DATA – whatever form it may be (electric, physical, etc.), are subject to be protected among all times. They are an important component of our lives, companies and businesses, and it can help when used righteously or destroy us when it goes to the wrong hands.
On the recent years we are seeing a plethora of attacks targeting consumer’s data from several large companies such as Yahoo!, Google, Facebook and Amazon as well as governments. And while those mentioned have done measures to mitigate the problem, here in the Philippines, it’s an absurdity at its finest to know that our government has done nothing at the very least when breaches and problems are reported.
Just like the recent fiasco about a private contractor who runs away with the Philippine e-Passport data when their contract was terminated. It seems that the Department of Foreign Affairs (DFA) couldn’t do anything about it, as they view themselves as in the wrong, even if they already know about the problem years ago.
Because previous contractor got pissed when terminated it made off with data. We did nothing about it or couldn’t because we were in the wrong. It won’t happen again. Passports pose national security issues and cannot be kept back by private entities. Data belongs to the state. https://t.co/8vsN96jqij
— Teddy Locsin Jr. (@teddyboylocsin) January 8, 2019
Of course, the contractor may be pissed off because of a terminated relationship between them and the DFA, but they are also wrong in the first place.
The data should belong to the state, not with a private entity.
While DFA have iterated that only the data on the birth certificate and not any other sensitive data from our passports have been taken away, it is still a concern because what it translates into is that the private, outsourced company who formerly prints our e-Passports are now holding key pieces of our identities, and that could be sold off to guys who can use it for you know-identity thefts and the like.
Public data being processed on public agencies such as DFA for example, should be kept in DFA premises as well, and only allowing the authorized persons and/or organizations to have access to those, as they are considered private and sensitive.
There’s no protective clause
One mistake that we’d like to point out (we’re not law experts here, but at least we do know something), is that there isn’t any clause that states about who will own or possess the processed/gathered data when the agreement or the relationship between two parties were terminated, as this clause alone could help protect the government and the data at all costs, and have them obtain it without any necessary suits and actions against the company.
And while we’re still learning about the facts with this issue, let us not forget about the massive COMELEC hack in 2016, where an estimated count of 1.3 million voters’s personal data were released to the public, leaving at least 55 million Philippine registered voters at risk.
So what else should we worry about?
We are now also coming on to our own National ID system (PhilSys), where our essential identification data such as photo, biometrics, name and other vital information used to identify an individual would be stored into a database. By going digital, it aims to help unify most government IDs into one piece, and is to be solely used among most governmental transactions herein for ease of access and use on identification purposes.
With these previous attacks happening and the actions of our government seemingly not enough, how can we peacefully entrust our data with the government if we’re not seeing any grave actions against those who attacks or stole public data.
Prevention is still better than cure
Although we know that our own NPC (National Privacy Commission) are doing something to mitigate the problems caused by these fiasco, we’re sure that the saying “prevention is better than cure” applies excellently to this situation.
Enhance data protection and safeguard practices, spend on the best measures, people and tools to further enhance the infrastructure that holds public data, and do not enter into scrupulous contracts and agreements with a company that isn’t afraid of losing anything when something goes out of their favor are some of the measures that could really help protect, if not to mitigate, public data theft and loss. -Revealed.com.ph