By Bernie Cahiles-Magkilat
The National Privacy Commission (NPC) has alerted all Data Protection Officers (DPOs) of government offices and private companies, including private individuals, to ensure adequate networks protection and personal files on All Saints’ Day and the ASEAN Summit stressing that data breaches have been known to happen on long holidays and weekends.
Personal data breaches have been known to happen during holidays because of the minimum compliment of personnel available during these times. The largest personal data breach in the country’s history, the Comelec data breach of 2016 happened during a long weekend, while Bangladesh bank heist which also involved a Philippine bank happened during a holiday.
Close to five thousand organizations that process personal data have registered their DPOs with the NPC.
To safeguard networks and personal data held by organizations, the NPC recommends to place non-mission critical systems off-line especially those that contain or have access to personal data.
For systems that are kept off-line, ensure that all system activities are recorded and the aforementioned logs are secure.
Password protect or encrypt files and databases on servers, desktop computers and other devices. Conduct a backup of systems and databases. Information Security team needs to retain the ability to remotely monitor systems and be ready respond to any unusual activity. Discourage physical breaches by securing office premises adequately.
Privacy Commissioner Raymund E. Liboro likened the protection of personal data during long holidays to securing one’s home when leaving for an out of town trip.
“When one leaves for a long vacation or when you leave home for a long period of time unattended, you make sure that security precautions are in place to ensure that break-ins do not happen. The same way our DPOs should ensure that their IT systems are secure, and that adequate physical security is in place during times of minimal staffing,” Liboro said.
“Breach management protocols need to be in place to ensure compliance with the Data Privacy Act as well as minimize the damage brought about by the breach.”
For individuals, who are away on holidays, Liboro recommends some data protection measures for their devices.
Double-check if your laptop or mobile phone have been updated with the latest security patches.
“Being on the road or away from your home network would mean that data connectivity would be slow and quota is very limited, and so you won’t be able to do this reliably,” he said.
“Personal records and files that contain personal data, like passports, health records, bills or tax returns should be kept secure, and if they are no longer relevant, it’s a good idea to destroy them by shredding them or burning them.”
It is also important to turn off your home network router if nobody is going to be left at home. “Powered-off devices, not just home appliances will not only save you money from unnecessary electricity consumption, but also deny criminal an avenue to attack your home remotely,” said Liboro.
Be aware of Phishing scams and fake websites.
“Users need to be vigilant of emails and fake websites that aim to extract log-in credentials from unwary users. There has been an increase in these, and users need to be cautious in accessing their accounts from their own devices and most especially from shared devices,” he reminded.
Do not connect to Wi-Fi Networks you do not know.
“Just because a Wi-Fi network announces itself to having free Internet it doesn’t mean you should connect to it, only connect to official and trusted wireless networks of hotels and resorts,” he concluded.
The NPC is a regulatory and quasi-judicial body constituted in March, 2012 by virtue of RA 10173, otherwise known as the Data Privacy Act of 2012. Headed by one commissioner and two deputy commissioners, the agency is mandated to uphold the right to data privacy and ensure the free flow of information, with a view to promoting economic growth and innovation.