April 6, 2017 | 2:32 PM GMT+0800 Last Edit: April 6, 2017
The National Privacy Commission (NPC) has called on Data Protection Officers (DPOs) in the public sector to get proactive in conducting their duty as watchdogs and advocates of the data privacy rights of Filipinos from within their respective organizations.
Speaking to government data protection professionals on Wednesday at DPO1: The 1st Data Protection Officers’ Assembly, Privacy Commissioner and Chairman Raymund Enriquez Liboro harped on the critical role of DPOs in government in safeguarding the individual’s fundamental right to data privacy, calling it an extension of the government’s mandate to protect its citizens.
“[For] the government to really do its job of protecting the people, it must also protect the people’s data. And that’s exactly why we are here today at DPO1 — to get the government’s acts together in providing data protection. Being at the forefront of personal data protection, it is incumbent upon you as government DPOs, and the NPC, to get our acts together. Just like what it says in a famous 70’s slogan, Kung ‘di tayo kikilos, sino ang kikilos? Kung ‘di ngayon, kailan pa? (If we won’t act, then who else will? If not now, when?)” Liboro told the event participants.
DPOs from over two hundred government agencies have gathered at the Land Bank Plaza in Malate, Manila for the half-day event, which is the first in a series of DPO assemblies organized by the NPC. To help DPOs quickly build proficiency in marshaling the compliance of their respective organizations, the NPC has provided them with an easy-to-follow template called the Data Privacy Accountability and Compliance Framework. Designed to assist new DPOs easily gain on-the-job proficiency, the framework recommends a programmed series of activities within a 30, 60 and 90-day period. If fully implemented, Liboro said the framework could facilitate an organization’s compliance within three months.
Commissioner Liboro said data protection is everyone’s business, but for DPOs it is a crucial responsibility. In defending people’s data privacy, DPOs are expected to fight physical, technical and organizational threats to data security. Some of the things to watch out for by the government DPO are security threats related to employee negligence, bring your own device (BYOD), phishing, and spyware.
“In functioning as protector of people’s data, the DPO becomes an enabler of privacy rights. By your collective efforts, it is you DPOs, who make data protection a practical, day-to-day reality inside each of your organizations, on the ground-level,” Liboro told the DPO1 participants.
Tailor-fitted to the unique needs of government DPOs, the event is designed to provide them with access to self-learning resources, DPO1 compliance tool kit, and the DPO1 web forum, among others.
During the event, the agency also launched its website, which caters not just to DPOs but to the general public, especially those who want to learn more about their data privacy rights and file complaints.
Through the series of DPO assemblies, the NPC wants to professionalize the DPO practice in the country to world-class standards. Since data protection issues vary across sectors and industries, however, the Commission decided on a targeted communication approach. After DPO1, the NPC shall prepare for the next round of DPO meets for other sectors such as banking and financial institutions, BPOs, academic institutions, and health care services.
About The Commission: The NPC is a regulatory and quasi-judicial body established in March 2016 by virtue of RA 10173, otherwise known as the Data Privacy Act of 2012. Headed by one commissioner and two deputy commissioners, the agency is mandated to uphold the right to data privacy and ensure the free flow of information, with a view to promoting economic growth and innovation.