The Privacy Awareness Week celebrated by the National Privacy Commission (NPC) recently highlighted the need for more compliance and the role that the agency takes in creating a nationwide culture of privacy.
Privacy Commissioner John Henry D. Naga said during his Commissioner’s Report that the NPC’s conduct of its privacy awareness campaign consisted of trainings, activities, and projects that were a “testament of its commitment to expand and cultivate the public’s awareness of their rights as data subjects under the Data Privacy Act (DPA).”
The NPC held 21 activities and projects, 359 stakeholders’ consultative meetings, 308 social media campaigns, and 5 DPO ACE trainings as part of its extensive data privacy awareness campaign. It also launched an enhanced compliance and monitoring program to ensure the compliance of personal information controllers (PICs) or personal information processors (PIPs), as well as data subjects. A total of 895 compliance checks were conducted in 2021, which include 685 privacy sweeps, 50 notices of documentary submissions, and 160 warning letters. A total of 2,964 PIC applications for registration were recorded in the same year.
As a response to the surge of complaints regarding data breach security and privacy concerns, the NPC intensified its complaints handling, case investigation, and enforcement program. In 2021, the NPC handled 147 notices to explain, 363 complaints, 24 sua sponte investigations, and 8,487 data privacy concerns. In its adjudicatory function, the NPC performed 28 adjudication meetings that resulted to 129 Decisions, Resolutions, and Orders. The regulatory body also passed the International Organization for Standardization (ISO) 9001:2015 certification.
To meet the need for more compliance and to arm data subjects with knowledge in protecting their data and equip data protection officers and their organizations in the development of their data protection strategy and implementation, the NPC issued several circulars, advisories, and advisory opinions to guide stakeholders in interpreting the DPA.
Since the pandemic began, the NPC has released 24 public health emergency bulletins to help health authorities, local government units, and other stakeholders navigate the balance between the public’s right to health and right to privacy. It also coordinated with the Department of Health (DOH) to include telemedicine in the regulatory sandbox as part of processing personal data using innovative methods.
“The GPA COVID-19 Taskforce’s work has been recognized by various countries in advancing capacity-building initiatives aligned with the GPA’s goal to evolve global privacy and work towards a regulatory environment with high standards of data protection,” Naga said in a report.
The most recent advisories of the NPC have laid out the guidelines on requests for personal data of public officers, processing of personal data for election campaign or partisan political activity, and data subject rights, among others.
Acting Secretary of the Department of Information and Communications Technology Emmanuel Rey Caintic, said in his keynote message that “data privacy is not intrusive and is supposed to help things move faster and safer,” emphasizing the importance of keeping data privacy compliance simple for government agencies and companies alike.
Moving forward, Commissioner Naga assured stakeholders of the Commission’s fierce commitment to meet its mandate of protecting the Filipino people’s data privacy rights.
“For our countrymen — the data subjects, PICs, PIPs, and data privacy advocates — you can hope that in the year 2022 and the coming years, the National Privacy Commission will carry on in implementing programs, reforms, and projects to create a strong culture of privacy in the Philippines. The Commission will continue to endeavor setting its sight on equipping Filipinos with knowledge on data privacy, security, and protection,” Commissioner Naga added.
The PAW 2022 conference gathered speakers from both the government and private institutions to give insights on topics such as information safety on social media; protecting data privacy in schools; VaxCertPh; establishing trust in online lending; online banking safety; ensuring child safety in the online world; and cybercrime in the Philippines particularly emerging trends, prevention, prosecution, and remedies.
Speakers include representatives from the Department of Social Welfare and Development, Cybercrime Investigation and Coordinating Center, Department of Justice, Philippine National Police — Anti-Cybercrime Group, DOH, Department of Education, Commission on Higher Education, Bangko Sentral ng Pilipinas, Securities and Exchange Commission, Union Bank of the Philippines, Bank of the Philippine Islands, Google Philippines, Globe, UNICEF, Meta, St. Scholastica’s College, University of the Philippines Diliman, Cebu Pacific Air, Home Credit Philippines, and Fintech Alliance.
In actively participating in the global data privacy landscape, the NPC, as Chair of the Global Privacy Assembly (GPA) COVID-19 Taskforce, has organized 5 webinars attended by participants from Australia, New Zealand, the United States, the United Kingdom, Singapore, Argentina, Canada, Hong Kong, and Switzerland, among others. Three of the webinars were separate collaborations with the Center for Information Policy Leadership, International Association of Privacy Professionals, and Organization for Economic Cooperation and Development.
