THE agency placed in the limelight whenever there is a massive data breach that affects personal information of Filipinos is the National Privacy Commission (NPC).
With the stealing of confidential data of individuals no longer isolated, this government agency has to investigate the breach, require those responsible to account for what happened, and assure the public that the stealing of their information will not happen again.
The year 2018 saw several incidents of massive data breach where personal and confidential information of Filipinos was taken without permission, illegally or by fraud. There was the Facebook data breach last October and similar violations of the Marriott and Cathay Pacific systems.
In the case of the Facebook breach, the NPC ordered the social media giant to inform Filipino users who were affected by the security violation and tell them what to do to protect themselves. Facebook said a security breach may have compromised 30 million accounts last September. Of the 30 million, 755,973 users are in the Philippines. What the data thieves did with the information they stole was not known.
So, what happened at the Department of Foreign Affairs (DFA) last week was not the first time a massive data breach affecting thousands of Filipinos happened. But, in the DFA incident, the number of those who may have lost their personal information in their passports could balloon to the millions. You would think lessons were learned after the government faced past privacy challenges. Apparently not when the breach involves a government system, rather than a private corporation.
The NPC said it would investigate the case of a former DFA contractor who reportedly stole passport data. How the NPC handles this case will be a test of its effectiveness in protecting privacy. How it acts on this breach would reflect on its ability to protect Filipinos as government embarks on a massive data gathering through the national identification or ID system that will be implemented this year.
I got to know about the NPC after President Rodrigo Duterte signed the national ID law last August. The law created the Philippine Identification System and said its purpose is “to improve the delivery of government and other services to the public, especially those who lack government-issued identification cards.”
In briefings, the NPC said it would protect the people’s data privacy rights under the national ID system in the light of fears of privacy violations.
This is the immediate challenge for the NPC – to verify reports on the passport data breach, find the extent of the violation, and identify those responsible for the infringement of people’s rights. The next steps will be on safeguarding it does not happen again.
How it addresses this latest DFA data breach would show the NPC’s sincerity to uphold privacy rights of Filipinos who will be required by law to give out personal information as data requirement for the national ID.