MANILA - (UPDATED) The National Privacy Commission (NPC) said Monday it would conduct a fact-finding investigation in the supposed data breach in the passport system.
NPC commissioner Raymund Liboro said they have invited officers from the Department of Foreign Affairs (DFA) on Wednesday in order to get to the bottom of the issue.
"Kailangan pa makakuha ng maraming facts tungkol dito upang masagot talaga kung totoong nagkaroon ng personal data breach," he said.
(We need to gather more facts to ascertain if there was a personal data breach.)
In a separate interview, Liboro said there was no immediate proof of a data breach after the agency conducted a search on the so-called "dark web."
Meanwhile, a Catholic bishop appealed to the government to ensure the problem will be addressed and not repeated.
"To investigate, to correct the mistakes and mess, and to punish the guilty is great service to the country, especially to our overseas Filipino Workers," Bishop Ruperto Santos of the Episcopal Commission on Migrants and Itinerant People (ECMI) said in a statement.
"We appeal for thorough investigation, no sacred cows, those guilty be prosecuted," Santos added.
Foreign Affairs Secretary Teodoro Locsin Jr. revealed last week that a passport production contractor the government had terminated "made off with data."
Locsin added that the DFA needs to "rebuild" its database for passports issued after 2009 because a "previous outsourced passport maker took all the data when contract terminated."
Former Foreign Affairs Secretary Perfecto Yasay Jr. had said that the production and personalization of machine readable electronic passports (MREPs) was subcontracted to French firm Francois-Charles Oberthur Fiduciare in 2006.
The DFA in 2015 tapped APO Production Unit Incorporated to produce a new e-passport system provided that it does not get a private subcontractor.
But APO, which is under the Presidential Communications Office, subcontracted the production of new passports to the United Graphic Expression Corporation (UGEC).
Yasay said Oberthur "withdrew" its assistance when APO and UGEC entered the picture.
Liboro assured that criminal complaints would be filed against individuals who may be found responsible for the incident.
Under Republic Act 10173 or the Data Privacy Act of 2012, violators could face fines up to P5 million and jail term of 6 years.