NPC investigates data breach of various gov’t websites

MANILA — The National Privacy Commission (NPC) is conducting an investigation into the data breach on the personal information stored in various organizations that occurred last April 1, 2018.

Around 2,000 individual data subjects were affected by the breach, according to the NPC.

“Part of the investigation is to learn how these breaches happened and to spread that knowledge so that government and all personal information controllers and processors can do a better job of protecting Filipino personal data,” Francis Euston Acero, chief of the NPC’s Complaints and Investigation Division, said in a text message to the Philippine News Agency (PNA).

Sanctions that will be imposed would depend on the level of negligence of certain organizations on their duty to protect personal data.

“Where we find absolute negligence, the Comelec case is good guidance. We will not get ahead of the evidence,” Acero said.

The data exposed include their name, address, phone number, email address and in some instances, even passwords and school details.

The NPC summoned the management and other officials of seven schools, institutions and local government units Monday to explain why they did not notify the commission within 72 hours of the breach nor the affected data subjects whose personal data were downloaded through links posted on Facebook.

The privacy commission has earlier sent notices to top officials of Taguig City University; the Department of Education offices in Bacoor City in Cavite and Calamba City in Laguna; the Province of Bulacan; Philippine Carabao Center; Republic Central Colleges in Angeles City; and Laguna State Polytechnic University, to appear before it from April 23 to 24.

None of the affected organizations were able to issue any data breach notifications as part of their obligations as Personal Information Controllers (PICs) under the Data Privacy Act of 2012, according to Privacy Commissioner Raymund Liboro.

“PICs are required to employ organizational, technical and physical measures to protect personal data. This includes the duty to inform data subjects and this Commission if there is a serious data breach,” Liboro said in a statement Tuesday.

The probe started last week after digital investigators from the NPC determined that each of the exposed databases contained sensitive personal information or data that could be used to perpetuate fraud.

In January last year, the NPC recommended criminal prosecution against then Commission on Elections Chairman Andres Bautista for the massive breach of the personal information of registered voters that occurred between March 20 and 27 in the run-up to the 2016 national and local elections. (Aerol John Pateña/PNA)

Popular

VP on trial: What you need to know about the impeachment of Sara Duterte

By Brian Campued About five months since the second series of impeachment complaints against Vice President Sara Duterte was formally initiated, the House prosecution panel...

Impeachment trial: The pursuit of truth, justice, and accountability

By Dean Aubrey Caratiquet At its core, every government around the world implements a set of checks and balances enshrined in its respective constitution to...

Canadian firms’ $15.9B investment pledges seen to boost PH mining sector

By Ruth Abbey Gita-Carlos | Philippine News Agency Canadian gold and copper producer OceanaGold Corp. has pledged to invest $1.9 billion for the continued operation...

PBBM positions PH as ‘responsible’ hub for mineral processing

By Ruth Abbey Gita-Carlos | Philippine News Agency President Ferdinand R. Marcos Jr. on Friday (Canada time) positioned the Philippines as a “responsible” hub for...