KUALA LUMPUR, April 14 – Khairy Jamaluddin maintained today that contact tracing via MySejahtera was still useful, even as he promised to review check-in mandates in a week or two.
The health minister said at the peak of the Omicron wave mid-March, 45 per cent of casual contacts identified from check-ins on the mobile app were positive for Covid-19 and had self-isolated.
“So we find that MySejahtera still has value as a contact tracing tool,” Khairy told a press conference.
“However, since we have passed the Omicron peak and we’re now in the transition phase, the Ministry of Health (MOH) is monitoring infection patterns and we’ll make a decision in a week or two on whether to continue check-ins with MySejahtera.”
He also said there have been no reported cases yet of breaches of personal data collected by MySejahtera.
Since the reopening of international borders a fortnight ago on April 1 and the relaxation of physical distancing measures, including in places of worship, the Covid-19 epidemic has continued abating from its peak in the middle of last month.
In the past two weeks, daily Covid-19 cases, hospital admissions, intensive care unit (ICU) cases, and deaths have been dropping.
When CodeBlue asked whether the government would amend the Personal Data Protection Act (PDPA) 2010 so that the privacy law is applicable to the government, or whether the government would draft specific legislation to regulate electronic medical and health data, Khairy said MySejahtera data protection practices comply with PDPA requirements, even though the government is not subject to the law.
“However, we’re now in discussions with the Communications and Multimedia Ministry on this issue, which we will inform in due time, specifically on whether to ensure total compliance to the PDPA or to include a clause that states ‘subject to PDPA’.”
MySejahtera’s disclaimer states that the government shall not be liable for any losses or damages “caused by the usage of any information obtained from this application”.
MySejahtera’s privacy policy also does not state which agency or government contractor has access to different types of personal data collected on MySejahtera, how personal information is processed, where data is stored (in a “highly secured server” that is not named), or the duration of time for the storage of data before it is deleted (only for check-ins to premises).
Neither the Medical Act 1971, nor the Prevention and Control of Infectious Diseases Act 1988 (Act 342), specifically regulate the management, privacy, or confidentiality of one’s personal health or medical information.
Khairy added that MOH is currently finalising negotiations with MySJ Sdn Bhd over MySejahtera, but did not specify if the government is negotiating on buying over the entire app together with its intellectual property and licences, or whether MOH will continue the software as a service model.
MySejahtera check-ins across the country fell 30 per cent from March 25 to April 9, amid public distrust and concerns over ownership of the app that was developed without a contract with the government, its links to a Singaporean company that fully owns Entomo Malaysia, and security of the massive amounts of personal data, including medical and health information and check-ins at public premises, collected by the Covid-19 app.
