PAW 2022: Data privacy awareness advances culture of privacy in PH

Data privacy awareness, as a crucial part of creating a culture of privacy in the Philippines, sits at the forefront of this year’s Privacy Awareness Week (PAW) celebration.

Pursuant to Presidential Proclamation No. 527 signed by President Rodrigo Roa Duterte in 2018, PAW is annually celebrated every last week of May. The two-day conference held on May 25 and 26, 2022 aimed to further empower data subjects to protect their personal data and to know their respective data privacy rights. One of the highlights of the event is the message of President Duterte for PAW 2022 which encourages the NPC to “continue to cultivate public awareness on data privacy practices, and institute more stable and secure data protection policies in various media channels” and to “pursue initiatives that will empower our citizenry to safeguard their private data against unscrupulous groups and individuals.”

The NPC conducted the PAW 2022 with a theme: “Ang PAWer ng Data Privacy Mo: Praktikal, Angkop, at Wastong Paggamit ng Datos ni Juan at Juana.” The two-day PAW 2022 conference was streamed live via MS Live, Facebook, and YouTube.

Privacy Commissioner John Henry D. Naga said during his Commissioner’s Report that the National Privacy Commission’s (NPC) conduct of a privacy awareness campaign consisting of trainings, activities, and projects is a “testament of its commitment to expand and cultivate the public’s awareness of their rights as data subjects under the Data Privacy Act (DPA).”

The NPC held 21 activities and projects, 359 stakeholders’ consultative meetings, 308 social media campaigns, and 5 DPO ACE trainings as part of its extensive data privacy awareness campaign to arm data subjects with knowledge in protecting their data and equip data protection officers and their organizations in the development of their data protection strategy and implementation.

The NPC encourages the data subjects to do their part in protecting themselves against threats and risks by following these 5 tips: 1) reading up on data privacy through educational materials accessible on the NPC website and social media pages; 2) conducting a privacy check on their online accounts; 3) sharing their knowledge on data privacy to friends, family, and peers; 4) calling out data privacy violations online and offline; and 5) being an advocate by doing small privacy-friendly projects. All these precautions have significant impact on the advancement of the culture of privacy in the Philippines.

Enhanced Compliance and Monitoring Program

The NPC made significant efforts in 2021 to exceed the expectations of its stakeholders in the face of threats to the public’s data privacy rights. The NPC firmly believes that protection of personal data is a joint responsibility between personal information controllers (PICs) or personal information processors (PIPs), and data subjects.

Last year, the NPC launched an enhanced compliance and monitoring program to ensure the compliance of the PICs and PIPs with the DPA. A total of 895 compliance checks were conducted in 2021, which include 685 privacy sweeps, 50 notices of documentary submissions, and 160 warning letters. A total of 2,964 PIC applications for registration were recorded in the same year.

As a response to the surge of complaints regarding data breach security and privacy concerns, the NPC intensified its complaints handling, case investigation, and enforcement program. In 2021, the NPC handled 147 notices to explain, 363 complaints, 24 sua sponte investigations, and 8,487 data privacy concerns. In its adjudicatory function, the NPC performed 28 adjudication meetings that resulted to 129 Decisions, Resolutions, and Orders.

To aid PICs and PIPs in fortifying their data privacy and protection, the NPC issued Circulars, including (i) NPC Circular 2021-01 or the “2021 Rules of Procedure of the National Privacy Commission”, and (ii) NPC Circular 2021-02 or the “Guidelines on the Processing of Personal Data during Public Health Emergencies for Public Health Measures”, Advisories, and Advisory Opinions to guide stakeholders in interpreting the DPA. The most recent advisories of the NPC have laid out the guidelines on requests for personal data of public officers, processing of personal data for election campaign or partisan political activity, and data subject rights, among others.

Since the pandemic began, the NPC has released 24 public health emergency bulletins to help health authorities, local government units, and other stakeholders navigate the balance between the public’s right to health and right to privacy. Further, the NPC coordinated with the Department of Health (DOH) to include telemedicine in the regulatory sandbox as part of processing personal data using innovative methods.

The coordination with the DOH yielded 3 Joint Circulars, as follows: (1) DOH-NPC Joint Memorandum Circular No. 2020-0001 or the “Guidelines on the Use of Telemedicine in COVID-19 Response”; (2) DOH-NPC Joint Memorandum Circular No. 2020-0002 or the “Privacy Guidelines on the Processing and Disclosure of COVID-19 Related Data for Disease Surveillance and Response”; and (3) DOH-NPC Joint Memorandum Circular No. 2020-0003 or the “Guidelines on the Monitoring and Evaluation (M&E) of the Use of Telemedicine in COVID-19 Response”.

Moreover, the NPC passed the International Organization for Standardization (ISO) 9001:2015 certification. It is an international standard dedicated to a quality management system based on the principles of customer focus, leadership, engagement of people, process approach, improvement, evidence-based decision making, and relationship management.

In actively participating in the global data privacy landscape, the NPC, as Chair of the Global Privacy Assembly (GPA) COVID-19 Taskforce, has organized 5 webinars attended by participants from Australia, New Zealand, the United States, the United Kingdom, Singapore, Argentina, Canada, Hong Kong, and Switzerland, among others. Three of the webinars were separate collaborations with the Center for Information Policy Leadership, International Association of Privacy Professionals, and Organization for Economic Cooperation and Development.

Commissioner Naga, in his Commissioner’s Report, stated that, “The GPA COVID-19 Taskforce’s work has been recognized by various countries in advancing capacity-building initiatives aligned with the GPA’s goal to evolve global privacy and work towards a regulatory environment with high standards of data protection.”

What to Expect

Acting Secretary of the Department of Information and Communications Technology Emmanuel Rey Caintic, said in his keynote message that “data privacy is not intrusive and is supposed to help things move faster and safer,” emphasizing the importance of keeping data privacy compliance simple for government agencies and companies alike.

Moving forward, Commissioner Naga assured stakeholders of the Commission’s fierce commitment to meet its mandate of protecting the Filipino people’s data privacy rights.

“For our countrymen – the data subjects, PICs, PIPs, and data privacy advocates – you can hope that in the year 2022 and the coming years, the National Privacy Commission will carry on in implementing programs, reforms, and projects to create a strong culture of privacy in the Philippines. The Commission will continue to endeavor setting its sight on equipping Filipinos with knowledge on data privacy, security, and protection,” Commissioner Naga added.

The PAW 2022 conference gathered speakers from both the government and private institutions to give insights on topics such as information safety on social media; protecting data privacy in schools; VaxCertPh; establishing trust in online lending; online banking safety; ensuring child safety in the online world; and cybercrime in the Philippines particularly emerging trends, prevention, prosecution, and remedies.

Speakers include representatives from the Department of Social Welfare and Development, Cybercrime Investigation and Coordinating Center, Department of Justice, Philippine National Police – Anti-Cybercrime Group, DOH, Department of Education, Commission on Higher Education, Bangko Sentral ng Pilipinas, Securities and Exchange Commission, Union Bank of the Philippines, Bank of the Philippine Islands, Google Philippines, Globe, UNICEF, Meta, St. Scholastica’s College, University of the Philippines Diliman, Cebu Pacific Air, Home Credit Philippines, and Fintech Alliance.

Visit paw2022.privacy.gov.ph for more information. The full recording is available for replay at Facebook facebook.com/privacy.gov.ph and YouTube https://youtu.be/jqGQpZ0lTRI.