LETTER | In early May when the conditional movement control order (MCO) was introduced, Selangor launched SELangkah, an application based on location QR scanning to aid the state health department in contact tracing should new Covid-19 infections be detected. Selangor has the highest number of infections in the country.
In June, the federal goverment introduced the MySejahtera QR code similar to the SELangkah in Selangor.
Prior to that, we had Putrajaya introduce the MyTrace contact tracing application which adopted Bluetooth technology.
The reality on the ground is that some companies use their own application. We also see many more offer handwritten options if no smartphone is available.
I recall during the early days of the MCO, there was another application called Gerak Malaysia, apparently to monitor interstate travel.
There seems to be a lot of applications collecting lots of personal data - at least in Selangor. On the surface, Malaysia seems like a country with a vibrant applications development environment. On the other hand, many questions still arise. I hope the government will take application development seriously as we try to contain the Covid-19 pandemic.
Apps' effectiveness and robustness
With so many applications and data collected, how effective are these applications? How are such data collection integrated to provide effective implementation of contact tracing? Has sufficient and rigorous scenario testing been conducted to ensure that the systems work well?
The physical backend operational process of contact tracing should be integrated to ensure one smooth and continuous process with potential gaps worked out. While we are managing the situation well with borders closed, the concern is that when the borders reopen, and things go back to some normalcy, can we ensure the same level of comfort as we have right now?
Security of systems
We understand that many of these applications have to be developed quickly. While speed is of the essence, data security cannot be compromised.
Are the systems strong enough and not subject to external hacking and intrusion? Are there safeguards in place to address these potential challenges?
Privacy of data
How is our data managed? In situations like this where a large amount of personal information is collected, what’s the process and mechanism for data privacy especially when our data has to be shared and integrated with other applications across different agencies and organisations.
For companies who do not use any of the government applications, are there policies over collecting personal data to allow them to do it and how will our personal data be maintained?
It is not enough to make statements to say how personal data will be kept and when it will be destroyed. Agencies' response needs to be able to demonstrate it. Perhaps this is the right time to put together a data governance oversight committee to monitor and enforce policies in line with our Personal Data Protection Act.
Transparency and accountability
Agencies and organisations need to share more to help us understand how things work. Contact tracing is not a black box, we must work together.
I believe people, as the ultimate owner of the data provided, have a right to know.
More importantly, this will give users the confidence that processes and critical items are carefully thought through. This gives the opportunity for feedback from the people as well.
This openness will also demonstrate that the government and the people are working together to contain this pandemic.