As the Holy Week long weekend approaches, the National Privacy Commission (NPC) reminded Data Protection Officers (DPO) to secure their data processing systems.
The official memorandum advises DPOs to place non-mission critical systems off-line especially if they contain or have access to personal data. Should systems be kept on-line, the DPOs must ensure that system activities are to be recorded and the logs be kept secure.
The memorandum also states that servers and devices connected to the organization’s network should be password protected and files should be encrypted. DPOs should also, in conjunction with their IT teams, create a backup of databases.
An information security team must be able to monitor networks and systems remotely and have a quick response plan at the ready for any unusual activity or potential breach. On the ground, physical breaches must also be discouraged by providing adequate security precautions.
“When one leaves for a long vacation or when you leave home for a long period of time unattended, you make sure that security precautions are in place to ensure that break-ins do not happen. The same way our DPO’s should safeguard their I.T. systems as well as ensure that adequate physical security are in place during times of minimal staffing,” said privacy commissioner Raymund Liboro.
According to the NPC, DPOs must take the necessary steps to prevent the duplication of the COMELEC data breach that happened during the Holy Week of last year.