PETALING JAYA: Economy Minister Rafizi Ramli’s claim that government data in the Central Database Hub (Padu) need not be subjected to the Personal Data Protection Act 2010 (PDPA) is baseless, reckless and goes against the global trend, says Lawyers for Liberty (LFL).
LFL director Zaid Malek said in a Friday (Jan 5) statement that the minister seemed to be “completely oblivious to the role and necessity of PDPA legislation in governing personal data”.
He also said personal data protection cannot be left to ad hoc, superficial regulations of individual government agencies or departments.
On Thursday (Jan 4), LFL called for Padu to be suspended pending amendments to the PDPA amid fears of data breaches.
In response, Rafizi said considering the huge amounts of data in government databases, LFL’s suggestion implied that the government could not proceed with anything that involved data.
“I’m hoping the LFL, before issuing statements like that, would have understood what the PDPA is and publicly available data.
“Each government agency is governed by its own regulations on data. I would have thought a so-called lawyers’ group would understand that,” he said.
In his statement on Friday, Zaid responded: “Protection of personal data cannot be left to…. individual government agencies or departments as suggested by Rafizi. This is a reckless suggestion.
“Such regulations, even where they exist, do not provide the effective and comprehensive protection afforded by the PDPA itself.
“The PDPA protects data according to carefully laid-out principles, including disclosure, security, retention and data integrity.
“Rafizi must understand that government agencies’ regulations have no such safeguards, thus exposing the public’s personal data to potential abuse and misuse.
“In fact, the minister failed to give even one example of any such regulation. Is he speaking of the Official Secrets Act (OSA) 1972, which is totally unsuited for this purpose?” asked Zaid.
He pointed out that throughout the world, government data is subjected to PDPA-type regulations.
“The fact is, Malaysia and Singapore are the only countries that have exempted govt data from a PDPA legislative regime.
“This is not just an embarrassment to our country; it also affects trade and business with entities from countries with stricter personal data protection regimes.
ALSO READ: There must be controls in place, urge groups
“Furthermore, his claim that there’s a difference between PDPA and government data reflects a serious lack of understanding and logic.
“The nature and value of personal data is the same, irrespective of whether it is used by private businesses or by the government (and so it) must be equally protected, whether in the hands of the government or private sector.
“There has been a slew of serious criticisms against Padu, apart from the lack of PDPA protection.
“In the public interest, we strongly… urge the government to immediately suspend Padu pending amendment of the PDPA 2010,” he added.