Farming IC Numbers and the Data Protection Act (or lack thereof)

There has recently been a lot of brouhaha relating to the Government's proposed National Service programme. Although newspapers have in general been supportive of it, Malaysian bloggers have been less so. In fact, I have yet to find a single one who thinks it's a good idea. Now to add more fuel to the fire, they have flagrantly not taken care of peoples' privacy rights.

The murmurs of discontent have been raised yet again and most of the criticism now is squarely targetted against the Government's apparent inability to disseminate this information. I go one step further to say that what they have published is inappropriate.

Instead of me telling you the whole sordid story, let me point you to the running commentary on Alphaque:

Anxious kids wanting to know if they've been selected for brainwashing National Service could use a few ways to find out. They could call a special hotline, send an SMS or do what any other kid of the Internet generation would, use the Khidmat Negara website. However, those who believe in the national ICT aspirations and the Multimedia Super Corridor were deeply disappointed because the website was truly unreachable during the whole period. It keeled over and just died like the dodo.

In order to counter this, somebody mirrored this information on a Ministry of Defence server. Except it wasn't really a mirror. The original website invited people to enter their Identity Card number into a form and a result was returned on that single query only. The new website listed all names by state and initial letter. Well, actually, they also included the IC number next to the names (for example, see

I think that this is a Bad Idea. In theory, IC numbers should be private and should not be published willy nilly. What the government has given here is 85,000 IC numbers with names attached to them to anyone who cares to download them. You could argue, "what harm is there in publishing this information?", and I would counter, "what business is it of anyone but myself to give my information away freely?".

This actually all points to a bigger problem - that the Data Protection Act is still not in place. We have been working on this for at least three years now. The last news I had was that the State governments are giving comments on a draft. This was a year ago. The Communications and Multimedia website is not much help regarding the status of this law has some comment about when it will be ready, buried a forum.

Truth is, data protection rights are of little importance to the establishment and without direct orders to the contrary it's unlikely that states (or even federal bodies for that matter) will willingly impose restrictions on themselves on how they can use (and perhaps abuse) personal data. Thus, I envisage that the laws will be broad enough to protect the rights of the establishment to still do whatever they want to with our personal information.
posted on Monday, December 15, 2003 - permalink
Comments: Post a Comment