KUALA LUMPUR (March 31): Health Minister Khairy Jamaluddin on Thursday (March 31) said that all the information and data in the MySejahtera application is fully owned by the government.
Speaking in the Dewan Negara, Khairy guaranteed that all data stored in the MySejahtera database will be preserved and used only for the purposes of Covid-19 pandemic response by the Ministry of Health.
In this regard, he said the use and management of MySejahtera data is subject to the Prevention and Control of Infectious Diseases Act of 1988 [Act 342], the Medical Act of 1971 [Act 50], and international standards.
Khairy stressed that the National Security Council had on behalf of the government entered into a non-disclosure agreement with KPISoft (M) Sdn Bhd (now known as Entomo Malaysia) on April 1, 2020, on terms agreed upon by both parties before the government launched the MySejahtera application on April 20, 2020. KPISOFT was responsible for managing the application.
"Among the key terms of this agreement is that ownership of all data and information obtained through the use of the MySejahtera application rests entirely with the government," he said.
Amid the surge of Covid 19 cases in 2020, Khairy said the government chose KPISoft because it offered the best digital solution.
The key basis for selecting the company is that the system is available, can “go live” and run within two weeks, is offered for one year on a corporate social responsibility basis, and is based on a good track record for previous work, he said.
In terms of application and data security, the Malaysian Administrative Modernisation and Management Planning Unit (MAMPU) and the National Cyber Security Agency (NACSA) conducted various tests to ensure that the MySejahtera application is secure. They also carried out penetration and vulnerability testing prior to launch.
"In addition, NACSA has conducted regular security audits every month and penetration tests from time to time, as well as auditing the servers where MySejahtera data is stored. NACSA continuously monitors the security of the MySejahtera app through the Cyber Coordination and Command Center (NC4) to detect any intrusions," he said.
According to the minister, an early investigation also revealed that the company operating the MySejahtera app has obtained the ISO270001 (ISMS) standard. This ISO270001 standard is an internationally recognised specification for information security management systems, covering information security policy and management, physical and environmental security, communications security and personnel security.
"Based on these facts, I would like to emphasise that all data and information obtained through the MySejahtera application is the property of the government and its security and confidentiality is guaranteed.
"I hope that people will continue to use the MySejahtera app without hesitation. The confidentiality of public data is guaranteed and the Ministry of Health will always ensure that this aspect is not compromised," Khairy added.
Since May 2020, more than 13 billion check-ins have been recorded through MySejahtera. This data was used to launch an automated casual contact notification system from March 1, 2021, and the HIDE hotspot tracking system from April 20, 2021. These systems, based on MySejahtera data, have eased the burden of the frontliners and enabled them to conduct early detection screenings.