NPC Issues Guidelines on Data Security for ‘Undas’ 2019
The National Privacy Commission (NPC) advises Filipinos observing All Saints’ Day and All Souls’ Day to take preventive security measures to avoid compromising data on their device and data systems.
For travelers, something as simple as avoiding the use of a public charging station will help keep their device and personal data safe. In the absence of a portable “powerbank,” the NPC says that plugging of mobile devices into a power outlet thru an AC adapter remains the safest option.
When connecting to free public Wi-Fi, make sure your VPN is active. It would also be best to visit only encrypted websites or those with HTTPS at the beginning of the URL.
“Practice informed discernment when deciding what to post online and what to keep safely private. For example, posting a photo of your boarding pass or passport can make you vulnerable to financial theft and identity fraud,” Privacy Commissioner Raymund Enriquez Liboro advised.
Meantime, data protection officers (DPOs), personal information controllers (PICs), or processors (PIPs) in both the public and private sector are advised to ensure there’s adequate security for their data systems.
Here are the NPC’s recommended actions for DPOs:
• Place non-mission critical systems off-line, especially those that contain or have access to personal data.
• For all systems, whether online or offline, ensure that all system activities are kept secured.
• Ensure to back up your data (both physical and digital). It is critical to have backups as it may be the best way to recover data when an incident occurs.
• Ensure that workstations are properly managed and accounted for.
• Implement physical security measures to prevent unauthorized access. Keep personal valuables safe.
• Make sure all physical documents containing personal information are secure in locked file cabinets.
• Log out of all your accounts when not needed.
• Ensure that proper system updates are done to ensure that your system and even computers are protected from threats and possible attacks.
• Ensure that appropriate intrusion detection systems (e.g. firewall, anti-virus) are in place and properly working.
• Ensure that the organization has a response and recovery plan that would be useful in times of emergencies, disasters, or even system attacks.
• Ensure that the employees are reminded and/or educated regarding the organization’s security measures that must be observed (e.g. accessing work documents outside the office premises).
• For teleworking or organizations implementing “work from home” during this holiday, just make sure you have a secure connection. (Privacy Commission)