Palace, privacy commission probe possible FOI website data leak
MANILA, Philippines – Malacañang is now investigating a possible glitch at the Freedom of Information (FOI) website after complaints from users saying their identification (ID) cards used in accessing the site were being revealed online.
Lawyer Tristan De Guzman of the Office of the Assistant Secretary for Policy and Legislative Affairs, who is also part of the team tasked to oversee the FOI implementation, said their office had already coordinated with the National Privacy Commission (NPC) to look into the issue.
De Guzman said reports have already reached their office regarding the issue.
Article continues after this advertisementA search online using “eFOI ID” would reveal the IDs of users who filed an FOI request on the government website, https://www.foi.gov.ph/.
Wilson Chua said his “personal details from the SSS ID were leaked.”
“My techie friends pointed out the source of the leak: the FOI page,” he said in a Facebook post.
Article continues after this advertisement“They (FOI PH) asked for personal details and MADE the attachment PUBLIC!!! Accdg to what i know of the data privacy act, ‘You must protect what you collect’,” he added.
Chua said he already filed a complaint before the NPC.
“I filed the formal complaint with NPC. This should make for a great wake up call to all Data collectors. This is what happens to the poor victims when you don’t do a good enough job of protecting our private data,” he said.
De Guzman, in a phone interview with INQUIRER.net said the issue was now “under investigation.”
“We already met with the National Privacy Commission. We are looking since yesterday where the leak came from or if there is indeed a leak,” De Guzman said.
“We have not received any formal complaint. But even without a formal complaint, we are already conducting an internal investigation,” he added.
National ID system at risk?
De Guzman explained that under Section 9 of Executive Order No. 2 or the Freedom of Information in the executive branch signed by President Rodrigo Duterte in 2016, an identification card is needed from the requesting party.
The official said a user needs to create an account before he could request a document through the e-FOI.
“One of the requirements is ‘yong pag-upload nung ID, kasi under EO 2, nakalagay naman doon na kinakailangan natin ng identification noong requester para maiwasan din natin yong kasi marami yung mga BOTS,” he said.
Noemi Lardizabal-Dado, a blogger and a social media figure, said the latest possible data leak could raise concerns about the roll-out of the National ID system in the country.
“There is now a risk once our national ID is out. Maybe we should not roll out a national ID just yet until government websites have better user experience, tight on data privacy and security,” she said in a message sent to INQUIRER.net when sought for her comment on the issue.
Despite the possible data leak, De Guzman assured the public that data shared with the e-FOI was safe.
“Yes of course. Kasi kung mapapansin ng lahat ng gumagamit ng FOI, kung gaano siya ka-safe. Marami kaming security measures na nilatag,” he said.
Further Google search, however, revealed that Chua’s ID was not the only one exposed in the worldwide web.
In a statement on Friday, FOI Philippines urged the public to report to the agency “in case personal information was erroneously uploaded as an attachment to fields for public viewing.”
“The Freedom of Information (FOI) Philippines is committed to provide citizens greater transparency and accountability in the public service by upholding the people’s constitutional right to access to information on government records and transactions,” the statement read.
“At the same time, FOI Philippines abides by the provisions of Republic Act No. 10173 or the Data Privacy Act of 2012, to ensure that personal information of the requesting public will be protected from any unauthorized processing,” it added.
FOI Philippines said it “collects personal information to verify one’s identity, which is needed to process the request/s submitted by the requesting party.”
“This personal information collected,” it added “will be used by the government agency (which is the source of information by the requestor) to process the request as set out by Executive Order No. 02, S. 2016. “
Users of the eFOI Portal (www.foi.gov.ph), both the requesting parties and government agencies, are reminded to strictly abide by the Data Privacy Act of 2012 and the FOI Philippines’ Privacy Policy (including the eFOI Portal’s Terms of Use and Cookies Policy).
“The eFOI Portal’s functionalities have strict instructions and clear notifications which the users are highly advised to read and follow in order to have his or her request processed efficiently and for breaches of personal information avoided,” it said.
For complaints and inquiries, FOI Philippines said the public could reach them through telephone numbers (+632) 588-0691 and (+632) 733-1102, or through email addresses [email protected] or [email protected]. /kga