Privacy commission undertakes compliance audit on BPI | Inquirer Business

Privacy commission undertakes compliance audit on BPI

/ 12:37 AM June 17, 2017

The National Privacy Commission yesterday said it had started a “compliance check” on Bank of the Philippine Islands (BPI), whose apparent technical glitch last week was being treated as a security incident since it involved personal data of the bank’s clients.

In a statement, the NPC said its compliance check would evaluate the bank’s current systems and processes “to address any gaps especially in the bank’s breach management protocol, with the view of preventing or mitigating similar incidents in the future.”

The statement noticeably refrained from making any reference to a technical glitch, which BPI had blamed for its decision to suspend online and ATM services for two days last week.

Article continues after this advertisement

BPI, owned by Ayala Corp., had repeatedly apologized to its clients throughout the period.

FEATURED STORIES

The issue came to light after unauthorized transactions affected some of BPI’s about eight million clients, who noticed their bank accounts had ballooned or deflated in varying amounts.

The NPC noted in its statement that the BPI incident was reported to have been caused by human error resulting in previously posted transactions to be reposted.

Article continues after this advertisement

“The BPI incident involved a breach in security affecting the availability and integrity of information that relates to individuals,” the NPC said, adding this was “considered a personal data breach.”

Article continues after this advertisement

Commissioner Raymund Enriquez Liboro explained that the incident affected what was regarded as personal information under the Data Privacy Act.

Article continues after this advertisement

“This includes the processing of data, which is capable of uniquely identifying data subjects, such as the account information of BPI and BPI Family Bank customers contained in BPI’s systems,” he said.

“Second, the nature of the incident impacted both the availability and integrity of personal information considering that the incident resulted in the posting of erroneous account information and the prevention of its access to account holders,” he said.

Article continues after this advertisement

“Under the law, impacts to availability and integrity of personal information may constitute a breach where loss and/or alteration to personal information occurs, whether accidentally or unlawfully,” he added.

The NPC said it had open lines of communication with BPI since June 7, 2017, when news of the incident emerged on social media.

“ As advocate and vanguard of people’s privacy rights, however, the NPC’s public mandate compels us to look even further and deeper into this matter,” he added.

On Friday, BDO Unibank Inc., the country’s largest lender, warned that certain ATM machines could be comprised “following reported losses from cardholders.”

“Customers with unauthorized transactions may reach out to the bank via formal channels so that their cases may be properly investigated and, where confirmed as impacted, may be reimbursed,” BDO said.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

Sought for comment, Liboro said the NPC would accept complaints from citizens if they felt their personal data had been compromised.

TAGS:

No tags found for this post.
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.