Subscribe Us

header ads

Protecting Filipino Data (Part 1)

In 2014, it was estimated that 2.5 quintillion bytes of data were created every day worldwide. In the Philippine2, 42.1 million are on Facebook and 13 million on Twitter. This, along with the Gross IT Spending of US$4.4 Billion in 2016 is evidence of the growing digital economy and increase of international trade in data.

Aside from that, many Filipinos are already digitally “stamped” since most of the everyday transactions in government and private institutions that require collection and storage of data and information from business permit applications to hospital and doctor’s appointments.

The nature and volume of the data collected and stored require privacy policies and even more strict security procedures and systems.

The Congress of the Philippines passed Republic act 10173 or otherwise known as the  Data Privacy Act (DPA) of 2012.  By September 9, 2016, the Implementing Rules and Regulations (IRR) were put into effect. This also established the National Privacy Commission (NPC) that will implement the DPA.

The DPA aims to make public institutions and agencies and private companies and corporations responsible for the data that they collect and store. It is not only restricted to storage but also about the way the data collected from individuals and the public is used and even disposed of.

The collection of data from the public must be transparent and legal. The public must be informed where and how the information they divulge will be used and what are its intentions.

Any improper use of such information and improper disposal of collected and stored information will result in fines of up to Php5.0 million and imprisonment for a maximum of 7 years.

It is acknowledged that compromise of data or breach in data storage is happening and those industry experts have called for new ways of fighting such data breaches and it is based on Three New Realities. These are :

1. There must be a New Perimeter safeguarded by passwords and credentials.
2. Always Assume that there is a Breach. It is approaching the system as if there is a breach and the defense is the “Prevent” Approach.
3. 80% of the breach is due to the use of non-approved software and apps in the workplace.

This is to acknowledge that today, there are many attack vectors and protection must be done on several layers.

Also, it is important to note that the cost of systems breach is at 2.6 million US Dollars daily. It not only disrupts service but also damages the reputations of the institution, companies, and corporations who are the victims of such breaches.

In protecting data and information the following are needed.

1. Protect
2. Detect
3. Respond
4. Expertise
5. Resources
6. Time.

The above-mentioned requirements will be further added into since data protection against data breach is a continuing evolution.

(To be continued)

Post a Comment