B2 NEA, co-ops vow to finish rural electrification by 2022
for Technical Services Artis Nikki Tortola assured ECs of the agency’s commitment to help them complete the projects.
“The end goal is [ to ensure] that all potential consumers are energized. NEA will adjust accordingly to the strategies that ECs will be taking in order to [keep the projects within] the proposed timeline,” Tortola said.
For their part, ECs promised to support the government’s Rural Electrification Program by fast- tracking the implementation of the Sitio Electrificiation, Barangay Line Enhancement, and Household Electrification programs.
The pledge comes as latest NEA data show that 19,740 still have no electricity as of this month.
Of this number, 8,535 are in Mindanao, 6,541 in Luzon, and 4,664 in the Visayas.
NEA and ECs aim to energize 1,817 sitios this year: 560 in Luzon, 552 in the Visayas, and 705 in Mindanao.
The agency has asked P5.076 billion from the government to finance 3,626 electrification projects—each cost P1.4 million— under the Sitio Electrification Program for 2019.
Lui’s story, although madeup, is a financial horror we could only hope we never experience for real. Given the advancements in information technology, we would think organizations have enough cyber battle gear to combat data breaches. Alas, recent statistics show that data security is, and continues to be, a cause for concern in the digital world.
A data breach study sponsored by IBM in 2017 indicates that the global average cost of a data breach declined by 10 percent to $ 3.62 million; the average cost per lost or stolen - dential information in 2017 was $ 141, down from $ 158 recorded in 2016. However, the same study showed that, while the total cost and unit cost decreased, the average size of data breach grew by 1.8 percent (to an average of more than 24,000 affected records).
In the Philippines, the Commission on Elections voter database breach that exposed the sensitive personal information of about 78 million voters in 2016 was one of the worst large- scale breaches in recent years. Its occurrence over Holy Week that year underscores one realization:
We live in a world where every entrepreneurial pursuit is driven by data. This is not surprising, given that terms such as “data mining,” “data analytics,” “data analysis,” “data science” and “big data” have become a staple on business tables and in published articles. Businesses now realize that effective decision-making is truly dependent on data that is succinctly analyzed and communicated in a quick, paperless fashion.
High- technology applications enable faster data gathering and processing but, if not properly secured, also pose a far more unsettling risk – data loss. Any piece of information not readily available to the public, such as confidential company information and sensitive personal data, getting into the wrong hands can spell doom for a business or an individual. The endless possibilities of what can be done with stolen personal data are scary. Thus, in its mission to protect its citizens from harm caused by unauthorized access or use of personal data, the Philippine government put Republic Act No. 10173 into law, also known as the Data Privacy Act of 2012 ( DPA).
The DPA’s scope is limited to personal data, which is any type of personal information that, on its own or combined with other information, can reasonably and directly ascertain an individual’s identity. The DPA also emphasizes protecting sensitive personal data, which includes any information about the race, ethnic origin, marital status, age, color, affiliations (religious/philosophical/political), health, education, genetic, or sexual life of a person, and ( e. g., social security numbers, health records, licenses, and tax returns).
The DPA has been a hot topic this year due to the goneunnoticed September 2017 Phase I registration target date and the approaching March 8, 2018 deadline for Phase II of the registration process with the National Privacy Commission (NPC). Sections 9 to 11 of NPC Circular 17-01 provide a brief overview of the two phases and their respective requirements, with the designation of a Data the submission of an application for registration being the two high- priority Phase I requirements. Section 47 of the DPA’s Implementing Rules and Regulations (IRR) likewise reiterated that required businesses Circular 17- 01) must submit 10 items to the NPC as part of the Phase II registration. One of the policies required in the IRR related to data governance, data privacy and information security is a reporting policy on how to deal with data breaches.
Breach or not?
The IRR emphasizes two terms related to breach reporting: security incident and personal data breach. A security incident is an event that affects or tends to affect data protection, or may compromise the availability, integrity, and confidentiality of personal data. When there are no measures in place ( or the measures in place are inadequate) to prevent or mitigate a security incident, the risk of harm rises and the security incident may result in one, or a combination of, the following types of personal data breaches:
Availability breach – of personal data; Integrity breach – of or personal data; and of or to
to personal data. Now that Bank X has con - sonal data of millions of its credit cardholders, what must it do to comply with the DPA requirements for reporting an actual breach? Whom should Bank X notify about the actual breach, and how?