Thursday, January 12, 2017

Appoint Data Protection Officers ASAP - Privacy Commissioner

Wazzup Pilipinas!

The National Privacy Commission (NPC) has reiterated that chief executives of public and private organizations who process personal information must designate their own Data Protection Officers (DPOs) stressing its urgency following its decision on the "Comeleak" breach, which was made public last week.

NPC Chairman and Privacy Commissioner Raymund Enriquez Liboro said organizations that have yet to comply with the Data Privacy Act of 2012 should immediately appoint their own DPO, who would be accountable for ensuring compliance as regards everything related to data privacy and security. Liboro said officially designating a DPO signals an organization's "commitment to comply" with the law.

"Personal data handling is a public trust, and carries with it a burden of accountability. No amount of ignorance or legal naiveté can erase that accountability," Liboro said.

"The Data Privacy Law of 2012 is about making sure those we entrust with our personal data are actually trustworthy by compelling them to do everything they can to protect it," Liboro added.

In its decision dated December 28, 2016, the privacy body said COMELEC has failed to designate an accountable officer for data privacy, as required under Section 21 of the Data Privacy Act of 2012.

"If you process a lot of personal data, you could be a disaster waiting to happen, if you fail to apply the principles provided in the law " Liboro said.

In Section 21 of the Data Privacy Act of 2012, the DPO is defined as an "individual or individuals who are accountable for the organization’s compliance" with the privacy law, so designated by the organization in the exercise of its duty as a "personal information controller" (PIC). This requirement is echoed in the law'simplementing rules and regulations (IRR), under Section 26, which states that such individuals "shall function as data protection officer" and would "be accountable for ensuring compliance with applicable laws and regulations for the protection of data privacy and security."

“The DPO is essentially tasked to champion people's privacy rights from within his or her organization. In so doing, the DPO is able to minimize the risks of privacy breaches, address underlying problems, and reduce the damage arising from breaches if and when they do occur.

Complying with the law produces a lot of upside.” Showing the public your commitment to protect their personal data, lead to increased consumer trust and thus, higher patronage.”, Privacy Commissioner Liboro said.

The DPO is expected to facilitate compliance with the privacy act, which requires the following:

Adherence to data privacy principles
Implementing organizational, physical and technical security measures
Upholding the rights of data subjects

With a view to upholding the rights of data subjects, the DPO’s job is focused on protecting data --- from collection, to storage, to sharing and destruction. Part of this job includes providing data subjects with access to their personal data, and instructions on how they can object to processing and obtain relief when needed.

“What is absolutely required of the DPO is willingness to understand information security and privacy principles and the capability to monitor compliance based on the law. Or in short, he or she has to be an advocate for privacy rights of the data subject,” Liboro said. “For MSMEs that process personal data, the DPO can even be the business owner, what is important is developing a culture of privacy within their organization and ensuring their employees are aware of data privacy principles.” Liboro added.

A DPO, however, could not effectively function in a vacuum. Apart from a strong strategic framework, the job requires committed support from top management.

Lauding National Government Agencies who comply with the law.

From recent consultations with several National Government Agencies, the Commission was pleased to note that some agencies have been complying and/or starting to comply with the provisions of the Data Privacy Act of 2012 like: Department of Health, Philhealth and the Department of National Defense to name a few. Privacy Commissioner Liboro also noted,” even the NEDA has a designated Data Protection Officer who was appointed by management years ago after the law had been passed. The MMDA upon the instructions of Chairman and GM Thomas Orbos have recently appointed their own Data Protection Officer to comply with the law.” The proactive heads of these agencies must be commended for displaying zeal in protecting personal data in their agencies’ possession.”, Privacy Commissioner Liboro added.

About "" is the fastest growing and most awarded blog and social media community that has transcended beyond online media. It has successfully collaborated with all forms of media namely print, radio and television making it the most diverse multimedia organization. The numerous collaborations with hundreds of brands and organizations as online media partner and brand ambassador makes a truly successful advocate of everything about the Philippines, and even more since its support extends further to even international organizations including startups and SMEs that have made our country their second home.

1 comment:

  1. Navigating security in today's cloud environment demands a multifaceted approach. As a cloud security expert, I stress the significance family protection dogs price of encryption, access controls, and continuous monitoring. Adopting a proactive stance against evolving threats and adhering to industry best practices ensures data integrity and confidentiality, safeguarding organizations' digital assets effectively.


Ang Pambansang Blog ng Pilipinas Wazzup Pilipinas and the Umalohokans. Ang Pambansang Blog ng Pilipinas celebrating 10th year of online presence
Copyright © 2013 Wazzup Pilipinas News and Events
Design by FBTemplates | BTT