On 8 March 2017 Microsoft Philippines held an event entitled “Data Privacy Act: A Priority for Businesses” at the event, Microsoft issued a press release that stated:
“In 2012, it passed into law, the Philippine Data Privacy Act (Republic Act No. 10173) that aims to protect every individual’s information recorded on any IT and communication system in both government and private sectors.
While it has been a law for the last 5 years, businesses and organizations are required to comply with it by September 9, 2017.”The National Privacy Commission (NPC) would like to clarify that the law is explicit in its provisions and has been in effect since 2012. Businesses and organizations that collect and process personal data are already required to be compliant with the DPA. As such, for data processors in both private and government sectors, appointing an accountable officer in the person of a Data Protection Officer is a must and shouldn’t be delayed any further.
The Implementing Rules and Regulations (IRR) of the DPA however, which took effect on 8 September 2016, provides for a transitory period of one year for Personal Information Controllers (PICs) and Personal Information Processors (PIPs) to register their data processing systems with the NPC, subject to the requirements of section 47 (Registration of Personal Data Processing Systems) of the IRR.
According Privacy Commissioner Raymund Enriquez Liboro; “The NPC is working with PICs and PIPs in government and various industries in developing a culture of privacy, and building resilience against data breaches from the ground up. We are committed in helping businesses as well as citizens in becoming self-reliant in personal data protection.”
“While technology tools are important, these alone will not prevent the violation of data subjects’ rights and ensure compliance with the DPA As, such, the Commission is not endorsing any particular vendor looking to promote the data protection features of their products” Chairman Liboro said.
About the NPC: The National Privacy Commission is a regulatory and quasi-judicial body organized by virtue ofRA 10173, otherwise known as the Data Privacy Act of 2012. The agency is mandated to uphold the right to data privacy and ensure the free-flow of information, with a view to promoting economic growth and innovation.