The National Privacy Commission (NPC) is reminding both public and private organizations in the Philippines to comply now with the requirements of the Data Privacy Act or face a fine of up to P5 million.
In recent forum organized by Microsoft Philippines, NPC deputy commissioner Dondi Mapa said organizations that employ 250 people or handle more than 1,000 customers in their database should also register their compliance with the NPC.
The privacy commission said local corporations, which include local government units (LGUs), that meet the aforementioned criteria must register and inform the NPC that it has implemented the following steps by Sept. 9:
• Appoint a Data Protection Officer (DPO)
• Conduct Privacy Impact Assessment (PIA)
• Create a Privacy Management Program (PMP)
• Implement Privacy and Data Protection measures
• Regularly Exercise Breach Reporting Procedures (BRP)
The NPC has called out the Commission on Elections (Comelec) for two data breaches it committed in 2016 and early this year. It has recommended the criminal prosecution of Comelec chair Andres Bautista for the massive data hack – now dubbed Comeleak — that occurred before the 2016 national elections.
At the forum, executives of Microsoft Philippines said the company has been working with the government to help businesses meet their legal obligations.
The software firm said online tools and resources are available through a Microsoft Trust Center website focused on information on the Data Privacy Act. Through the site, businesses may also take a free risk assessment to understand if they are compliant.
“Through our cloud services and on-premises solutions we’ll help you locate and catalog the personal data in your systems, build a more secure environment, simplify your management and monitoring of personal data, and give you the tools and resources you need to meet the Data Privacy Act reporting and assessment requirements,” it said.
Its flagship Windows 10 operating system also provides identity protection and safeguards from attacks. It also provides data encryption at the device and on the file level.
“As the September 2017 deadline to comply is near leaving businesses less than 180 days to comply, businesses now know that they are not alone. They have Microsoft as partner to help them in this journey for data privacy,” it said.
However, Internet rights advocate and Democracy.Net.PH co-founder Pierre Galla said during the same forum that although the NPC and Microsoft tools are around to safeguard personal information of online users, the responsibility to protect their privacy falls ultimately of their own shoulders.
“The last line of defense will be the users themselves as they are accountable for their own acts,” Galla said.