NPC’s Strategic Vision: Safeguarding Privacy for a Competitive PH

C:\Users\GCPI-ROBBY\Desktop\PRS\Deputy Commissioner Atty. Leandro Angelo Y. Aguirre.jpg

Government websites are currently under significant threat from cyberattacks, as evidenced by the Department of Information and Communications Technology’s (DICT) successful interception of attacks originating “within China,” with a particular focus on entities such as the Overseas Workers Welfare Administration.

In reaction to these alarming incidents, Senator Grace Poe has called for rapid improvements to the firewall mechanisms on government agency websites. She emphasized the collective duty of reinforcing these systems, emphasizing the government’s commitment to use every available means to safeguard the security and integrity of people’s data.

In relation to this, the National Privacy Commission (NPC) has outlined its primary objectives for the year, aligning with its dedication to safeguard the personal information of Filipinos and cultivate a culture of privacy conducive to a competitive, knowledge-based, and innovative nation.

With the mandate to implement the provisions of the Data Privacy Act of 2012 and to ensure the country’s adherence to international data protection standards, the agency’s goal this year is to address the ongoing challenges in understanding fundamental concepts of data privacy and the law.

In the January 30 fireside chat titled “Insights into the Future: Fireside conversations on data privacy for 2024,” hosted by the International Association of Privacy Professionals Knowledgenet Philippines, NPC Deputy Commissioner Leandro Angelo Y. Aguirre said that expanding basic data privacy education outside of Metro Manila is one of the Commission’s main goals for 2024.

This includes plans for a Data Privacy Foundational Course that can be easily implemented by training providers outside of the capital. The course is designed to be both operational and practical, with benefits for senior management as well as legal professionals and data protection officers.

The official said, “We want to democratize access to privacy education,” with the goal of releasing the course materials prior to Privacy Awareness Week in May. The intention is to enable groups outside of Metro Manila to run their own courses with materials from the agency.

He also emphasized NPC’s commitment to transparency by launching “Calls For Public Input In Addition To Public Consultation.” These efforts include crafting issuances pertaining to the research exception under Section 4 of the Data Privacy Act, as well as guidelines for data scraping.

“We want to institutionalize this because the input coming from the private sector from people that are actually affected by these issuances is very valuable,” Aguirre said as he highlighted the importance of engaging with affected parties even prior to the drafting of issuances in order to ensure that the regulations are meaningful and well-informed.

The NPC official also mentioned a Notice for Public Consultation over CCTV issuance and the Commission’s planned issuance for model contractual terms for cross-border transfers, as well as a circular on privacy codes, with the goal of establishing a clear approval process. He also unveiled plans to come up with Guidelines on Children’s Privacy, emphasizing a risk-based approach and the significance of taking into account the unique cultural and sociological factors of Filipinos.

Furthermore, the country’s privacy watchdog wants to release rules on tracking mechanisms, with a focus on consent cookies and how they comply with the Circular on Consent. Aguirre also announced plans to issue an advisory for the protection of lawful rights and interests in court proceedings and the development of legal claims, with the goal of providing clarification on an often-questioned topic.

He also discussed the NPC’s upcoming circular on security measures, highlighting the intention to revise NPC Circular 16-01, which now solely applies to the public sector. The circular aims to provide basic measures for both the private and public sector to follow. Aguirre explained that for those that are already working in their compliance, the circular is not intended to establish new requirements but rather to serve as a benchmark for organizations to evaluate their existing security measures.

In closing, the NPC official expressed hope that these initiatives would strengthen the foundation of data privacy in the coming years. (Photo by National Privacy Commission)