The National Privacy Commission (NPC) said it would eventually issue a compliance order to demand certain conditions from Uber Philippines as further details about the hack continue to unravel.
However, Privacy Commissioner Raymund Liboro said they are yet to draft the order since they are still in the process of gathering information regarding the incident. Up to now, Liboro said that Uber still couldn’t pin down the level of impact the breach had on Filipino Uber users.
This follows the admission made by the company’s US office last month, noting that millions of personal information worldwide have been compromised by a hack that Uber deliberately hid for more than a year. Later, Uber Philippines said that Filipino data are included in the breach.
READ: Uber admits data from 57M riders, drivers stolen by hackers
In a press briefing on Tuesday, Liboro categorically said that they would file a compliance order regardless of the outcome of the investigation. He said it could include a requirement to put up help centers for Filipinos who may want to ask further information regarding the hack.
Moreover, this could even include an identity theft insurance, which is the practice of more advanced privacy authorities.
“Other jurisdictions have other ways of remediating it. For example, in some advanced countries, the authorities would regard them to identity theft insurance. It really depends on the nature of the data itself. If warranted, we could go to that extent. But at this point, we haven’t gotten the whole picture yet,” he said.
The investigation develops as the NPC recently partnered with 10 other countries in the Asia and Pacific in order to help in information sharing for cross-border cases.
Last week, NPC said the administrators confirmed its status as a Privacy Enforcement Authority (PEA) under the APEC Cross Border Privacy Enforcement Arrangement (CPEA).
Liboro said this is “bad news for Uber” since this would make it easier to work with other privacy authorities whose countries were also affected by the hack. Other members of the network include Australia, Canada, Hong Kong, Japan, US, and Mexico.
“We are using the network to reach out to our partners in the CPEA in this information gathering stage,” he said.
The network was developed for cross border privacy rules (CBPR). Apart from aiding in the investigation, Liboro said this would also enable Philippine-based companies to get their data-privacy and protection systems certified with a local Accountability Agent.
For businesses, he said this would mean less hassle as certification would amount to meeting the privacy requirements of each member-country in the system. /jpv
RELATED STORY
NPC set to step in if Uber hack compromised PH users