LFL director Zaid Malek said the protection of personal data cannot be left to “ad hoc and superficial regulations” of individual government agencies or departments.

“Such regulations, even where they exist, do not provide the effective and comprehensive protection afforded by the PDPA (Personal Data Protection Act 2012) itself,” he said in a statement.

Zaid said the PDPA protects data according to carefully laid-out principles, governing disclosure, security, retention, and data integrity.

He said Rafizi should be aware that the regulations of government agencies do not have such safeguards, thus exposing the public’s personal data to potential abuse and misuse.

“Throughout the world, government data has been subjected to PDPA-type regulations, and yet the minister claims that the Malaysian public’s personal data does not require such protection,” he said.

“The fact is, Malaysia and Singapore are the only countries that have exempted government data from a PDPA legislative regime.”

Yesterday, Rafizi criticised LFL for suggesting that the Central Database Hub, or Padu initiative, be suspended until the PDPA is amended.

LFL had noted that the government is exempted from liability under the PDPA, warning that this puts the public at a “terrible disadvantage” and danger of loss or damage in case of a data security issue.

Rafizi said he hoped LFL would “first understand the difference between data covered under the PDPA and publicly available data”.

In response, Zaid said the nature and value of personal data is the same regardless of whether it is publicly available or otherwise.

“Irrespective of whether it is used by private businesses or by the government, it must be equally protected, whether in the hands of government or private sector,” he said.