PUTRAJAYA, Jan 4 — Economy Minister Rafizi Ramli slammed Lawyers for Liberty (LFL) for calling out his plans for the Central Database System (Padu) by asking if the group knew the law of the land properly.

Rafizi said the human rights group lacked knowledge on what Acts were in place that govern Malaysia’s data privacy and security, adding that the group were acting ignorant by condemning what he felt was a good plan for the public.

"LFL’s comments, if we go by their logic, claimed all government data cannot be used, meaning we can’t use immigration and so on. They fail to understand that Padu is something we’re collecting. Meanwhile, as we speak, you all have tons of your data all over the place in government databases. This data is governed by laws in the respective agencies.

"Without PDPA extended to public data, then the government cannot do any processes that involve the public, so all agencies that exist now must be closed because PDPA doesn’t include the public sector, by their logic.

"I would think that the LFL before issuing statements like that would understand the difference between the Personal Data Protection Act 2010 (PDPA) and public data. Public data is collected and kept by government agencies and are governed by the secrecy and privacy of their own Acts. If we took the time to get approval from each and every agency, it would take a long time.

"This would derail governments efforts to improve the people’s quality of life and that’s why Padu is here to streamline all this; hence, I find it very difficult to comprehend LFL’s statement,” he said during a press conference here, today.

In addition, Rafizi also addressed the Omnibus Bill which he said they would try to pass in 2024. He said the Bill would allow sharing of data between all government agencies via Padu.

Rafizi said the Act was necessary as the Padu system is an integrated data gathering system that is easier to manage compared to existing data gathering system.

Earlier today, LFL alleged that the rolling out of Padu, the government’s newly-launched central database hub, risks exposing sensitive information but gives the public no legal redress to seek damages if their personal data are leaked or stolen.

The group claimed government agencies are protected from legal action if data from Padu is leaked or stolen based on a provision under section 3(1) of the Personal Data Protection Act 2010 (PDPA) that appears to exempt the government from its application.

Rafizi assured the public that all data would be protected by the existing laws and also explained that the Padu system was new and needed time to be streamlined.

He said as with any digital product that aimed to bring agency and personal data together, it must be considered an "agile” business model that continues to grow and improve as it is integrated into the government’s systems.

He said he appreciated all the feedback from the public, adding that this was the only way to improve the system and its processes.

In parting, Rafizi said all standard SOPs and cybersecurity measures were taken before Padu was integrated and there is a dedicated team working round the clock to ensure it runs smoothly.

"Apart from the issue of security, I also want to point out that to ask a private sector company to do this job may pose larger risks to your data. So questions from the public as to why a government agency and public servants must handle this database, well, it is simple: fewer eyes, fewer hands means less access.

"Public servants are governed by laws and Acts of privacy and secrecy; therefore, keeping it inhouse will enable us to further protect your data from unwanted hands getting hold of them,” he added.