The National Privacy Commission (NPC) said on Saturday, Jan. 14, that it found “some gaps” in the handling by local telcos of personal data privacy of subscribers while implementing the SIM Registration Act.
The privacy body made the report after its Compliance and Monitoring Division conducted a simultaneous Compliance Check On-site Visits to the head offices of telecommunication companies of Smart Communications, Globe Telecom, and Dito Telecommunity.
The NPC, however, did not elaborate what those “privacy gaps” are but required the telcos to submit proof of compliance within 15 days.
Privacy commissioner John Henry D. Naga noted that, in general, Smart, Globe, and Dito have demonstrated capabilities in protecting personal data of their clients.
But he maintained that telcos should ensure that its security measures are further improved and strengthened as information and communications technology advances.
Naga, together with the chief of NPC’s Compliance and Monitoring Division, Rainier Anthony Milanes, personally went to each on-site visit to oversee the activities and discuss the importance of the compliance check with the data protection team of each telco.
“The telcos should consider these Compliance Check On-site Visits as an opportunity to demonstrate that they have sufficient organizational and program controls, and security measures in place to guarantee that the personal data being processed in relation to the SIM registration are safe and secured,” Naga said.
“Telcos must take their responsibility of protecting the privacy rights of their subscribers seriously by ensuring that personal data related to SIM registration are properly collected and stored, access to the data is restricted by role-based access controls, and data servers are protected by encryption and layers of firewall,” Naga added.
Milanes said that “as a regulator ensuring compliance to the Data Privacy Act of 2012, we must see firsthand how these personal information controllers conduct their day-to-day operations which should incorporate items stated in their privacy manuals.”
The SIM Registration Act was implemented on December 27, 2022.
It can be recalled that the NPC gathered the telcos to address the privacy concerns regarding the implementation of the SIM registration which led to immediate changes to the telcos’s SIM registration process on their websites and mobile applications.