The Central Database Hub (Padu) system has been developed by integrating various administrative data sources from over 400 public sector agencies, including the federal and state governments, as well as GLCs and GLICs to form comprehensive data based on individuals and households.
Until March 12, 2024, PADU has integrated 314 data sets from various agencies to form a comprehensive individual profile.
Throughout the PADU development process, risk and security, as well as protecting classified data from being hacked and leaked, have always been given priority by all parties.
The PADU system development team has always worked closely together with various agencies that manage cyber security and national data privacy such as the Office of the Chief Government Security Officer (CGSO), National Cyber Security Agency (NACSA), CyberSecurity Malaysia (CSM), Personal Data Protection Department (JPDP) and Ministry of Communications.
In light of this, Economy Minister Rafizi Ramli, said he was aware of the statement made by Deputy Minister in the Sarawak Premier’s Department (Law, MA63 and State-Federal Relations) Datuk Sharifah Hasidah Sayeed Aman Ghaza’s recent media statement regarding the implementation of PADU in Sarawak.
Rafizi said, in a statement today (Mar 25), to date, there are no information leakage issues reported even though there are 2 to 2.3 million attempted attacks on PADU a week. PADU’s development complies with international standards and principles of best practices set to ensure safety.
The PADU system is developed in-house using expertise existing civil servants without involving appointment from external consultants. This decision reduces the risk of information leakage since outside parties do not have direct access to PADU.
To ensure data integrity and data leakage does not occur, officers who have access to the data have gone through integrity level assessments through the set security screening process by CGSO.
Access to data is only allowed to officers who appointed and limited to their respective roles only. This rule is part of management’s standard operating procedures for the Padu system.
The information is classified as Government protected information under the Official Secrets Act 1972 [Act 88] and subject to all safety protection instructions which are issued by CGSO. Therefore, any act of accessing, uploading, downloading, modifying, supplementing or distributing any data under PADU without permission, is an offence and if convicted a perpetrator can be sentenced to prison, fine or both.
Apart from Act 88, the data includes computer equipment which is protected under the Computer Crime Act 1997 [Act 563] where any wrongful access is regarded as a crime. This also includes any person who accesses the system or uses / obtains / uploads/ downloads data without permission from the system entirely.
Rafizi said the government will always ensure the safety of handling of data, including system security, network and data protection of personal information.
“I guarantee that with PADU, every citizen will receive fair and reasonable benefits through the planning of effective policy implementation guided by data.”
A briefing session will be organized for representatives of the Sarawak government regarding the issue of security and data protection soon. The Ministry is committed to answering all questions and concerns that have been raised by the Sarawak state government.
“PADU has seen an increase in its registration rate over the past week. As far as 11:59 pm on March 24, 2024, the number of registrations increased to 7.7 million, up from 5.4 million recorded on March 17, 2024,” Rafizi added.
