Senator Risa Hontiveros has filed Senate Resolution No. 981, which seeks a Senate inquiry over the possible “deep repercussions on national security” of reports that a former Department of Foreign Affairs (DFA) contractor had run off with the personal data of Filipinos in its possession.
DFA secretary Teodoro Locsin Jr. said in Twitter last Friday, Jan. 11, that an unidentified private contractor involved with making passports failed to turn over the personal data of passport applicants.
But former DFA secretary Perfecto Yasay said in TV interview that no contractor took away any data and that Locsin may have been misinformed about the incident.
“As the Philippines is about to begin implementation of the National ID System, reports such as these do not inspire confidence in the capacity of government to protect our data and its ability to police and hold accountable private contractors who process personal information,” Hontiveros said.
Hontiveros said that despite explanations in social media coming from Locsin and Yasay, “there still is no clarity as to who is responsible for the non-availability of Filipino passport data.”
She noted that there have been at least two private contractors which the DFA hired in the past in relation to printing of passports — BCA Corporation in 2005, and Francois-Charles Oberthur Fiduciare in 2008.
In 2015, the DFA opted to tap the services of APO Production Unit, a government-owned and controlled corporation (GOCC), which entered into a partnership with a new private contractor, United Graphic Expression Corporation.
The lawmaker said the reported breach may constitute violations under the Data Privacy Act of 2012 (Republic Act No. 10173), which requires institutions controlling personal information of individuals to implement measures which will protect such information “against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing.”
“As opined by data privacy legal experts, the implications of the data ‘taken’ from the DFA are vast, and leaves data subjects vulnerable to identity thieves who can use sensitive information contained in the birth certificates (such as the individual’s mother’s maiden name) to illegally access financial transactions of the data subject,” Hontiveros stressed.
She added that a Senate probe on the issue will help institutionalize measures “meant to further protect personal data of Filipinos and prevent possible illegal use of the same.”