MANILA -- Senator Nancy Binay on Monday called for a review of all government contracts with third-party software and data management providers amid the alleged data breach in the passport system.
In a statement, Binay urged the Office of the Solicitor General (OSG) to review the contracts of government's data management providers to ensure that they would return all information handled to the government after the termination or end of their contracts.
"It is incumbent upon the government to check that contracts entered into by the State have data privacy protection clauses. Policies, TORs (terms of reference) and IRRs (implementing rules and regulations) should also be evaluated to prevent data breach specially if the contractor has in its possession biometrics data,” Binay said.
She said government agencies like the Social Security System, Government Service Insurance System, Land Transportation Office, National Bureau of Investigation, and Commission on Elections are dependent on third-party contractors to handle their data management requirements.
Binay stressed that the government must step up its role in data protection and security in Compliance with the Data Privacy Act.
"Bilang tagapangalaga ng datos ng mamamayan (As the custodian of the citizens' personal data), the government should protect the confidentiality of the data, and maximize all remedies to ensure that the data handled by contractors is returned to the government after the end of its contract," she said.
On Wednesday, Department of Foreign Affairs (DFA) Secretary Teodoro Locsin Jr. said in a Twitter post that the previous contractor has made inaccessible the data it was entrusted to after its printing contract was terminated.
Before the contract for the production of Philippine electronic passports was awarded to the APO Production Unit Inc. (APUI), the Bangko Sentral ng Pilipinas (BSP), through French firm Francois-Charles Oberthur Fiduciare, had been printing passport booklets.
Senator Risa Hontiveros, meanwhile, sought for a Senate inquiry on the alleged passport data loss involving an unidentified private contractor.
Hontiveros filed Senate Resolution No. 981, which seeks a Senate probe on allegations first surfaced by Locsin that an unidentified private contractor involved with making passports failed to turn over the personal data of passport applicants.
"As the Philippines is about to begin implementation of the National ID System, reports such as these do not inspire confidence in the capacity of government to protect our data and its ability to police and hold accountable private contractors who process personal information," she said.
Hontiveros said the reported breach may constitute violations under the Data Privacy Act of 2012, which requires institutions controlling personal information of individuals to implement measures which will protect such information "against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing."
"As opined by data privacy legal experts, the implications of the data 'taken' from the DFA are vast, and leaves data subjects vulnerable to identity thieves who can use sensitive information contained in the birth certificates (such as the individual's mother's maiden name) to illegally access financial transactions of the data subject," Hontiveros said.
She said a Senate probe on the issue will help institutionalize measures "meant to further protect personal data of Filipinos and prevent possible illegal use of the same."
The National Privacy Commission (NPC) said it will conduct an independent investigation to determine the facts surrounding the case.
"Any form of non-availability of personal data, infringement of the rights of data subjects, and harms from processing that include inconveniencing the public, must be adequately explained to the satisfaction of the law," Privacy Commissioner Raymund Liboro said in a text message over the weekend.
"Rest assured the NPC will continue to champion the rights of Filipino data subjects," he said, adding that the commission will summon representatives from DFA and concerned agencies, including the alleged contractor. (PNA)
