MANILA – The Department of Information and Communications Technology (DICT) on Tuesday said it is conducting an investigation into the incident involving a passport maker contracted by the Department of Foreign Affairs (DFA), which allegedly ran off with applicants’ data.
Foreign Affairs secretary Teodoro Locsin Jr. has claimed that the passport maker “took all the data when contract (was) terminated,” which compelled the DFA to require non-electronic passport holders to submit birth certificates when renewing their passports.
In a statement, DICT said it has acknowledged and is aware of the issues concerning Locsin’s statements on his Twitter account.
“The DICT CyberSecurity Bureau is currently in the process of conducting its own investigation.”
The DFA was classified as one of the country’s 12 Critical Information Infrastructures (CII).
Under Republic Act No. 10844 or the “DICT Act of 2015,” DICT was mandated to provide oversight over the information assets, individuals, and businesses related to the DFA information infrastructures.
“This is to ensure that the welfare of consumers, as well as the privacy and security of the data collected and used for their specific purpose adheres to the policies and practices of DICT,” it said.
The DFA is mandated to adhere to the guidelines set out under the National CyberSecurity Plan 2022 and comply with DICT Memorandum Circular 005, s2017.
“Government agencies are hereby ordered to adopt the Code of Practice stipulated in PNS ISO/IEC 27002 (Information Technology-Security Techniques-Code of Practice for Information Security Controls) within the year of effectivity of this Memorandum Circular for compliance,” Section IV-A of the memo states.
The circular was published in September 2017.
“If your organization is identified as one of the Philippines’ 12 CIIs, make sure you are fully aware of your cybersecurity responsibilities,” DICT assistant secretary Allan Cabanlong said.
The National Privacy Commission earlier said it will be conducting an investigation into the incident.
Locsin claimed that French contractor Oberthur Technologies, which had a maintenance contract covering the passport printing machines, ran off with the applicants’ personal data after its contract was terminated. (GMA News/PN)
