Defending PADU as 'safe', Rafizi says database withstood over 2 million cyber attacks

The man behind the launch of PADU, which has raised growing privacy and security concerns, has defended the government's latest database hub, claiming the system had been able to withstand some two million cyber attacks in the past one week.

Economy Minister Rafizi Ramli said the database had been developed entirely with existing expertise in the civil service, adding that it met international standards and best practice, making it less vulnerable to data leaks.

Rafizi said the information stored in PADU was subject to the Official Secrets Act and the hardware used was protected by the Computer Crimes Act, with only officials vetted by the chief government security officer having access.

"Therefore, any act involving accessing data in PADU, uploading, downloading, modifying, adding or distributing data without permission is a criminal offence punishable on conviction by imprisonment, fine or both," Rafizi said.

His statement comes amid growing criticism of PADU, which Rafizi said some 7.7 million Malaysians have registered for as of March 24..

He was responding to the Sarawak government's reservations about PADU, with a senior state minister questioning whether the data could be misused for political purposes.

Sarawak state tourism minister Abdul Karim Rahman Hamzah also accused Putrajaya of asking for too much information from the public.

"The moment you fill in, you ( ‘bogelkan diri sendiri’ (strip yourself naked). Practically everything – your bank account, your house, everything!," he said on Friday.

"I don’t think that is a proper way to treat your citizens."

The concerns have led to Sarawak being the only state to suspend the registration exercise.

Yesterday, deputy minister in the Sarawak Chief Minister's Department Sharifah Hasidah Sayeed Aman Ghazali said fears over data security were justified as there had been many such cases recently.

She said the state generally supported the aim of collecting the data to measure people's financial status in the allocation of targeted subsidies.

"However, this should not go so far as to reveal a person's confidential and personal profile, which should not be disclosed, in determining the eligibility of the recipient," she added.

Despite the criticism, Rafizi said the response to PADU had been overwhelming, adding that 2.3 million more people had registered within seven days, bringing the total number to 7.7 million.

Earlier this year, Rafizi dismissed lawyers' criticism of data protection in PADU and said the government was not subject to the Personal Data Protection Act 2010 (PDPA).

Rights group Lawyers for Liberty had warned that the government agencies’ regulations have no safeguards on data protection and that personal data was therefore exposed to possible misuse.

"The protection of personal data cannot be left to the ad hoc and superficial regulations of individual government agencies or departments, as proposed by Rafizi," said LFL director Zaid Malek.

"This is a reckless proposal. Such regulations, even if they exist, do not provide the effective and comprehensive protection that the PDPA law itself provides."