Is Your Personal Data Secure On Selangor’s Selangkah App? [OPINION]
Selangkah takes the Personal Data Protection Act (PDPA) very seriously.
Bibi Nurshuhada Ramli
Writer for Selangkah
In this modern age where scams and data theft are rampant, consumers are naturally skeptical or reluctant when it comes to signing up for anything new or unfamiliar.
This includes having the public register for the government’s Covid-19 contact tracing application that requires them to “check-in” whenever they enter a public premise.
Several years ago, if you remember, the checking-in trend was fashionable. However, in today’s context of Covid-19 prevention measures, it is not as well-received.
The main concern many people have is that they will have to share their personal and private information, which one is required to key in upon registration. They fear that with the advent of modern technology, their personal information may fall into the wrong hands, or, that it be used illegally to track their movements.
Despite being given assurances that the system adheres to Malaysia’s Personal Data Protection Act 2010 (PDPA), the public remains sceptical as there is very little clarity and transparency on how their personal information data is being used.
Meanwhile, the team behind Selangor’s own e-tracing system Selangkah worked on the premise where just their claims about PDPA compliance would not be adequate. It also required giving an assurance that was convincing enough.
Transparency and consent are what really matters to the public. This is a promise that Selangkah has delivered and maintains with consistency.
The user is able to access the information they need on Selangkah on its website. Here, Selangkah’s Privacy Statement will explain about the particular data that is required from the user, why it is collected, how it is processed and stored, and who it is shared with.
In line with PDPA principles, the user can view or amend the data provided, or even opt out anytime. Both can be done by sending an email.
For the Selangkah team, it was critically important to gain the trust of the user, as well as to provide convenience when using the app. Selangkah is proud to be the very first contact tracing application in Malaysia that is in full compliance with the PDPA.
The app actually kicked off as a visitor registration system aimed to help curb the spread of the Covid-19 pandemic. Since then, it has grown to offer more features that are focused on enhancing protection for the community.
Selangkah’s “Affected Premise Map” displays locations previously visited by positive Covid-19 cases. This enables users to plan a safe journey. With its “Self-Check Exposure Risk” element, one could cross-check their visits to see if they had travelled to any of the exposed places.
To find out more, visit selangkah.my. But if you’re curious about how Selangkah manages your data, read on.
How does Selangkah use your data?
Each time you scan a Selangkah QR code, you will be providing just three bits of info: your name, mobile number, and the time and date of your visit to a particular premise.
According to Selangkah project director, Dr Helmi Zakariah, “Our goal is only to track people’s location. That is why a user’s name and phone number are already sufficient. We do not need their IC number.” He adds, “We didn’t want to ask for too much anyway because people might not want to participate.”
Dr Helmi is a renowned public health expert having served on the Malaysian Ministry of Health (MOH) as well as on the panel of the World Health Organisation.
Selangkah’s crowdsourced data will create a visitor log, which is an essential part of an effective contact tracing measure. With it, the user can be contacted immediately in case he or she visited the same premises as someone who was at risk of being infected.
The combination of QR code scans from all users will create a whole ‘network’ of visitor logs spanning across various premises that will offer a bigger coverage of protection.
Who has access to your data?
Selangkah is developed and operated by the Selangor Task Force for Covid-19 (STFC), a special-purpose State Government committee that has been tasked with coordinating Selangor’s response for Covid-19. All data collected is hosted within the country.
If STFC identifies certain individuals who have been infected, the latter’s information will be extracted and forwarded to the MOH for further action.
The user’s visitor log will be stored for 30 days (almost equals to two incubation periods of Covid-19). After that period, that data is considered obsolete in contact tracing, so it will be purged from the system.
Dr Helmi has further stressed to the public, “Don’t worry! Selangkah prevents unauthorised attempts at making a copy of the entire database. A firewall software and cybersecurity measures are installed to detect abnormal network activities and external attacks.”Users can rest assured that their private information is secure and kept up to date, and will not be stored longer than necessary.
Who is your data shared with?
To facilitate contact tracing efforts, your information may be disclosed to the relevant groups within the MOH and the Selangor state government in charge of the prevention and control of the pandemic.
Your data will not be shared with unaffiliated third parties without your consent, unless it is legally required, and it will be done in good faith.
There is a function in Selangkah’s system that allows premise owners to view their customers’ visiting trend, so they could better manage their operations. Even then, no visitor data is disclosed in order to prevent any misuse.
For your information, there is an even higher risk of data theft if you write your details in a customer logbook. Practically anybody can look at it or covertly snap a picture!
In September last year, a group of individuals in Malacca claimed to be MOH officials and collected logbooks from several premises. That is how far criminals are willing to go to steal data!
Although the use of logbooks to record visitor data is still permitted, it is recommended to instead prioritise the security and privacy of your data. In this regards, Selangkah is always the better choice.
Make informed decisions, stay safer with Selangkah.
A former NST journalist with more than 11 years of experience in the media industry, Bibi Nurshuhada Ramli currently writes for the team behind the Selangor State Government’s contact tracing Selangkah application.
If you’d like to have your opinion shared on TRP, please send it via email at firstname.lastname@example.org with the title “OPINION:” or through social media on TRP’s Facebook, Twitter, and Instagram.