If you happen to request information via FOI in any Philippine government agency, your personal information could be at risk. Freedom of Information Act or FOI provides public access to information, official records, public records, and, documents and papers pertaining to official acts, transactions, or decisions, as well as research data used as the basis for policy development. The Executive Order on Freedom of Information aims to promote an open government by increasing the transparency of the executive branch and its agencies. Any Filipino citizen can make a Freedom of Information request to any public agency for any publicly available information or data. You only need one government ID as proof of your identity and a filled-out form to be submitted to the office or agency you need that information from.
Now, here’s the problem. The government agencies where you requested the information you need from, keep records of all your details and make it available online where anyone could just download the file. Information about the requester includes full name, mobile number, email address, and complete home address. These are all personally identifiable information or PII, which the Data Privacy Act aims to protect.
In a Facebook post, Cybersecurity Professional and Secuna co-founder AJ Dumanhug said that by just using Google search he found the personally identifiable information that are publicly available in the websites of government agencies that processed requests for information via FOI. Undersecretary Atty. Kris Ablan of the Presidential Communications Operations Office (PCOO) and head of the FOI office commented that “The PCOO requires agencies to submit FOI registries as part of our monitoring and evaluation. However, we do not ask for the personal information of requestors. It may be an internal matter of the agency.” Ablan continued that the PCOO is now communicating with the FOI offices of the agencies identified by Dumanhug to remove the files from Google search. The files as of this posting are still available.
This is a clear violation of the Data Privacy Act that aims to protect the personally identifiable information of every Filipino. We have thousands of personal data being exposed via security breaches where hackers forcibly accessed databases and servers. This incident however is different. The government agencies are the ones responsible for leaking personal data. Accountability, anyone?