A DATA EXPERT reminded companies and agencies to be careful in their recycling efforts as this may compromise sensitive data.
In a Consumer Care Webinar of the Department of Trade and Industry, data protection expert Sam Jacoba warned of the dangers of recycling documents as scratch papers.
“Isa sa mga common practice ng mga kumpanya kasi nagtitipid sila, ‘yong kanilang mga papel ginagawa binabaliktad nilang scratch paper. We found out ‘yong mga nire-recycle na scratch paper includes mga applications ng candidates nila for employment. Kasama nga roon pati birth certificate. Nagtitipid ang kumpanya kaya lang ‘yong mga datos na andoon, ‘pag may nakahawak noon, it can be considered breach,” Jacoba said.
Jacoba added that companies should also look into their outsourced partners for recycling that might be selling sensitive information from recycled documents.
“Napakahalaga na bantayan natin ang pisikal na repository ng mga datos ng ating customers and consumers. Kasi ‘pag hawak ko ang birth certificate mo, pwede na akong mag-apply ng kahit anong ID. It can lead to potential identity theft. Sure, nakakatulong ka sa environment pero ang impact po noon, may potential exposure po ang customers,” Jacoba said.
Atty. Brady De Castro, a legal expert in technology, warned that data breaches can severely damage a company’s reputation.
He also encouraged companies to register with the National Privacy Commission to boost consumer trust.
“Malaki ang reputational damage ‘yan,” De Castro said. “Ang ine-expect, ‘yong tamang pangangalaga ng datos. ‘Pag nakita nila ‘yong due care depende sa laki ng datos, laki ng kumpanya, may karampatang pangangalaga. Magiging kakampi niyo pa po ang NPC. Ang mga hacker, pa-complex nang pa-complex ang ginagawa nila.”
Former Department of Information and Communications Technology official Atty. Chad Moscoso also reminded companies to promptly report any data breach.
Companies that suffer from potential data breaches should report to the NPC within 72 hours while financial institutions regulated by the Bangko Sentral ng Pilipinas should report to the regulator within 24 hours.
Moscoso enumerated the top reasons for data breaches – weak and stolen credentials, backdoor and application vulnerabilities, and mistakes and misconfigurations such as human error and loss of devices.
Under the Data Privacy Act, consumers have the right to seek damages from companies responsible for data breaches.
DTI Undersecretary Amanda Nograles encouraged consumers to report any potential data breach to regulators. (ABS-CBN News)
