PH privacy commission summons Uber execs over data breach

MANILA, Philippines – The National Privacy Commission (NPC) has summoned Uber representatives in Manila to a meeting on Thursday, November 23, to provide the government with details of the data breach that has compromised the personal information of 57 million users and drivers, including those in the Philippines. 

The ridesharing company revealed that hackers had broken into a cloud-based server used by the company for data and downloaded a “significant” amount of information in October 2016. Uber kept the breach hidden for a year, however. 

"The National Privacy Commission is concerned about the possible impact of the breach on our citizens. By virtue of its operations and processing of Filipino end user data, Uber is considered a Personal Information Controller and must comply with Philippine data privacy and protection laws,” Privacy Commissioner Raymund Enriquez Liboro said in a statement Wednesday night. 

The meeting should be Uber’s compliance with the “formal breach notification procedure” required under Republic Act 10173 or the Data Privacy Act of 2012. 

The procedure "includes providing the NPC with detailed information on the nature of the breach, the personal data of Filipinos possibly involved, and the measures taken by Uber to address the breach,” Liboro said. 

The NPC said vital information from the meeting will be made available to the public. –