August 30, 2016 | 1:33 PM GMT+0800 Last Edit: August 30, 2016
The Implementing Rules and Regulations (IRR) of Republic Act 10173 or the Data Privacy Act (DPA) of 2012 was officially submitted to the Presidential Communications Office (PCO) for publication on the Official Gazette by the National Privacy Commission (NPC) after several months of public consultations nationwide with various stakeholders. The IRR will officially take effect fifteen (15) days after its publication.
Civil Society organization, Foundation for Media Alternatives (FMA) was instrumental in organizing Public Consultations for the Implementing Rules. According to FMA Director Alan Alegre, “The FMA is pleased with the spirit of inclusive participation of stakeholders in the development of the DPA’s IRR. Kudos to all stakeholders who participated in the public consultations, submitted comments online and offline, and produced position papers.”
Personal Information Controllers and other stakeholders participated in five public consultations and several meetings with the NPC. These stakeholders included representatives from banks, retail, education, research, health Informatics, civil society, business process management, migrant sectors, and Government organizations. Among the organizations that helped organize public consultations were the Philippine Computer Society, U.P Office of the Vice Chancellor for Research and Development (OVCRD), Department of Health, Philippine Council for Health Research and Development, Ateneo de Davao University, UP-PGH, National Telehealth Center and the Foundation for Media Alternatives (FMA).
The NPC will focus on conducting public information campaigns aimed at educating the public and organizations on the importance of data privacy in its first year of operations.
According to Privacy Commissioner Raymund Liboro, “With the prevalent use of personal data in access devices, social media, and smartphone apps, as well as in the delivery of basic services, it is extremely important that the public and organizations be made aware of the need to responsibly handle personal information,” Commissioner Liboro explains.
“The IRR was made with the citizen’s protection and the country’s progress in mind,” emphasized Commissioner Liboro. “Personal data is an important part of your personal assets and should be guarded. Collectively, they become a national asset too.”
The Data Privacy Act applies in general to any person or organization, whether from the government or private sector, that is involved in the collection, processing and any further use of personal data. Personal data is any information that may identify a person, such as names, identification numbers, and personal circumstances. It may involve sensitive information such as contents of a medical record, which a person normally does not intend to disclose to the public.
According to Chairman Liboro, “Everyone must be aware of how to secure them from threats. The Data Privacy Act was enacted to build trust on the country’s ICT systems. To make sure every Filipino benefits from ICT and not to fall victims to data use negligence and internet abuse.”
The National Privacy Commission is hopeful that they will get full cooperation from industry, government, civil society groups and other stakeholders on the conduct of its public information campaign and other activities.
Deputy Commissioner Ivy Patdu said, “To truly embrace a culture of privacy requires multi-sectoral coordination. The Commission has a big job ahead and the support and cooperation of various industries and Government will go a long way in protecting personal data.”
She furthers, “Privacy is a fundamental human right. Promoting free flow of information should not be seen as incompatible with upholding the right to information privacy. We just need to realize that the benefits gained from use of personal data comes with a duty of respecting rights of data subjects.”