Trillanes, Hontiveros file resos seeking probe into possible DFA data breach

At least two resolutions seeking an investigation into the possible data breach at the Department of Foreign Affairs were filed in the Senate on Monday.

In filing Resolution 981, Senator Risa Hontiveros expressed alarm over the possible “deep repercussions on national security” if there is truth to reports that a private contractor involved in the production of Philippine passports failed to turn over data in its possession.

“As the Philippines is about to begin implementation of the National ID System, reports such as these do not inspire confidence in the capacity of government to protect our data and its ability to police and hold accountable private contractors who process personal information,” she said.

Hontiveros said that despite explanations in social media coming from Foreign Affairs Secretary Teodoro Locsin and former DFA Secretary Perfecto Yasay Jr., “there still is no clarity as to who is responsible for the non-availability of Filipino passport data.”

She said the reported breach may constitute violations under the Data Privacy Act of 2012 (Republic Act No. 10173), which requires institutions controlling personal information of individuals to implement measures which will protect such information “against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing.”

“As opined by data privacy legal experts, the implications of the data ‘taken' from the DFA are vast, and leaves data subjects vulnerable to identity thieves who can use sensitive information contained in the birth certificates (such as the individual’s mother’s maiden name) to illegally access financial transactions of the data subject,” the senator said.

She said a Senate probe could help institutionalize measures “meant to further protect personal data of Filipinos and prevent possible illegal use of the same.”

True scale of 'breach'

Senator Antonio Trillanes IV, for his part, said that an investigation would allow the Senate to decide whether there is a need to amend or strengthen the Data Privacy Act and determine the true scope and scale of the data breach, what data has been compromised, the government officials accountable, and the firm responsible for the data breach.

In filing Resolution 987, Trillanes also wanted to know why no legal action has been taken by the DFA on the matter.

“While it is not yet clear if this is the reason for the loss of relevant and private information of passport applicants, what is certain and alarming is that DFA Secretary said they did nothing about this data breach,” he said.

In a Twitter post last week, Locsin said that a former outsourced passport maker "took all" applicants' data when its contract was terminated. — BM, GMA News