Safe ba tayo? Nancy Binay wants Calida to review gov’t deals with data management providers
Senator Nancy Binay on Monday urged the Office of the Solicitot General (OSG) to review the contracts of the government’s data management providers following the reported passport data breach.
She wants the OSG to review all contracts of government agencies with third-party software and data management providers particularly those that concern any national database system.
“We need to step up our standards when it comes to data protection and security lalo na’t ang may hawak ng data management ay third party contractors,” Binay said.
“We need to know which agencies are prone to ‘data hostaging’ para di na maulit ang nangyari noon sa LTO (Land Transportation Office) at NBI (National Bureau of Investigation) where there was a stoppage of operations, and vital public services were affected,” she said.
According to Binay, the OSG should ensure that all contracts have a clause that all data handled by third party data management providers would revert to the government even after the termination or end of its contract.
“It is incumbent upon the government to check that contracts entered into by the State have data privacy protection clauses,” Binay said.
She said policies, TORs (terms of reference) and IRRs (implementing rules and regulatiins) should also be evaluated to prevent data breach specially if the contractor has in its possession biometrics data.
She said government agencies like the SSS (Social Security System), GSIS (Government Service Insurance System), LTO, NBI, DFA, BI (Bureau of Immigration, PAGIBIG, PhilHealth, PhilPost, LRA (Land Registration Authority), PSA (Phil. Statistics Authority), Comelec (Commission on Elections), to name a few, are dependent on third-party software and data management to handle their data management requirements.
Binay said the government serves as the custodian or the “personal information controller” of the collected data but hosting and system management is contracted to non-government entities.
“Bilang tagapangalaga ng datos ng mamamayan, the government should protect the confidentiality of the data, and maximize all remedies to ensure that the data handled by contractors is returned to the government after the end of its contract,” she said.
To avert any data breach crisis in the future, the senator said there are still live BOT (Build-Operate-Transfer) and PPP (Public-Private Partnership) agreements that fall under the mandate of the National Privacy Commission that need to be revisited.
“Kung wala pang existing clause ay dapat pong makipag-usap na ang OSG upang ma-amend na ang present contract,” she said.
The role of government is to protect the data in compliance with the Data Privacy Act.
“Marami na pong mga kaso ng identity theft kung kaya’t andyan ang pangamba ng mga tao na maaaring magamit ang datos nila sa maling paraan,” she added.
Binay said that breaches in data erode the people’s trust in the institution.