By Lade Jean Kabagani, October 2, 2021; Philippine News Agency
Manila – The Philippine Identification System (PhilSys) is protected under stringent data privacy measures and security settings.
The Philippine Statistics Authority (PSA), the lead implementing agency of the project, said in a statement on Saturday that it regularly conducts Privacy Impact Assessments (PIA) for PhilSys’ design and processes.
Through the PIA, done by an independent third party, all data privacy and security risks are identified.
The PSA said “mitigation strategies, appropriate measures, and safeguards” are in place for personal data and identification of registrants of the Philippine Identification (PhilID) card.
PSA Undersecretary Dennis Mapa underscored how the government values data privacy.
“We take the responsibility of ensuring data privacy and security very seriously. A privacy impact assessment is not merely a one-off exercise. We have been doing these assessments continuously since the start of the program and we will continue to regularly conduct PIA as we move forward with the registration of more Filipinos and the implementation of use cases,” Mapa said.
The regular PIA is done in partnership with the Department of Information and Communications Technology (DICT) and is compliant with the recommendations and guidelines of the National Privacy Commission.
DICT Undersecretary Denis Villorente said the security assessment method is one of the structural measures to check on PhilSys’ data protection and cybersecurity.
The PhilSys project also undergoes regular vulnerability assessment, penetration testing, and third-party software code audits.
Registration data are encrypted while personal data are segmented, all fully owned and controlled by the government.
It has also applied privacy-by-design principles, such as data minimization, proportionality, and tokenization of the PhilSys Number (PSN), which will protect the permanent unique identifier by “enabling the use of its derivatives in lieu of the actual PSN”.
Tokenization turns data, such as account numbers, into a random string of characters called a token that has no value if breached.
The PSA said the data provider remains to be the owner and all private information cannot be accessed by anyone.
Signed into law by President Rodrigo Duterte in August 2018, Republic Act 11055, or the Philippine Identification System Act, aims to establish a single national ID for all Filipinos and resident aliens.
The national ID shall be a valid proof of identity that shall be a means of simplifying public and private transactions, enrolment in schools, and the opening of bank accounts.
It will also boost efficiency, especially in dealing with government services where people will only need to present the PhilID during transactions.