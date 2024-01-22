THE push towards adopting a digital ID is undeniably crucial in today’s rapidly digitising world, where establishing a secure online identity is paramount. However, as we embrace this transformation, there are legitimate concerns surrounding the privacy and security of personal data that must be diligently addressed.

Cybersecurity

Implementing robust cybersecurity measures, including secure digital solutions such as firewalls and resilient architecture design, is pivotal. The presence of a strong cybersecurity agency, along with well-defined supporting roles and policies, instils confidence that controls and technical solutions are in place to safeguard against potential cyber threats.

We think Malaysia has all the key elements in place. Agencies such as the National Cyber supported by Cyber Security Malaysia are moving in the right direction.

Data governance

Data governance is a set of management processes that enables one to ensure data is secure, private, accurate, available, and usable. It includes the actions people must take, the processes they must follow and the technology that supports them throughout the data life cycle.

It is equally critical to establish stringent data protection processes and accompanying policies. This entails defining how data is managed within organisations and clearly outlining processes that protect data usage and sharing.

Transparency is key here, ensuring that the public is aware of how their data is handled. This transparency, coupled with compliance, fosters trust among the populace, affirming that their data is being managed responsibly.

Strengthening data governance

Governance involves not only managing data within organisations but also protecting the privacy of individuals in the digital space. Here are key points to consider:

Robust processes: Defined standards and practices for data management, usage, and sharing must be established and adopted by all relevant stakeholders. This clarity forms the foundation of transparency.

Compliance: Adherence to established data governance policies ensures that organisations are accountable for their actions. Making data governance practices transparent to the public enhances trust. Individuals should understand how their data is handled and the measures in place to protect it. These practices must be communicated to the public to instill confidence.

Laws and regulations: Enacting and enforcing the key governance principles into comprehensive laws and regulations regarding data protection is critical to further promote digital trust. Legal frameworks provide an additional layer of protection and serve as a deterrent against potential misuse.

Holistic approach: Adopting a “whole-of-government” approach ensures that data governance is consistently applied across various government agencies and key stakeholders, preventing fragmented or inconsistent practices. As a multi-tiered government, a strong digital ID initiative will support states and local governments to have its benefits trickle down to the grassroots.

Going beyond single sign-on

A digital ID should transcend being a mere authentication tool. It should represent individuals in the digital realm, embodying trust and privacy. The digital economy’s shift necessitates revisiting physical controls and enhancing privacy measures:

Rethinking privacy: Digital technologies can safeguard private data from unauthorised access. Considering the prevalence of deep fake technologies, and the roles of governments in ensuring the authenticity and protection of their identity online, it is crucial to reimagine privacy and leverage digital tools to protect sensitive information.

Learning from other models: While drawing inspiration from successful models like Singpass, it’s essential to adapt structural changes that suit the local context. Understanding the unique aspects of data protection and adopting technology to work for society’s benefit is paramount.

In the Singapore context, the NRIC has now moved from the physical card to a digital “card” where the application of identities such as NRIC, companies’ ownership, driver’s licence and other critical documents in one digital place. Indeed, the digital ID must be perceived as an identity platform to serve us in the digital economy. All these are possible because of a combination of a strong data strategy.

Using digital technologies, such as a digital ID platform like the Singpass, critical data can be effectively safeguarded. One does not even need to reveal ID numbers, date of birth and, more importantly, private addresses. In Singapore, laws have been formulated to ensure these protections. These are some of the things we can learn from the Singapore experience.

A digital societal shift

The implementation of the National Digital ID offers us the golden opportunity to rethink and upgrade our MyKad to be truly digital and be on par with digital developments. Learning from countries that have done it before, we can adapt and develop even further.

The transition to a digital ID is not just a technological evolution but a societal shift. Strengthening data governance, addressing privacy concerns, and instilling confidence in the digital economy requires a comprehensive and well-thought-out approach. By doing so, we can ensure that the digital ID system adds substantial value while preserving the privacy and trust of individuals in the digital world.

This article is contributed by Spirit of Endeavour co-founder and managing director KV Soon, who is a digital transformation and innovation specialist, and KL Tan, an adviser of Spirit of Endeavour, a leading figure in digital government strategies, digital innovation and investors.