LETTERS: THE Padu national database system, which was launched on 2 January this year, is indeed a step in the right direction.
Without a doubt, such a digital ecosystem has many advantages. For example, India has one of the world's largest digital populations with over 1.3 billion people successfully registered.
The Padu system is intended to act as a national database of socio-economic information for every household in the country, providing regular analytics.
Among others, the system will be used for targeted subsidies.
It can also make it easier to manage and access information, streamlining various government services and it can help governments allocate resources more effectively by having a comprehensive overview of the citizens' needs.
However, it is also important to ensure that all possible downsides of the system are thoroughly investigated and tested before the roll out, and not after its implementation.
If this is not done, it is akin to closing the stable door after the horse has bolted.
It is important to make assurance, doubly sure, that is to ensure that the new system works correctly before it is launched to the public.
But, judging by the initial concerns expressed at the launch of Padu, that does not seem to have been done.
Economy Minister Rafizi Ramli said yesterday that the authorities were constantly monitoring and testing the system, but then why the initial hiccups?
Prior to the implementation we should have imposed robust security measures, including encryption, access controls, and regular audits.
Additionally, transparency and strict adherence to data protection laws should help alleviate privacy concerns.
If this is neglected, it will shake the public's confidence and delay the trickling down of its benefits.
Previously, there have been so many data leak incidents involving government agencies such as SOCSO, JPN, and MCMC.
Padu can only meet its objective properly if it can obtain up-to-date details from the majority of the population.
Questions have been asked like "If the Rakyat is not confident of the government's capability to keep their data safe and refuses to submit their details, what will then happen to the project?"
Even though it was reported that Padu's administrator had swiftly fixed a certain flaw it is something that should not happened in the first place if the pre-testing methods had been robust.
We should emulate what some global IT companies have been practising: they have been employing their own staff to deliberately breach the system, and then apply more stringent controls.
Similar exercises can monitor system behaviour and detect unusual activities that may indicate a breach.
Keeping software and systems up-to-date with the latest security patches is also essential to address known vulnerabilities.
So, let's be safe than sorry. Let's pull back a little, and subject the system to more stringent tests before re-launching it.
TAN SRI LEE LAM THYE
KUALA LUMPUR