,” the ministry said in a written parliamentary statement yesterday.


“The government also ensures that the personal information collected is in line with the provisions of the Personal Data Protection Act 2010. The MySejahtera application incorporates security features that comply with global standards to protect the confidentiality and security of the data,” it added.

The ministry was responding to Ipoh Timur MP Wong Kah Who, who wanted to know who owned the data in the MySejahtera app and how such data can be protected.

MySejahtera is a free app that can be download into smartphones and has become a key tool for the Health Ministry to carry out contact tracing in the event someone tests positive for Covid-19.


The app was developed through a strategic cooperation involving the NSC, Health Ministry, Malaysian Administrative Modernisation and Management Planning Unit (MAMPU), Malaysian Communications and Multimedia Commission (MCMC) and Ministry of Science, Technology and Innovation (MOSTI).

Still feeling nervous about how your data is stored and what it will be used for?

The website for the MySejahtera app actually has a privacy policy, which among other things state that it is owned and operated by the government of Malaysia.

Here’s a quick summary of MySejahtera’s privacy policy:

1. What kind of personal information will be recorded?

Information collected include your name, address, identity card number or passport number, phone number and location.

2. How will your personal information be collected?

Your personal data will only be collected with your permission and is to be voluntarily provided by you.

This would include when you are using the app to answer health assessments or when monitoring your health status, or when you use the app to check in at premises using a QR code scan, or adding information on your dependents.

Certain types of data are collected automatically such as the location data when checking-in at premises with the QR code or the health risk status based on the health assessment answers, but with location data to only be collected once the user gives permission for the app to access the mobile device’s location services.

3. What will your personal data be used for?

As the MySejahtera app is to help the government manage the Covid-19 outbreak in Malaysia and help in its monitoring and enforcement work related to the pandemic, here’s how data collected will be used:

  • To assess your risk of Covid-19 information from the information you share on your health condition, travel history, history of mass gathering or close contact with a confirmed Covid-19 patient
  • To communicate with you if your condition requires follow-up from healthcare personnel
  • To suggest the nearest medical or screening facility to your location
  • To help you check if your current location is a hotspot area or area with a reported positive Covid-19 case

The data will also be used for contact tracing and to ensure compliance to all movement control order (MCO) rules and standard operating procedures, and can also be used to respond to users’ queries via the app.

The personal information might be shared with the enforcement authority for follow-up or to resolve any complaints submitted through the app, and will not be used for any other purposes besides those already stated, unless it is needed to comply with any legal obligations.

4. What will your personal data not be used for?

The data collected by MySejahtera will not be disclosed to any third party or transferred to a place outside of Malaysia for commercial purposes.

5. How safe is the data?

In terms of your data privacy, the personal data collected by MySejahtera will be kept confidential in line with the Privacy Policy and any applicable laws.

As for your check-in data, it will only be stored for 90 days before it is purged.

With security features matching global standards, MySejahtera states that data in transit are encrypted, while data at rest is stored in a highly secured server.

6. Don’t feel like giving the full data required?

If you provide insufficient personal data, your use of the app’s services may be affected, among other things.

Separately in the Frequently Asked Questions (FAQ) section of the MySejahtera website, it stressed the importance for users to be truthful.

“Essentially, your information will be used by the MOH to help them plan their resources and actions that they need to take efficiently. So please be honest when you submit your information. Honesty will help flatten the curve,” it said.

Also in the FAQ section, the government gave an assurance that the personal information collected will only be used to manage and mitigate the Covid-19 outbreak and that it will not be shared with any other party, while also confirming that the information and identity of a person who is confirmed to be Covid-19 positive would be protected under the confidentiality of medical records.