IN THE KNOW: National Privacy Commission
The National Privacy Commission is an independent body created under Republic Act No. 10173, or the Data Privacy Act of 2012, which seeks to ensure that personal information in the government and private sector’s information and communications systems are secured and protected.
Besides its mandate to administer and implement the Data Privacy Act, the commission is tasked with monitoring and ensuring the country’s compliance with international standards for data protection.
Its current commissioner is Raymund Liboro, former assistant secretary of the Department of Science and Technology. The deputy commissioners are Dondi Mapa, former commissioner of
the Commission on Information and Communications Technology, and Ivy Patdu, a member of the Health Privacy Group of the Department of Health.
The agency is also mandated to receive and resolve complaints from citizens and businesses, initiate inquiries and call for investigations on matters affecting privacy.
Upon finding that the processing of personal information will be detrimental to national security and public interest, it has the power to issue cease-and-desist orders and impose a temporary or permanent ban on the processing of data.
Personal information is defined as “any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.”
At the same time, the commission has the general authority to compel any entity—whether government or any of its instrumentality—to abide by its orders or take action on a matter affecting data privacy.
The commission investigated last year the data hacking that disclosed voters’ personal information in a massive leak from a database of the Commission on Elections (Comelec).
On March 27, 2016, a hacker group defaced the Comelec’s website. A second hacker group posted the entire database online on April 6, with mirror links where the data could also be downloaded, a research by internet security company Trend Micro showed.
The leaked data included names, birthdays, home addresses, e-mail, parents’ full names
and, in some cases, passport details and text markers of fingerprints of more than 55 million registered voters.
Almost a month after the leak, Paul Biteng, an information technology graduate, was arrested by members of the National Bureau of Investigation at his parents’ house in Sampaloc, Manila, for allegedly hacking the Comelec website.
After his arrest, Biteng told the Inquirer that he did it because he was bored. However, he denied he was responsible for the leak of voters’ information online, saying this was done by two other hackers with whom he shared the codes. —INQUIRER RESEARCH
Source: Inquirer Archives
