Hontiveros seeks probe on passport data mess
MANILA, Philippines — Senator Risa Hontiveros has called for an inquiry into the alleged data breach caused by a previous outsourced contractor, producing passports for the Department of Foreign Affairs (DFA).
Hontiveros filed Senate Resolution No. 981, which aims to look into reports that an unidentified private firm making the passports failed to turn over personal data of passport applicants to DFA, as initially disclosed by Foreign Affairs Secretary Teddy Boy Locsin Jr.
The senator said a Senate inquiry into the issue will help institutionalize measures “meant to further protect personal data of Filipinos and prevent possible illegal use of the same,” as the reported breach may constitute violations under Republic Act No. 10173 or the Data Privacy Act of 2012.
READ: Passport maker ‘took all data’ when contract terminated, reveals DFA chief
“As the Philippines is about to begin implementation of the National ID System, reports such as these do not inspire confidence in the capacity of government to protect our data and its ability to police and hold accountable private contractors who process personal information,” she said in a statement on Monday.
Article continues after this advertisementDespite explanations from Locsin and former DFASsecretary Perfecto Yasay Jr., the senator said “there still is no clarity as to who is responsible for the non-availability of Filipino passport data.”
Article continues after this advertisementREAD: Former DFA chief Yasay sheds light on passport data breach
Hontiveros pointed out that Data Privacy Act requires institutions controlling personal information of individuals to implement measures that will protect such information “against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing.”
Hontiveros stressed that “as opined by data privacy legal experts, the implications of the data ‘taken’ from the DFA are vast, and leaves data subjects vulnerable to identity thieves.”
She said identity thieves “can use sensitive information contained in the birth certificates (such as the individual’s mother’s maiden name) to illegally access financial transactions of the data subject.” /kga