House panel asks Privacy Commission where scammers got contact details
As personalized scam text messages became rampant, the House information and communications technology panel on Monday asked the National Privacy Commission (NPC) where scammers might have obtained the names and some personal details of people they are targeting.
According to Dano Tingcungco’s report on “24 Oras,” NPC deputy commissioner Leandro Aguirre said it would be difficult to trace the sender of spam messages since there could be numerous possible sources.
“It’s difficult to exactly pinpoint where it came from because there are multiple sources. Even the ones that we are seeing now where you have people that are receiving scam or phishing messages with their name, it’s not exactly certain that it actually came from a specific leak,” Aguirre said.
“What we’re doing right now is coordinating with Viber and GCash to see if there was unusual activity that resulted in some scrapping of data,” he added.
GMA News has sought comment from Viber and GCash on the matter but they have yet to respond as of posting time.
The House panel also asked if contract tracing forms and applications that had been used during the height of the COVID-19 pandemic had anything to do with the spam text messages.
“Each entity that’s operating in the contact tracing application, they’re the ones that are controlling that information and have the obligation to protect whatever information coming into that specific system,” Aguirre said as lawmakers likewise questioned how private companies protect the information they collected.
“The ones that have the obligation to protect them are primarily the ones that are engaging with these private companies,” he said. “We also emphasized to all the people that were conducting contact tracing that they are not supposed to reuse any of this information that they can because they were collected for contact tracing purposes. They are not supposed to use it for marketing.”
Meanwhile, the Department of Information and Communications Technology (DICT) said they are monitoring local government units, which have their own contact tracing applications, to find out how they are protecting the information they collected.
Under the Data Privacy Act, a person caught misusing personal information will be imprisoned for three to six years.
The House earlier approved a bill mandating the registration of mobile subscriber identity module (SIM) cards, which was vetoed by former President Rodrigo Duterte last Congress.—Mel Matthew Doctor/LDF, GMA News