Usually, database of customers are guarded like gold by any company. Information on customers is jealously guarded by businesses as it is vital to have the upperhand from anybody who wants to venture into the same type of business as you do. Try getting your rival company’s information about their clients. It is nearly impossible.
Hence, people can make money out of it. Because, information is valuable. Information equals money.
But the storage of these information costs too much money. Some company branched out into other means of storing information. Some who had relied on huge warehouses, had resorted to data imaging. The initial outlay may be high but it uses less space.
Some may outsource entirely their document storage to third party. This will decrease storage cost but ultimately, security risks could be higher.
Permodalan Nasional Berhad once wanted to outsource its data imaging process to PERNEC back in 2004 but quickly discarded the idea when they realised that millions of its customers (all the ASB, ASD, ASN, ASW unitholders), or to be precise, the confidential records of its unitholders will be kept by a third party.
Now, they keep their records in their own facility they set up in Nilai, Negeri Sembilan.
They deemed it a threat to the financial security of its unitholders if the data is lost to irresponsible parties. People will pay a lot of money to mine data (data mining) from anyone who is willing to sell it.
As they always say, information is power.
Why suddenly I write about this?
Because I was alarmed to know that our Lembaga Hasil Dalam Negeri, Kumpulan Simpanan Pekerja, Kementerian Kewangan, Bank Simpanan Nasional, Sime Darby etc, has been outsourcing their document management process to a privately owned company.
That means, all my income tax data and my EPF data are all in the hands of a third party. Certainly, when I engage the LHDN and EPF, I never made any agreement that all my information can be viewed upon by other parties.
Imagine all my tax details and my retirement funds being scrutinised by a third party which LHDN and EPF has no control of. How certain are these two database giants in knowing that their data bank will not be sold or viewed upon by interested people?
And this is just me.
I am sure the data of more influential people may fall into the wrong hands. We may have a serious national security breach here.
Imaging knowing the self worth, detailed addresses and next of kins’ detailed information of the Panglima Angkatan Tentera, the Inspector General of Police, the Chief Justice, or even Lim Kit Siang’s! This would be a security threat indeed!
Some random people might know where your loved ones are residing!
From the blogs linked above, it is allegedly being told that VPI International Sdn Bhd received nearly RM1 billion worth of contract from LHDN through the Ministry of Finance. Payments were made twice to the sum of RM400 million and RM500 million respectively.
That is a huge sum of money just to outsource data from LHDN. Is it not?
If this is true, no surprises there. Because the company that was awarded the contract belonged to people closely associated with the former 2nd Finance Minister, Tan Sri Nor Mohamed Yakcop.
Obviously, money is of no concern to some people. If the alleged amount of RM1 billion is true then I am sure the contracts were overinflated as it does not make sense to award such high sum of money to a newly established group such as the one you see below (refer organisation chart below). Almost all of the companies in the group were established sometime around 2004 onwards.
Which in the end, each person who has an account in LHDN and EPF have to ask this question; How confident are you with this group of companies in keeping your records? Do you trust these companies that have no track records whatsoever to hold your vital information?
Therefore, I urge the government or at least the Auditor General to review the processes involved when awarding the contracts to the companies above and importantly, the operational processes of these companies when managing our records.
The security risks must first be sought out and mitigated immediately.