NPC cautions offices on personal data protection issues during Holy Week 2019

The National Privacy Commission (NPC) is reminding public and private offices to be extra vigilant against hackers and data thieves this Lenten break.

Privacy Commissioner Raymund Enriquez Liboro said Personal Information Controllers (PICs), Personal Information Processors (PIPs), and Data Protection Officers should ensure personal information under their organization’s care are safeguarded from potential cybersecurity attacks, the likelihood of which may increase during long holidays.

“Digital and physical break-ins are more likely to occur during long breaks when there’s minimal staffing in offices,” Liboro warned. “The use of strong passwords is essential in protecting personal information from malicious intentions. One precaution that PICs, PIPs, and DPOs should do during the long break is password-protect or encrypt files and databases on servers, computers, and other devices in their organization. If necessary, change passwords.”

Take note of the following recommendations:

  • Place non-mission critical systems off-line, especially those that contain or have access to personal data.
  • For systems that are kept off-line, make sure that all system activities are recorded, and the logs are secure.
  • Conduct a backup of files (digital and non-digital), systems (e.g. server access, files, logs), and databases. If possible, do not bring them outside the office such as in portable devices.
  • Ensure that respective workstations are shut down properly and electrical connections are cut off accordingly.
  • Discourage physical security breaches by securing office premises adequately. Keep personal valuables safe.
  • Make sure all physical documents containing personal information are secure in locked file cabinets.
  • Log out all accounts in computers.
  • Ensure that proper system updates are done to ensure that your system and even computers are protected from threats and possible attacks.
  • Ensure that appropriate intrusion detection systems (e.g. firewall, anti-virus) are in place and properly working.
  • Ensure that the organization has a response and recovery plan that would be useful in times of emergencies, disasters, or even system attacks.
  • Ensure that the employees are reminded and/or educated regarding the organization's security measures that must be observed (e.g. accessing work documents outside the office premises).

# # #