April 26th, 2023
House Ways and Means Chair Joey Sarte Salceda (Albay, 2nd district) says that the country should consider doing away with the requirement of a Police or National Bureau of Investigation (NBI) clearance for employment and other engagements, in response to the recent breach of personal data of as many as 1 million Filipinos, as stored in an exposed and compromised database of the Philippine National Police.
“Frankly, the PNP and other law enforcement agencies should not be in the business of storing the personal data of law-abiding citizens. And besides, that distracts from their law enforcement functions,” Salceda said.
“If you are involved in some crime, we can probably get your data easily anyway. Rather than putting ordinary law-abiding citizens through the hassle and expense of clearances, as well as the risk of data breach, why don’t we normalize due diligence among employers?”
“Otherwise, you have a system where no good deed goes unpunished. For following the law, you are hassled with having to prove it. That’s insane.”
“We can frankly abolish these clearances for most cases,” Salceda added.
Salceda adds that government agencies may not have the in-house capacity to guard personal data, “so we should minimize personal data collection whenever we can.”
“You have under 100,000 crimes in the country every year. But 99.9% of the population has to get a clearance saying they do not have trouble with the law. It really makes no sense. It’s expensive for jobseekers, it’s distracting for law enforcement, and it’s a waste of time for employers.”
Ensure data security for SIM Card registration
Salceda also called on the National Telecommunications Commission and the National Privacy Commission to ensure that all data collected under the SIM Card Registration Law should be well-guarded and secure.
“SIM Card registries will be the largest source of personal data in the country. So, they will be targets. I call on the NTC and the NPC to make the necessary reviews and proactive measures to ensure that a similar data breach will not take place in SIM registries.”
“That probably means a periodic audit of privacy protocols of telecommunications companies by the NPC. And that has to be sooner rather than later.”
Salceda also adds that handlers of personal data under SIM Card Registration, such as LGUs who do registration activities, should be more guarded about the data of their clients.
“LGUs are holding their own SIM Card registration activities. That’s great, but we need a baseline of rules and protections,” Salceda added.