NPC conducts on-site visits among telcos to check compliance with DPA while implementing SIM Registration Act

January 16, 2023 | 9:32 AM GMT+0800 Last Edit: January 16, 2023

January 13, 2023, METRO MANILA — The National Privacy Commission (NPC), through its Compliance and Monitoring Division conducts simultaneous Compliance Check On-site Visits to the head offices of telecommunication companies, such as Smart Communications, Globe Telecom, and Dito Telecommunity to ensure that they are implementing appropriate security measures to protect the personal data of Filipinos registering their SIM Cards.

Privacy Commissioner John Henry D. Naga together with the Chief of NPC’s Compliance and Monitoring Division, Atty. Rainier Anthony Milanes, personally went to each on-site visit to oversee the activities and discuss the importance of the compliance check with the data protection team of each telco.

“The telcos should consider these Compliance Check On-site Visits as an opportunity to demonstrate that they have sufficient organizational and program controls, and security measures in place to guarantee that the personal data being processed in relation to the SIM registration are safe and secured,” Naga said.

“Telcos must take their responsibility of protecting the privacy rights of their subscribers seriously by ensuring that personal data related to SIM registration are properly collected and stored, access to the data is restricted by role-based access controls, and data servers are protected by encryption and layers of firewall,” the Privacy Chief added.

Atty. Milanes said that “as a regulator ensuring compliance to the Data Privacy Act of 2012, we must see firsthand how these personal information controllers conduct their day-to-day operations which should incorporate items stated in their privacy manuals.”

“With the leadership of our Privacy Commissioner, the NPC’s Compliance and Monitoring Division shall continue to conduct various mechanisms that would ensure telcos’ compliance with the DPA,” Milanes added.

Upon the conclusion of Compliance Check On-Site Visit, the three telcos were appraised of some gaps in their personal data privacy implementation and were required to submit proof of compliance within fifteen (15) days.

Privacy Commissioner Naga noted that, in general, Smart, Globe, and Dito have demonstrated capabilities in protecting personal data of their clients. He maintained that telcos should ensure that its security measures are further improved and strengthened as information and communications technology advances.

The SIM Registration Act was implemented on December 27, 2022. It can be recalled that the NPC gathered the telcos to urgently address the privacy concerns regarding the implementation of the SIM registration which led to immediate changes to the telcos’s SIM registration process on their websites and mobile applications.