Now we can relax, assured that nobody stole our personal passport details under the care of the Department of Foreign Affairs. There was no data breach, after all. Foreign Affairs Secretary Teodoro L. Locsin Jr. said it was not possible for a contractor to have run away with the personal data of passport applicants. This should clear the air and allay the public’s fears following his earlier tweet that a disgruntled contractor “got pissed when terminated it made off with data”, prompting the DFA to require those renewing their passports to bring their birth certificates.
“Data is not run-away-able but made inaccessible. Access denied. But APO assured me they were able to access but not much use and parts corrupted,” Locsin said on Twitter in response to a netizen who asked for clarification. APO refers to the APO Production Unit Inc. (APUI), a government agency under the jurisdiction of the Presidential Communications Operations Office.
Although the passport renewal controversy has been settled, it exposed the risks that could arise from the collection and storage of citizens’ personal information, especially when private contractors are involved. With the imminent rollout of the national ID system, the paramount importance of data security in government can’t be stressed enough. We cringe at the thought of losing to hackers millions of personal information stored in the national ID system database.
Although the National Privacy Commission earlier assured Filipinos that their personal data will be safe when the proposed national ID System gets implemented, the passport renewal controversy should teach us a valuable lesson. For example, agencies concerned should adopt strict technical, physical and organizational security measures to ensure the protection of information from unauthorized access, use and disclosure of citizens’ information.
We support a Senate or House inquiry to get to the bottom of the passport renewal controversy. As BusinessMirror columnist Susan V. Ople pointed out, “when the BSP relinquished its role as passport printer, the DFA felt it had no other choice but to enter into a contract with APUI. Some say the transition from BSP to APUI was orchestrated. Some say it wasn’t. The facts can be easily established in a Senate or House hearing.”
Ople said: “APUI decided to take on a private sector partner—United Graphic Expression Corp.—in order to fulfill its orders through a joint- venture agreement. Did it officially inform the DFA about the JVA? And was DFA given the opportunity to vet UGEC given its role as the legal custodian of the Philippine passport?”
She added: “Insiders said the DFA contract with APUI passed through the National Economic and Development Authority, Department of Science and Technology, the Department of Budget and Management and the Government Procurement Policy Board. What remains unclear is whether the joint-venture agreement between APUI and UGEC underwent the same rigorous and vigorous interagency review prior to its approval. An independent probe would help put this issue to rest. Such an investigation should also focus on this question: What happened to the personalization system designed by Oberthur and the data already loaded in that system? A successful and efficient migration of that data meant doing away with birth certificates altogether as a requirement for passport renewal. Clearly, there was a glitch somewhere.”
Image credits: Jimbo Albano