According to a September report by social media giant Facebook, 755,973 of the millions of users in its “View As” feature who had been affected by a recent data breach are Philippine-based users.
READ: Facebook asked to help 750,000 compromised users in PH
This has prompted the National Privacy Commission to order Facebook to submit a Data Breach Notification Report and to provide “identity” insurance to affected Philippine-based data subjects.
In particular, the NPC ordered Facebook to submit a more comprehensive report, provide identity insurance and credit monitoring, and inform data subjects in compliance with NPC Circular No. 16-03.
It also ordered Facebook to establish a dedicated helpdesk for Filipinos on privacy-related matters for up to six months upon receipt of the notice.
Facebook officials, through a conference call, had agreed to follow the NPC order, and likewise expressed their commitment to abide by Philippine data privacy laws.
The NPC had said that it did not agree with Facebook’s Oct. 13 letter which said that “there is no material risk of more extensive harm occurring” from the breach.
“The risk of serious harm to Filipino data subjects is more than palpable. The conditions for individual notification are present,” the NPC said.
Quoting Facebook data, the NPC said the affected users were grouped in 3 categories based on the degree of data obtained.
Of the total number of those affected by the data breach, around 387,322 Philippine-based users’ basic profile information may have been exposed while for 361,227 more, their history, birthday, location history, search queries, and linked devices and hardware, among others, could have also been obtained.
For the remaining 7,424, their timeline, friends’ list, groups, and recent Messenger conversations might have been obtained.