No passport data breach – DFA

By Roy Mabasa

Contrary to the previous allegation of Foreign Affairs Secretary Teodoro Locsin Jr. that there was a breach in the passport system, the Department of Foreign Affairs (DFA) on Monday assured the National Privacy Commission (NPC) that passport data has not been shared with or accessed by any unauthorized party.

Foreign Affairs Secretary Teodoro Locsin Jr. (PRESIDENTIAL PHOTOS / MANILA BULLETIN) Foreign Affairs Secretary Teodoro Locsin Jr.

Officials of the DFA, led by Assistant Secretary for Data Protection Medardo Macaraig and Assistant Secretary for Consular Affairs Neil Frank Ferrer, conveyed this message during the preliminary conference being conducted by the NPC as an offshoot of Locsin’s allegation that French company Oberthur reportedly ran away with passport data when its contract was abruptly terminated by the Philippine government in 2013.

Oberthur was the previous contractor for the personalization system of Machine Readable Electronic Passports (MREPs) awarded by the Bangko Sentral ng Pilipinas (BSP), then the official printer of Philippine passports
In a statement, the DFA said it assured the NPC that measures are in place to protect the personal data of passport applicants in the entire ISO-certified process.

“The Department assured the Commission that it takes extremely seriously the protection of the personal information of the public and that all passport data is safe. The Department remains in custody and control of passport data and that this has not been shared with or accessed by any unauthorized party,” the DFA said.

The NPC was prompted to call for an investigation after Locsin tweeted in his social media account that a data breach in the passport system has been committed. Locsin was apparently responding to widespread complaints against the DFA’s move to require birth certificates for applicants who are renewing their passports.

“The Department is hoping that it was able to address the concerns of the Commission and remains ready to cooperate, especially with Congress, in any other investigation to be conducted on this issue,” the DFA said shortly after the conference with the NPC.

Several days after, however, the DFA secretary backpedaled from his allegations against the French contractor, saying, “Data is not run-away-able but made inaccessible.”

Former DFA Secretary Perfecto Yasay Jr. dismissed Locsin’s allegation as “false and malicious,” saying that the reputable French company even continued to assist the DFA and the BSP in its operation and management for free despite the completion of the system project beyond 2013.

Additionally, the DFA said it is hoping that it was able to assuage the concerns of the public on the issue of the alleged data breach, which it claimed has “resulted in improvements in the passport application process.”
It was referring to Locsin’s issuance of Department Order 03-2019 that eliminates the need to submit birth certificates upon renewal, except in a few specific cases.

Locsin was recently swamped with complaints from netizens – many of them OFWs – who criticized the DFA for requiring those who are renewing their passports to present their birth certificate.

After raising the data breach issue, Locsin also called on the Senate to investigate the alleged involvement of certain “yellows” in the questionable passport deal involving the APO Production Unit and the private entity United Graphic Expression Corporation (UGEC).