MANILA - Two senators on Monday called separately for a legislative probe and a review of all information management contracts after a private contractor allegedly ran off with passport data.
Foreign Affairs Secretary Teodoro Locsin Jr. claimed over the weekend that his agency had to rebuild the database for passports issued before 2010 because an outsourced maker "took all the data when contract terminated."
Sen. Risa Hontiveros filed a resolution seeking a Senate investigation into the reported data breach, which she said may be exploited by identity thieves.
Sensitive information like the maiden name of one's mother is stated in birth certificates, a requirement for passport application. This information may by used by data thieves to illegally access one's financial transactions, she said, citing information from experts.
As authorities prepare to implement the National ID system, the supposed passport breach fails to inspire confidence in the capacity of government to protect data and hold private contractors accountable, the senator said.
A Senate probe on the issue will help institutionalize measures "meant to further protect personal data of Filipinos and prevent possible illegal use of the same," Hontiveros said in a statement.
Sen. Nancy Binay meanwhile urged the Office of the Solicitor General to review all contracts of third-party software and data management providers to ensure that they are required to return all government information after the termination or end of their stint.
Among agencies dependent on third party data managers are the Social Security System, Land Transportation Office, National Bureau of Investigation, Philippine Statistics Authority, and Commission on Elections, she noted in a statement.
"We need to know which agencies are prone to data hostaging," she said in a statement.
"It is incumbent upon the government to check that contracts entered into by the State have data privacy protection clauses," she added.
There is "no leak so far" of the passport data but it "is possibly hopelessly corrupted and at any rate inaccessible," Locsin said earlier Monday.
The DFA in 2015 tapped APO Production Unit Incorporated to produce a new e-passport system provided that it does not get a private subcontractor, Locsin's predecessor Perfecto Yasay said in a Facebook post on Sunday.
But the company, which is under the Presidential Communications Office, subcontracted the production of new passports to the United Graphic Expression Corporation (UGEC), he said.
The DFA entered the deal with APO despite its the agency's existing contract with French firm Francois-Charles Oberthur Fiduciare for the production of passports compliant with the requirements of the International Civil Aviation Organization, noted Yasay.
Oberthur, Locsin claimed, deposited the data in a warehouse in Lipa "out of irritation" and refused to give the access code.
The National Privacy Commission is looking into the incident. Raymund Liboro, the body's chairman urged the public to refrain from drawing hasty conclusions that may endanger the passport's integrity and put its holders abroad at a disadvantage.