Alarm over Padu personal information database

Gerak wishes to express our deep concerns regarding the recent introduction of Padu, the personal information database, by the Malaysian government.

As an association representing academics and scholars, we believe it is crucial to raise awareness about certain aspects of Padu that warrant careful consideration and scrutiny.

Absence of public consultation, legislative documentation

We feel that a project of the magnitude of Padu requires a comprehensive and inclusive public consultation process before implementation.

Such consultation should have been documented through a white paper or, ideally, a parliamentary bill that clearly outlines the purposes, objectives and safeguards associated with the introduction of Padu.

Public input is vital in ensuring that diverse perspectives are considered and concerns are addressed before the full implementation of the database.

Incorporating public input through a well-defined legislative process will not only enhance the legitimacy of Padu but also foster public trust by demonstrating a commitment to transparency and accountability.

We believe the inclusion of the public in the decision-making process is fundamental to the success and ethical implementation of any initiative of this nature.

Lack of clarity of objectives

We note with concern that different reasons have been cited for the introduction of Padu, ranging from improving resource distribution to fostering digital acumen.

The lack of a singular, well-defined objective raises questions about the transparency and coherence of the government’s approach in implementing this database.

It is reported that the Ministry of Higher Education plans to have all academic and non-academic staff registered under the scheme. If this is true, we fail to understand how the registration of staff and students in higher education institutions will advance the officially stated purposes.

While the prime minister asserts that Padu will prevent leakage and misappropriation in resource allocation, there is very little said about how these aberrations happened in the past and no specific details of how the database will achieve this.

It is essential to understand the mechanisms through which Padu will address the identified issues and enhance the efficiency and fairness of resource distribution. Understanding the system will instil public trust and encourage compliance with the system.

Data protection measures

The government has not provided sufficient information about the measures in place to safeguard the personal data collected through Padu.

As processors of personal data that might include sensitive personal data, it is imperative to ensure that individuals compelled to disclose their data are adequately informed about and protected from potential abuses.

The data protection principles as enunciated by the Personal Data Protection Act 2010 serve this purpose where personal data is processed for commercial purposes.

Lack of legal framework

Gerak is troubled about the absence of a clear legal or statutory framework to authorise and implement the Padu system.

The establishment of such a framework is essential to protect the rights and privacy of citizens and to ensure accountability in the operation of the database.

We live in an age marked by rapid technological advancements. The digitalisation of personal information raises significant concerns about privacy, security and individual rights.

Without the establishment of a legal framework to safeguard this sensitive data, a real danger of potential abuse and infringement of individual rights exists. Digitalisation increases the risks of unauthorised access, data breaches and exploitation.

Moreover, without proper legal safeguards, individuals may find their rights over their personal information compromised, undermining the principles of autonomy and consent.

It is imperative that any initiative involving the digitalisation of personal data, such as the Padu system, be underpinned by a comprehensive legal framework to mitigate these dangers, protect individual rights, and ensure the responsible and ethical use of personal information.

Access and control concerns

There is a conspicuous absence of guarantees that entities other than the government will be restricted from accessing or demanding individual registrations from the Padu system. This lack of clarity raises apprehensions about the potential misuse of personal data.

Alignment with PDPA

Although the Personal Data Protection Act 2010 (PDPA) excludes the government from its provisions, such a massive gathering of personal information as is undertaken by Padu might call for a review of that position.

We feel that if there is no separate legislation to regulate Padu, the PDPA must be extended to government to safeguard the rights of individuals who submit their personal information under the Padu scheme.

An improved distribution of resources to sections of the population in need cannot be at a cost that exposes that population to greater risks of data misuse.

This statement has also been published in Aliran.

Scroll to Top