The recent revelation about the alleged sale of the (rights to) MySejahtera app from Entomo to MySJ Sdn Bhd for RM338.6mil has rattled Malaysian citizens and residents, many who assumed that the government was the owner and in control of the app.
Many are concerned about their health-related data falling into the wrong hands as well as the possibility of the government paying an exorbitant sum to a third party for ownership of the app and related services. They are right to fear this, as the government is negotiating to pay MySJ for the app, albeit with the assurances from Khairy that the figure is much lower than RM300mil, something that doesn’t quite sit well with most Malaysians.
We have now reached a point in the pandemic situation where contact tracing (being flagged based on check-in to a specific venue) is no longer being practiced and therefore, check-in requirement will be moot very soon. It is absolutely unnecessary to track the movement of people in accordance to their locations.
However, the vaccine certificates are still required for purposes of dine-in, travel and so on. That said, there is no need for vaccine certificates to be ‘hosted’ solely in the MySejahtera app.
There is nothing stopping the government from allowing other credible and verified apps such as Grab, Touch N Go for example, to also host the vaccine certificate within their app. The people should also be able to carry their vaccine cards as proof of vaccination instead of making MySejahtera mandatory.
This way, vaccine recipients can choose their method of choice to host the vaccine certificate and not have to rely on MySejahtera to prove their vaccination status.
The government also won’t be beholden to MySJ Sdn Bhd in negotiating price and terms for the application. The government also won’t have to cough up potentially hundreds of millions of ringgit to MySJ. Unless, the negotiations with MySejahtera have other motives like someone taking a cut of it.
The existing check-in data must also be deleted ASAP. And a mere announcement of deleting these data is not enough. We need at least one, if not two independent auditors to confirm that this has truly happened, and no data breach has happened.