Amid PNP data breach

HOUSE Committee on Ways and Means chairman and Albay 2nd District Representative Joey Sarte Salceda has said that the country should consider doing away with the requirement of a police or National Bureau of Investigation (NBI) clearance for employment and other engagements.

Salceda stressed this in response to the recent breach of personal data of as many as 1 million Filipinos, as stored in an exposed and compromised database of the Philippine National Police (PNP).

“Frankly, the PNP and other law enforcement agencies should not be in the business of storing the personal data of law-abiding citizens. And besides, that distracts from their law enforcement functions,” Salceda said.

“If you are involved in some crime, we can probably get your data easily anyway. Rather than putting ordinary law-abiding citizens through the hassle and expense of clearances, as well as the risk of [a] data breach, why don’t we normalize due diligence among employers?” He asked.

“Otherwise, you have a system where no good deed goes unpunished. For following the law, you are hassled with having to prove it. That’s insane,” Salceda said.

“We can frankly abolish these clearances for most cases,” Salceda added.

Salceda said government agencies may not have the “in-house capacity” to guard personal data, “so we should minimize personal data collection whenever we can.”

“You have under 100,000 crimes in the country every year. But 99.9% of the population has to get a clearance saying they do not have trouble with the law. It really makes no sense. It’s expensive for jobseekers, it’s distracting for law enforcement, and it’s a waste of time for employers,” he said.

‘Ensure data security for SIM Card registration’

Salceda also called on the National Telecommunications Commission (NTC) and the National Privacy Commission (NPC) to ensure that all data collected under the SIM Card Registration Law should be “well-guarded and secure.”

“SIM Card registries will be the largest source of personal data in the country. So, they will be targets. I call on the NTC and the NPC to make the necessary reviews and proactive measures to ensure that a similar data breach will not take place in SIM registries,” he said.

“That probably means a periodic audit of privacy protocols of telecommunications companies by the NPC. And that has to be sooner rather than later,” Salceda said.

Salceda also added that handlers of personal data under SIM Card Registration, such as LGUs (local government units) who do registration activities, should be more guarded about the data of their clients.

“LGUs are holding their own SIM Card registration activities. That’s great, but we need a baseline of rules and protections,” Salceda said.