The National Privacy Commission (NPC) said it summoned the local office of ride-sharing firm Uber for a meeting on Thursday, Nov. 23, to discuss a massive data breach in the US that was admitted by the company.
Media publications have reported that Uber is facing investigation around the world after it was found that the tech firm paid hackers $100,000 to keep quiet on the stolen data of 57 million drivers and passengers.
The NPC said Uber came to the meeting represented by its data protection officer, lawyer Yves Gonzalez. He was accompanied by an external counsel from the company?s law firm.
However, the privacy agency said the Uber executive failed to provide vital information, especially on whether Filipino data are involved, citing limited information from their US office.
?We cannot rule out at that this time that any Filipino data was compromised,? the NPC said.
But the commission said Uber Philippines has committed to respond in detail to the agency?s queries about the nature of the breach, what data was involved, and what measures were applied to address the breach, as soon as confirmed data becomes available.
The NPC also set a 48-hour deadline for Uber to provide vital information about the breach.
?The NPC has reminded Uber that the concealment of a data breach that involves sensitive personal information or information that, under the circumstances, can be used to enable identity fraud, is a criminal offense punishable under the Data Privacy Act of 2012,? it said.
The agency said it has tapped its network of privacy regulators, particularly the Federal Trade Commission of the US, to share information on this incident.