Opinion

Data hitch

LOOKING ASKANCE - Joseph Gonzales - The Freeman

January 13, 2019 | 12:00am

My passport is expiring this year. What a wonderful surprise then to find out that passport renewals might require that I have to reprove my citizenship and resubmit original birth certificates.

Per the new head of the Department of Foreign Affairs, all the records we have previously submitted in the course of renewing our passport were "taken". Who took it? The contractor to whom the responsibility of generating passports has been outsourced.

More dramatic was the headline that the passport maker allegedly “ran off” with the data.

This news is spectacular. Exactly the additional worry and hassle that I need at the back of my mind. I will now have to wrestle with the inconvenient beast that is the Philippine government.

The government is (sort of) correct that those data of all our names, faces, birth details, identifying marks, tattoos, and birthmarks “belong to the state.” In the sense of the state versus the contractor facing off each other, agreed. That data should repose with the state, not the contractor.

But ultimately, that data still belongs to the citizens. We only handed it over to the state for purposes of manufacturing passports. That was therefore a limited purpose. When we handed over that data, we had the right to require that third-party contractors utilized by the state to process that data for the same purpose.

See where I'm going here? If the government chose the wrong contractor, and that resulted in the data being "taken" or lost, that means the government has been negligent, or violated data privacy laws, and we can seek the normal sanctions against it for data breaches.

Even the failure to incorporate contractual protections in the outsourcing contract makes the government liable. And it seems like that's what we have here, because the DFA Secretary admits that when the contractor got pissed and “made off” with the data, the government was wrong and couldn't do anything about it.

Really, our private data has been spirited away, and there are no contractual protections for the safeguarding of our data? The government, with all its might and splendor, can do nada? Unbelievable. Definitely negligent, and definitely culpable. (Can't wait to share my theory with the data privacy practitioners.)

What did the government do that could piss off a contractor? Usually, a contractor servicing the government, in normal times acquiescent and obsequious, only gets pissed when it doesn't get paid. Or when payment isn't released because someone is putting an unbearable amount of squeeze on them to, ahem. Share in the largesse? Distribute the wealth?

So what was it? Did we stiff the contractor? Abuse it? What could the government have done to break its back? Why would a contractor just stalk off like that, and dare pissing off all the government connections it had been nurturing for years just to be awarded the contract? Would it jeopardize that relationship for something minor? No it wouldn't. It would be bending over backwards to preserve the connections and the goodwill.

Someone smells really fishy. I mean, something smells fishy. And for our government to admit that we were in the wrong means we did something irremediably wrong. An unforgivable curse, in wizarding world nomenclature.

More explanations are needed, and have to be given. Plus, a remedy for the data breach has to be given us affected citizens. As for me, for now I want easy passport renewal. I demand it! (Please?)

If the data breach results in my data being tampered with (hopefully focusing on the year of birth), well, I'll worry about that later.