MARCH 30 — My university day memories are mostly flashbacks of heartbreak and boredom, but I still remember presenting an assignment on the flaws of our national ID system.
In the late 90s and early 2000s, there were far too few people who truly thought about the inherent dangers of collecting so much personal data in one place.
The government having access to a database that kept all your personal data, data that could easily be abused for wrongful gain, has many potential pitfalls.
It would not be an issue if we could rely on the assumption that a government would only have the best interests of its citizens at heart.
We live now in the digital age where information is currency. If you thought Google knew too much about you now, it used to be a lot more insidious in how you could use it.
It wasn't too long ago you could search for people by just entering their email address and find every public posting they had ever made, even on ancient forums.
There once even existed a search engine called Pipl that would mine people's social media information and details so you could find all of it in one place, neatly summarised.
Disturbingly Pipl pivoted from being a place you stalk old college roommates to becoming an "identity verification" website that lets businesses verify people and fraud analysts research potential bank customers.
All the data that defines who you are is potentially worth money to someone — to individuals who can pretend to be you to apply for credit or to organisations who can study your buying patterns to influence your shopping choices.
The recent furore over a third party taking over the administration of the MySejahtera app saw people declare the government was selling their data to a private entity.
In reality, the data isn't for sale but the framework of the app, the permissions and ability to modify or add and remove features — basically everything but the data — is being handed over to the ownership of a private software firm.
From the beginning, the procurement, development and implementation of MySejahtera was obscured with far too little transparency and too much defensiveness.
It is very much unclear how safe the data is that is provided to MySejahtera. Is it properly encrypted? How hard is it to exploit by malicious actors?
A viral screenshot showed someone claiming to be selling the MySejahtera data trove though its veracity has as yet to be proven.
Despite the Personal Data Protection Act 2010, the reality is rampant data collection by third parties still goes on in Malaysia with far too many companies requesting data they shouldn't be accessing, including, but not limited to IC numbers.
Somewhere on the Dark Web, many Malaysians' data that include names, IC numbers and addresses are being sold, leaving them vulnerable to scammers or identity theft.
People especially vulnerable to online and telephone scams, such as the less tech-savvy and senior citizens, have the most to lose with many even taking loans just to pay off people claiming to be from the tax department or Bukit Aman.
No Act will do much to safeguard Malaysians' data without the government making it a priority.
While it is true that Malaysians need to be better educated about good data security practices, it is still on the government to make this country safer, both offline and online.
With data being worth as much as actual currency, doesn't the government owe us at least that?
*This is the personal opinion of the columnist.
