NPC: Burden of proof of data breach on PhilHealth hacking lies with victims

NPC: Burden of proof of data breach on PhilHealth hacking lies with victims

MANILA, Philippines — Members of Philippine Health Insurance Corporation (PhilHealth), whose data or personal information were compromised, may submit a complaint to the National Privacy Commission (NPC).

This option comes following the recent hacking of the computer system of PhilHealth.

The complainant just has to prove the damage done as a result of the online attack against the corporation.

This action was suggested by NPC Chief of Complaints and Investigation Michael Santos at Kapihan sa Manila Bay forum on Wednesday.

Santos said upon submitting a complaint, the burden of proof that data breach took place will be on the victim.

Revised Rules on Evidence defines burden of proof as the duty of a party to provide evidence supporting his or her claims.

“Nasa nagre-reklamo kasi yung burden of proof,” Santos said

(The burden of proof is on the complainant.)

Aside from this condition, the NPC official said complainant must also prove that his or her data was involved in the breach, and that the glitch was due to the corporation’s fault.

“Kung magpa-file ka sa commission, first, you have to prove na may damage sa ‘yo; na involved ka doon; na yung data mo, involved; na may na-compromise na data mo, through the fault of PhilHealth,” he elaborated.

(If you are going to file at the commission, first, you have to prove that there was damage done to you; that you were involved; your data was involved; that your data was compromised, through the fault of PhilHealth.)

Santos added if the complainant’s data are not actually involved in the breach, the charge will be deemed baseless.

The NPC official, meanwhile, mentioned that even without a complaint, NPC conducted a probe into the PhilHealth hacking.

“Ngayon nga, mas malalim na yung imbestigasyon natin to find out kung ano ba yung naging gaps, and kung yung gaps will come out to negligence and there are possible liabilities,” he said.

(Now, we are doing a deep investigation to find out what were the gaps, and if these gaps will result in negligence and there are possible liabilities.)

Santos said the compromised data of PhilHealth were mostly basic information.

These details include Philhealth numbers, names, birthdays, sex, addresses, some pictures, identification cards, work-related documents, and contracts.

So far, no one has filed any complaint with NPC on the matter.

The commission was created to administer and implement the provisions of Data Privacy Act of 2012.

RELATED STORIES

Leaked Philhealth data ‘staggering,’ says NPC

DICT: Hacked Philhealth data spreading on app contains malware

APL

Read more...