Law on data privacy opened up new jobs for IT grads: solon

Share on facebook
Share on twitter
Share on linkedin
Share on email

File photo shows NPC commissioner Raymond Liboro (right, standing) with deputy commissioner Dondi Mapa and Ivy Patdu.  Photo credit: FMA File photo shows NPC commissioner Raymond Liboro (right, standing) with deputy commissioner Dondi Mapa and Ivy Patdu. Photo credit: FMA[/caption] The lawmaker noted that the law requires government agencies as well as private firms to employ Data Protection Officers (DPOs) and Compliance Officers for Privacy (COPs). ?Establishments that control or process the personal information of individuals living within and outside the country now have the legal obligation to engage the services of DPOs, and if the entities have branches or multiple offices, they may also have to hire extra COPs,? Gullas said. He said DPOs and COPs are now as indispensable as an accountant or a finance officer in every organization that handles the personal records of individuals. ?We are now well into the digital age. It is very easy to store and transfer large amounts of personal data through computers and the Internet, and even by means of small electronic devices such as USB flash drives. Without adequate controls, the risk is great that whole systems of personal information may be stolen, lost and misused,? Gullas said. He cited the case of the Commission on Elections (Comelec), which lost the personal files of voters in one of the largest information system security breach in government. Congress passed the Data Privacy Act, which aligns the country?s personal data protection policies with global standards, in 2012. However, enforcement of the law was delayed extensively because Malaca?ang constituted the three-member National Privacy Commission (NPC) ? the implementing authority ? only on Mar. 7, 2016. The law?s implementing rules and regulations took effect only on Sept. 9, 2016, and the NPC finally issued on Mar. 14, 2017 Advisory No. 2017-01, which sets the guidelines for the designation of DPOs and COPs. According to the NPC advisory, every DPO should have expertise in relevant privacy or data protection policies and practices, and sufficient understanding of the processing operations being carried out by the agency or firm, including the latter?s information systems and data security needs. Knowledge by the DPO of the section or field of the agency or firm, and the latter?s internal structure, policies and processes is also useful, the NPC advisory said. Besides the Comelec, Gullas cited examples of other covered agencies that control or process the personal information of certain groups of individuals:

? Philippine Statistics Authority (civil registrants);

? Department of Foreign Affairs (passport holders);

? Social Security System, Government Service Insurance System, Philippines Health Insurance Corp., Pag-IBIG Fund, and the Overseas Workers Welfare Administration (members);

? Land Transportation Office (motor vehicle drivers);

? Professional Regulation Commission (professionals);

? National Bureau of Investigation (clearance holders);

? Bureau of Internal Revenue (taxpayers);

? Philippine Overseas Employment Administration (overseas contract workers);

? Department of Social Welfare and Development (cash transfer recipients);

? Office of Senior Citizens Affairs (seniors);

? State universities and colleges (students and teachers);

? Department of Education (students and teachers); and

? Local governments (business and other permit holders).

In the private sector, Gullas said all firms that manage the personal data of consumers or customers are duty-bound to employ DPOs and COPs. These include banks, credit-card issuers, insurers, pre-need providers, health-maintenance organizations, water and electric utilities, telecommunications as well as cable and satellite TV firms, schools, hospitals, and the like. Business process outsourcing (BPO) firms that usually deal with the personal data of the customers of their foreign clients are likewise covered. The Data Privacy Act safeguards the right of every individual to privacy, particularly information privacy, while ensuring the free flow of information for innovation, growth and national development.]]>

Facebook Comments

Join Our Newsletter! Zero spam, unsubscribe anytime!

Latest Posts