October 1, 2021 0 Comments

As part of the agency’s commitment to strengthen data privacy and security, the Philippine Statistics Authority (PSA) reports the regular conduct of privacy impact assessments (PIA) for the design and processes of the Philippine Identification System (PhilSys).

Conducted by an independent third party, PIAs identify data privacy and security risks of PhilSys and corresponding mitigation strategies to ensure appropriate measures and safeguards are in place to protect the rights of data subjects and the integrity of their personal data.

“We at the PSA underscore the value of establishing strict data privacy and security measures in implementing the PhilSys. We take the responsibility of ensuring data privacy and security very seriously. A privacy impact assessment is not merely a one-off exercise. We have been doing these assessments continuously since the start of the program and we will continue to regularly conduct PIAs as we move forward with the registration of more Filipinos and the implementation of use cases,” said Undersecretary Dennis S. Mapa, PSA National Statistician and Civil Registrar General.

PIAs for the PhilSys are done in partnership with the Department of Information and Communications Technology (DICT) and in line with the recommendations and guidelines of the National Privacy Commission (NPC).

“PIAs are key to building trust and confidence in programs like the PhilSys, especially given that PhilSys concerns personal data. We want to be able to proactively identify and avoid or mitigate privacy risks, not simply to comply with data privacy requirements but more importantly, to meet the expectation of Filipinos of the privacy and security of their personal data with PhilSys,” DICT Undersecretary Denis F. Villorente added.

PIAs are one of the structural measures the PSA undertakes in its commitment to data protection and cybersecurity. In addition to this, PhilSys undergoes regular vulnerability assessment and penetration testing and third-party software code audits. Registration data is encrypted and personal data is segmented. All infrastructure is fully owned and controlled by the Government. PhilSys has also applied privacy-by-design principles, such as through data minimization and proportionality and tokenization of the PhilSys Number (PSN) to protect this permanent unique identifier by enabling the use of its derivatives in lieu of the PSN itself.

PhilSys aims to provide a unique and verifiable digital ID to all Filipinos and resident aliens to ease their access to financial services, social protection, health, education, and other government services, and make public and private transactions safer, automated, more seamless, and more efficient.

For the latest on PhilSys, visit the official PhilSys website ( or Facebook page ( You may also reach the PhilSys Registry Office via hotline number 1388 or e-mail at For the online Step 1 registration, kindly go to

-PhilSys Registry Office