MyKad has been introduced in 2001 as part of the multi purpose card initiative under the MSC Flagship Application. MyKad has been used to replace the old plastic laminated document as an identification card for the citizen of Malaysia age 12 and above. The size of MyKad is similar to the size of ATM card and credit card. It is a plastic card that has a chip embedded to inside the card that stores personal data and applications that include the following:
- National ID;
- Driving License;
- Passport Information;
- Health Information;
- Touch n Go;
- MEPS Cash;
- ATM; and
- Public Key Infrastucture (PKI).
MyKad is produce by the National Registration Department (NRD) to all Malaysia Citizen. NRD also introduce similar card and fuctionality that includes:
- MyKid: For the Malaysia Citizen age 12 and below including newborns;
- MyPR: For those who has been granted the Malaysia permanent resident status;
- MyTentera: For Malaysian Armed Forces personnel;
- MyPolis: For Royal Malaysian Police personnel.
The advantage of MyKad is due to its functionality. As my Mykad store the personal information of an individual. most of the verification purpose is done through MyKad. For example, before this due to immigration regulation, those from Peninsular Malaysia travelling to Sabah and Sarawak must produce a passport before entering the states. Now, the Malaysia citizens from Peninsular Malaysia do not need to use the passport to enter Sabah and Sarawak because verification of identity can be done through MyKad and smart reader. All the commercial banks in Malaysia use MyKad for verification purpose. Any transaction that been done at the counter must go through the personal data verification using MyKad, smart card reader and thumb scanner. MyKad is slot in the reader and verification of data is been done by scanning the thumb.
In Malaysia, it is a common practice to leave the MyCard at the security counter before a person is allow to enter a guarded premise. This practice can be seen in most of the buildings in Malaysia. The person then will be given a visitor pass to enter the premise and after completed his/her business, the MyKad will be return by exchanging it with the visitor. One must wonder what happen if the person or organization who receive the MyKad use a smart card reader or any other devices that can access, view and even download the information within the chip.
In 2004, BAR Council has urged the Government to introduce the law that can protect the personal data from unauthorized use, misuse or abuse of personal data. the council also urged that the law must imposed to the recipient of the personal data to safeguard the personal data. The information should only be used for the specific purpose allow by the owner of the data.
In 2010, Personal Data Protection Act 2010 [Act 709] has been gazzetted. The law regulate the processing of personal data in commercial transactions and to provide for matters connected therewith and incidental thereto. It applies to any person who process and who has control over or authority the processing of any personal data in respect of commercial transaction. The act by itself only concern on the commercial transaction and not apply to the Federal Government and State Governments. It also concern on data that been processed inside Malaysia.
As the MyKad suppose to store the information on health (referring to the plan in the Multi Purpose Card Initiative), the act also cover the sensitive personal data that include personal data consisting of information as to the physical or mental health or condition of a data subject. Sensitive personal data also include political opinions and his religious believe.
The law interpret commercial transaction as any matter relates supply and exchange of good or services, agency, investments, financing, banking and insurance. But it does not include a credit reporting business carried out by a credit reporting agency under Credit Reporting Agencies Act 2010. That means you financial history with any commercial bank or credit is not consider personal data, therefore, CTOS and CCRIS are not cover under this act.
Even though that the law on data protection has been gazzetted, one must be very careful in not to reveal the personal information through MyKad. Do not give your MyKad as an exchange of visitor pass as you have the right not to do so. Give alternative identification instead, for example the driving license, employee card or student card for that matter. It is best to be self-aware of the consequences rather that having our personal data been misused.
References:
Bukhari, K.Z., 2004, MyKad & Privacy Rights, The Malaysian Bar, Bar Council, http://www.malaysianbar.org.my/index2.php?option=com_content&do_pdf=1&id=989
National Registration Agency, My Kad, http://www.jpn.com.my/docs/MyKad.htm
Personal Data Protection Act 2010, accessed from http://www.kpkk.gov.my/pdf/Personal%20Data%20Protection%20Act%202010.pdf
http://nurelimtiaz.uitm.edu.my/wordpressfolder-elimtiaz/wp-content/uploads/2012/08/MSC.pdf
No comments:
Post a Comment