In light of the passport data mess, and to further protect the privacy of individuals, Sen. Nancy Binay has called on the Office of the Solicitor General (OSG) to review the contracts of government’s data management providers.
Binay wants the OSG to review all contracts of government agencies with third-party software and data management providers particularly those that concern any national database system.
“We need to step up our standards when it comes to data protection and security lalo na’t ang may hawak ng data management ay 3rd party contractors. We need to know which agencies are prone to data hostaging para di na maulit ang nangyari noon sa LTO at NBI where there was a stoppage of operations, and vital public services were affected,” she pointed out.
According to Binay, the OSG should ensure that all contracts have a clause that all data handled by third party data management providers would revert to the government even after the termination or end of its contract.
“It is incumbent upon the government to check that contracts entered into by the State have data privacy protection clauses. Policies, TORs and IRRs should also be evaluated to prevent data breach specially if the contractor has in its possession biometrics data,” the senator noted.
Government agencies like the SSS, GSIS, LTO, NBI, DFA, BI, PAGIBIG, PhilHealth, PhilPost, LRA, PSA, Comelec, to name a few, are dependent on third-party software and data management to handle their data management requirements.
The government serves as the custodian or the “personal information controller” of the collected data but hosting and system management is contracted to non-government entities.
“Bilang tagapangalaga ng datos ng mamamayan, the government should protect the confidentiality of the data, and maximize all remedies to ensure that the data handled by contractors is returned to the government after the end of its contract,” Binay said.
To avert any data breach crisis in the future, the senator said there are still live BOT and PPP agreements that fall under the mandate of the National Privacy Commission that need to be revisited.
“Kung wala pang existing clause ay dapat pong makipag-usap na ang OSG upang ma-amend na ang present contract,” she said, adding that the role of government is to protect the data in compliance with the Data Privacy Act.
“Marami na pong mga kaso ng identity theft kung kaya’t andyan ang pangamba ng mga tao na maaaring magamit ang datos nila sa maling paraan,” Binay said, noting that breaches in data erode the people’s trust in the institution.