Passport data breach more serious than DFA has disclosed

IT is striking that Foreign Secretary Teodoro Locsin Jr. chose Twitter as the medium for disclosing the alarming information that the Department of Foreign Affairs (DFA) has lost the personal data information of millions of Filipino passport holders because an outsourced passport maker for the DFA “took all” applicants’ data on account of the termination of its contract with the government.

The use of Twitter in Locsin’s disclosure has the odd effect of understating the offense in the very process of exposing it to the public.

Twitter is not yet universally used by Filipinos, who did not readily take to the online news and social networking service to send messages known as “tweets.” Filipinos were put off by the original restriction of Tweets to only140 characters. This seems poetic and rigorous like Japanese haiku poetry, but on Nov. 7, 2017, the limit was doubled for all languages except Chinese, Japanese and Korean. Registered users could consequently post, like and retweet tweets, but unregistered users could only read them.

One avid Twitter convert is United States President Donald Trump. He uses the online service for most of his presidential communications, including announcing major policy decisions to America and the world.

We should avoid the temptation to treat Mr. Locsin’s communication of the data policy breach as simply “cute” or quirky.

In fact, this passport data breakdown is of the gravest public importance. Millions of Filipinos will be inconvenienced by the burden of providing DFA new documents about their birth whenever they renew their passports. Government is right to regard this as a serous national security issue.

It was for situations like this that Congress passed the Data Privacy Act of 2012.

Both government and the private sector are alarmed by the data breach.

Legislators in Congress are demanding full accounting for the breakdown. Senate Minority Leader Franklin Drilon had declared that the government should compel the erring contractor to return the passport data to the DFA, because these belong to the government and are part of the public record.

The Data Privacy Commission has announced its intent to conduct an investigation of this incident

On the part of the DFA, the actions are notable. Assistant Secretary Elmer Cato has clarified that the submission of PSA-issued birth certificates is being required only for those renewing the older machine-readable-ready passports (MRRP) and machine-readable passports (MRP) issued before e-passports were first rolled out in 2009.

Secretary Locsin has said that DFA will fully rebuild its files.

This is what DFA gets for doing nothing about the problem in the past. At this point, nobody knows whether this breach falls under the protection of the Data Privacy Act of 2012.

At this point, also, the identity of the errant passport maker has been kept under wraps. Its identity should now be publicly disclosed and appropriate charges should be filed by the government.

The government should treat this issue with utmost seriousness because this is not the first breach in the holding of personal data information by the government. The Social Security System is facing a similar problem about its data record system.

As things are, the only relief we can see at this point is the information provided by Cato who said that the submission of PSA-issued birth certificates is being required only of those renewing the older MRRP and MRP passports issued before the DFA began issuing e-passports in 2009.

Secretary Locsin, for his part, has sent out a new tweet. “It won’t happen again. Passports pose national security issues and cannot be kept back by private entities. Data belongs to the state.”

If President Rodrigo Duterte is still looking for the next target for liquidation in his public speaking, perhaps the rogue passport maker and thief of public data could be a fitting target for the President’s mouth.

This article originally appeared on: https://www.manilatimes.net/passport-data-breach-more-serious-than-dfa-has-disclosed/496196/