Official Statement on the Privacy and Security Concerns of the Philippine Identification System (PHILSYS)

Reference Number: 2019-112
Release Date: 12 April 2019

The Philippine Statistics Authority (PSA) recognizes the growing concern of the public regarding the privacy and security of the Philippine Identification System (PhilSys).

We assure the public and all stakeholders that PSA gives utmost importance to the privacy and security of the PhilSys since it is a program of the Philippine Government that promotes an inclusive development for our country.

The PSA, National Privacy Commission (NPC), and Department of Information and Communications Technology (DICT) are working together in drafting the technical specifications for PhilSys, focusing on the privacy-by-design platform. The PhilSys will be built and designed based on the principles of scalability, security and privacy. It will adopt the latest technologies, innovations and software with leading-edge features, particularly on privacy, and draws on international best practices for its security features.

The PSA warrants that all personal data collected from applicants are processed with adherence to the general principles of transparency, legitimate purpose, and proportionality. In addition, all transactions and data recorded within the system are encrypted (to ensure confidentiality) and digitally signed (to ensure integrity). There will also be multiple databases that store only a specific information from an individual. As such, in the worst case that a database has been breached, the hacker/s would only have access to one information of the individual not their whole profile. This is one of the many security features PSA will implement for the PhilSys.

The PSA will also safeguard the data privacy of individuals registered in the PhilSys through a comprehensive legal and regulatory framework, with strict adherence to the Data Privacy Act (DPA) of 2012.

The PSA designated two Data Protection Officers, one for PSA as a whole and one solely for the PhilSys Registry Office, that will ensure PSA will comply with the DPA, its Implementing Rules and Regulations, issuances by NPC, and other applicable laws and regulations relating to privacy and data protection.

The PSA will also conduct Privacy Impact Assessment on a regular basis to prevent or minimize the incidence of data breach and security incidents. It will also regularly review its security policies, conduct quarterly vulnerability assessments, and perform penetration testing of the System to ensure it is well protected from security threats.

We reiterate that PSA respects and values the data privacy rights of all citizens and resident aliens in our country.

We ask the public that they continue to support us in our future endeavors and we look forward to the launching of PhilSys.

 

LISA GRACE S. BERSALES, Ph.D.
Undersecretary
National Statistician and Civil Registrar General