How do you solve a problem like a “misinformed” foreign secretary?

Foreign Secretary Teddy Locsin Jr. shook the nation over the weekend when, over Twitter of all places, he made the revelation that a passport contractor of the Department of Foreign Affairs (DFA) allegedly made off with data of millions of Filipino
passport holders after its contract was terminated.

Locsin went as far as blaming the administrations of Presidents Benigno Aquino III and Gloria Macapagal Arroyo for the mess, and threatened to “autopsy the yellows who did the passport deal alive.”

Naturally, the uproar was immediate. A passport data breach was a nuclear issue — graver, even at first glance, than the earlier, and still unresolved, Commission on Elections data leak that compromised voters’ information.

This one involved no less than the most pertinent and definitive private information about ordinary citizens; passports, in fact, are among the chief identification documents of individuals anywhere.

So for the DFA secretary no less to claim that a private contractor was able to run away with the passport data of millions of Filipinos — how the hell did that happen?

And why was the government seemingly nonchalant about it, Locsin disclosing the information merely off the cuff, in a chat on his personal Twitter account and not even on the official DFA website?

But, after some public back and forth between Locsin, former foreign secretary Perfecto Yasay Jr. and a number of other entities roped into the controversy, Locsin has backtracked on his breathless claim, saying only in a Twitter post yesterday that he was informed by Apo Production Unit Inc. (APUI), the government printing agency currently producing the passports, that the data was intact, though “not completely accessible” and that “much data (was) corrupted.”

Yasay himself declared that Locsin was “misinformed,” and that the previous contractor that handled the passport production, Francois-Charles Oberthur Fiduciaire, could not have run off with the data.

This was followed by a statement from APUI head Michael Dalumpines that the agency did manage to retrieve the data from the French contractor.

Who should autopsy the red-faced DFA chief for what appear now to be rash, scandalous claims?

Still, even if no data breach did occur and Locsin is revealed to be no more than a hasty teller of tales, the Senate and other investigating bodies should take this opportunity to take a serious look not only at the alleged passport mess, but at how the government ensures data privacy and security in general.

The charges — first of theft of passport data, then the supposed corruption of files — only underscore questions about the government’s capability to safeguard the sensitive information it collects from the citizenry.

They inspire little confidence, for instance, about the next big thing on the horizon — the national identification system.

The national ID system will contain biometrics and birth dates and addresses of individuals — sensitive information that could cause public harm if misused or lost in the same cavalier manner that was suggested by Locsin’s initial claim that the government lost private data just like that.

And, even as the Duterte administration is intent on rolling out the national ID system, the Comelec hack remains unresolved, a data breach that affected some 55 million voters in 2016.

Add all these up, and the public has every reason to be alarmed at the possibility that personal data in the hands of lax, careless government administrators may end up used for illicit ends, identity theft having become a paramount activity in the age of social media wars and, more worryingly, with elections happening in four months’ time.

Locsin and the DFA owe the public a thorough and transparent explanation about the rumpus they created. An official probe should also help uncover how competently and robustly the government is implementing Republic Act No. 10173, the Data Privacy Act of 2012, which unequivocally requires the protection of personal information “against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.”

The least the government can do to assuage people’s worries about the handling of their passport and other personal data is to show that such data is intact, secure at all times, and used only for their intended purpose under the law.

Failing that, the suspicion may arise that this abrupt controversy could be something else — a (failed) preelection rallying cry, perhaps?