By Camille A. Aguinaldo and Denise A. Valdez, January 15 2019; Business World


Image Credit to Department of Information and Communications Technology

THE Department of Information and Communications Technology (DICT) on Tuesday said its initial evaluation found “organizations” in government compliant with information security standards.

Also on Tuesday, Foreign Affairs Secretary Teodoro L. Locsin, Jr. clarified this time that there was no breach in passport data as reported by the current passport maker APO Production Unit, Inc. (APUI) to the agency.

In a statement, the DICT said its CyberSecurity Bureau ‚ “is currently in the process of conducting its own investigation but data consistently shows that organizations are compliant with the international information security standard ISO/IEC 27001 / 27002.”

ISO/IEC 27000 are the standards set by the International Organization for Standardization on information security management systems worldwide.

For his part, Mr. Locsin said, “For now, the Department of Foreign Affairs is taking the word of APO Production Unit that there is no breach in passport data and as sufficient justification in removing the birth certificate requirement in the renewal of passports.”

“Only a Senate investigation will assure the public that there was no breach or loss of data. Until then, the Department can give no assurances on the safety and security of some data,” he added.

Mr. Locsin earlier explained on Tuesday that the data taken away by the previous passport maker was only made “inaccessible and in part corrupted.”

Responding to a tweet asking him whether the passport data of Filipinos were stolen or deleted, the Foreign Affairs Secretary said, “Inaccessible and in part corrupted but actually we don’t need it. I believe that if you have an old passport whatever vintage you can get it renewed on the strength of presenting it to DFA. Checking the legality of that belief.”

In another tweet, Mr. Locsin said APUI has assured him that they were able to access the data but it was “not much of use.”

“Data is not run-away-able but made inaccessible. Access denied. But APO assured me they were able to access but not much use and parts corrupted,” he said.

“APO agrees with me that old passports are best evidence of identity and join me in despising those who don’t agree with me,” he added.

In a related development, Mr. Locsin posted on Twitter a Department Order that will remove birth certificate in the regular passport renewal requirements.

Department Order No. 03-2019 indicated that the presentation of birth certificates is only required in first-time passport applications, renewal applications for lost and mutilated passports, renewal applications requiring changes in the passport entries, renewal applications of old brown and green passports bearing no complete middle name, and applicants included in the Department’s Watchlist.

Other requirements in passport applications listed in existing circulars remain, according to the department order. Foreign Service Posts and Consular Offices may also require additional documents to verify the Philippine citizenship of passport applications or proof of filiation for minors.

The passport data breach surfaced after an overseas Filipino worker reached out to Mr. Locsin on Twitter about his troubles with renewing his passport. — Camille A. Aguinaldo and Denise A. Valdez