IT experts’ group urges government to strengthen data protection after PNP breach
MANILA, Philippines— A group of information technology experts called on lawmakers and concerned government agencies to bolster state legislation on data privacy and protection following the mammoth data breach of over a million police employee records.
To adapt to rapidly evolving technology, the Computer Practitioners’ Union (CPU) urged legislators to review and update the Data Privacy Act of 2012 and ensure its proper implementation.
“The government should study digital rights and digital justice in the context of the Philippines. Legislators and government agencies must understand how technologies are being used to exploit the people who use them so that they can write effective policies to protect the Filipino people,” CPU said in a statement sent to Inquirer.net
The organization asked relevant government agencies to immediately and simultaneously inform and assist all victims in mitigating “the risks they were exposed to because of the PNP’s complacency” by promptly securing all personal accounts such as emails, bank accounts, and digital applications.
Strengthening IT checks and balances
CPU asserted that the Department of Information and Communications Technology (DICT) is responsible for conducting security audits on all government data systems and offices.
“The report claims that the database was not protected by a password. If security standards were followed, this should have been addressed already. Security audits should be done regularly,” stated the organization.
“All departments should review and update security policies, and ensure that all government officials and employees understand the importance of such policies,” it added.
CPU likewise said that the National Privacy Commission (NPC) should have already been strengthening its public education efforts to raise awareness on data privacy issues, pursuant to its mission to “enable and uphold the right to privacy”
“NPC should have already been conducting mass educational campaigns on information security. Not only for government employees/agencies but also for the general public, especially the youth,” stressed the union.
Mistrust in gov’t data security amid SIM Registration
Doubts in government data systems raised by those challenging the SIM Registration Act were only strengthened by the data breach incident, according to the union.
“If the DICT— which is tasked to conduct security audits on the PTEs’ SIM Registers/databases— was not able to detect in its supposedly regular security testing the holes in the PNP’s database, how can we trust that they can competently ensure the security of our data?,” CPU said.
Journalists and free speech advocates filed a petition before the Supreme Court on Monday asking the high court for a temporary restraining order against the law’s implementation.
Led by the National Union of Journalists of the Philippines (NUJP), petitioners argued that SIM registration violates rights to privacy and freedom of speech by conditioning mobile communications to a mandatory disclosure of specific personal information.
While involved government agencies have continued to assure their ability to protect information provided by SIM registrants, CPU raised that the PNP data leak is evidence to believe otherwise.
“If the PNP is so complacent as to leave their database without a password, and the DICT was not able to prevent the leakage of sensitive data… how can they prove to us that they will seriously protect our personal information collected from SIM Registration?” asserted the IT union.