The World Health Organization Philippines office on Friday said it does not collect, process or store personal data of Filipinos amid reports of an alleged breach of a WHO database.
In a statement, WHO said it does not have access to underlying personal data, which is the exclusive domain of governments.
"WHO does not collect, process or store any personally identifiable information (for example, names, email addresses, phone numbers, etc.) in relation to COVID-19 immunization," it said.
"During the COVID-19 pandemic, WHO collected from national health authorities around the world data that is aggregated at a population level, for example on the total numbers of COVID-19 infections, deaths, and vaccine doses administered in the country. These data are crucial for monitoring the progress of COVID-19 vaccination efforts nationally and globally."
It added reports that a data breach linked to WHO or WHO-hosted databases has occurred "are false and inaccurate."
"WHO abides by principles related to personal data protection embodied in the United Nations Principles on Personal Data Protection and Privacy," it said.
Last Tuesday the Department of Information and Communications Technology said it has offered to help tWHO investigate a supposed breach of its database, which has compromised some COVID-19 vaccination data from the Philippines and India.
DICT spokesperson Assistant Secretary Renato Paraiso said the data leak was discovered by the Philippine National Computer Agency Response Team.
“There was information dumped on particular platforms. That’s why we got wind of the incident regarding the WHO breach. They were able to obtain some COVID-19 data, particularly from two countries,” he said.
Paraiso said the extent of the data breach is still unclear as they have yet to gain access to the WHO’s records.
“The problem with this is it’s an international agency that we have no jurisdiction over. We informed them but it would be up to them if they would request the DICT or the Philippine government (to) help in the investigation. If they do not request us to participate, we cannot ask them for their logs and do a deep dive into their systems to ascertain what went wrong, what data were captured,” Paraiso noted.