National Privacy Commission reminds Business and Government Agencies to Secure Data Processing Systems and for Individuals to be Safe Online for Holy Week.
The National Privacy Commission (NPC) issued an advisory for Data Protection Officers (DPO) reminding them to secure data processing systems for the upcoming Holy Week long weekend, in order to prevent the duplication of the COMELEC data breach which happened during Holy Week 2016.
In the memorandum addressed to Data Protection Officers, the NPC recommended the following:
- Place non-mission critical systems off-line especially those that contain or have access to personal data.
- For systems that are kept off-line, ensure that all system activities are recorded and the aforementioned logs are secure.
- Password protect or encrypt files and databases on servers, desktop computers and other devices.
- Conduct a backup of systems and databases.
- Information Security team needs to retain the ability to remotely monitor systems and be ready respond to any unusual activity.
- Discourage physical breaches by securing office premises adequately.
Privacy Commissioner Raymund E. Liboro likens the protection of personal data during long holidays to securing one’s home when leaving for an out of town trip,
When one leaves for a long vacation or when you leave home for a long period of time unattended, you make sure that security precautions are in place to ensure that break-ins do not happen. The same way our DPO’s should safeguard their I.T. systems as well as ensure that adequate physical security are in place during times of minimal staffing. Chairman Liboro said.
The banking sector is also vulnerable, the Bangladesh bank heist of 2016 also happened on a long weekend (Chinese New Year), the economic significance of the financial sector is the reason why we are looking to have a general assembly of DPOs from the finance and banking sector next, Commissioner Liboro added.
Early this month the NPC held the first general assembly of DPOs in Government (DPO1) and launched its new website complete with information and tools for DPOs to help in complying with the country’s data protection and privacy laws.
Data Protection for individuals
For individuals going on the road for the holidays, Privacy Commissioner Liboro recommends doing the following data protection measures for their devices:
- Double-check if your laptop or mobile phone have been updated with the latest security patches. “Being on the road or away from your home network would mean that data connectivity would be slow and quota is very limited, and so you won’t be able to do this reliably”
- Make sure your personal and work data are backed up securely. “As history have shown in a dramatic fashion, both in Bangladesh central bank and COMELEAK incidents were done during long holidays, as this is a preferred time for criminals to act online.”
- Turn off your home network router if nobody is going to be left at home. “Powered-off devices, not just home appliances will not only save you money from unnecessary electricity consumption, but also deny criminal an avenue to attack your home remotely.”
- Be aware of Phishing scams and Fake websites. “Users need to be vigilant of emails and fake websites that aim to extract log-in credentials from unwary users. There has been an increase in these, and users need to be cautious in accessing their accounts from their own devices and most especially from shared devices”
/Source: NPC Press Release
About NPC: The NPC is a regulatory and quasi-judicial body constituted in March 2012 by virtue of RA 10173, otherwise known as the Data Privacy Act of 2012. Headed by one commissioner and two deputy commissioners, the agency is mandated to uphold the right to data privacy and ensure the free flow of information, with a view to promoting economic growth and innovation. To know more about the NPC you can visit www.privacy.gov.ph