MANILA, Philippines – The National Privacy Commission (NPC) is investigating the defacement and security breaches of multiple school and government websites that happened in early April.
The NPC on Monday, April 23, summoned the management and other responsible officials of the following schools and agencies to appear before the NPC between April 23 to 24:
They are asked to explain why the Personal Information Controllers (PICs) did not inform – and have still not sent data beach notifications to – the NPC nor the people affected by the data breach within 72 hours of the incident.
“PICs are required to employ organizational, technical, and physical measures to protect personal data,” Privacy Commissioner Raymund Liboro said in a statement.
“This includes the duty to inform data subjects and this Commission if there is a serious data breach," as per the Data Privacy Act of 2012, Liboro added.
The NPC estimates that the personal data of some 2,000 data subjects were made available for download through posted Facebook links. These included names, addresses, phone numbers, email addresses, and even a number of passwords and school details. – Rappler.com