The go-to firm for Corporate, Taxation, Negotiation, Visa and Immigration concerns.

OUR LOCATION

Unit 1202 Tycoon Centre Bldg. Pearl Drive
Brgy., San Antonio Ortigas Center,
1611 Pasig City, Philippines
MFBR Logo MFBR Logo

CONTACT US

Phone : +632 86953262
Email: mfl@mflegal.com.ph
  • Blog

    Blog

MFBR lawyers and associates care!

In light of the constantly changing social and economic landscape in the world due to COVID-19, everyone at Mallari Fiel Brillante Ronquillo has taken steps to make good our steadfast commitment to serve our clients and our communities.

To this end, we designed a new business model incorporating the traditional “brick and mortar” and “virtual” law offices. This new model is to achieve the continuity of rendering our legal and business consultancy services to clients and friends, and the immediate implementation of our crisis management and business transformation activities.

Thus, we’re glad to announce that for every fortnight, half of our team will be physically present at our offices from Monday thru Friday, 8:00am to 3:00pm. Clients and our friends can reach us through our office phones and online platforms (website, emails, Facebook, LinkedIn, Zoom, etc.). And to ensure the health and safety of our staff, they have the option to be housed in the Firm’s private residence or shuttled back and forth using the company’s private vehicle. Safety protocols are also observed at our offices.

Finally, our team has prepared a series of materials around the impact of COVID-19 and related considerations. Please take time to view our sample articles and research published in our website. A complete listing and discussion of these articles are available in our newsletter to be distributed to our esteemed clients.

Should you have questions, please reach out to our Office Manager, Argie Macawile, at +632 86953395, +63977 8502357; or email our Managing Partner, Atty. Rob Mallari, at mfl@mflegal.com.ph and rpmallari@mflegal.com.ph.

MFBR

  • Home
  • Attorney Mathew Mortega
  • ‘APPOINTING A DATA PROTECTION OFFICER.’ The first of Atty. Matthew Mortega’s articles on the Data Privacy Act of 2012.

‘APPOINTING A DATA PROTECTION OFFICER.’ The first of Atty. Matthew Mortega’s articles on the Data Privacy Act of 2012.

data privacy

We live in a time when personal information can be freely transferred from one entity to another without any authorization whatsoever, causing consternation among many who use online services, particularly social media. Thus, in 2012, Republic Act No. 10173 or The Data Privacy Act of 2012 was passed, the purpose of which is “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.” (Sec. 2). This Act protects an individual’s personal data in information and communication systems in both the government and private sector.

In order to guide the public for compliance of the said provision, the National Privacy Commission (“NPC”), created five pillars of compliance and accountability to assist entities that are covered by the DPA. The first pillar is the appointment of Data Protection Officers.

 

Why Appoint a Data Protection Officer?

A Data Protection Officer (“DPO”), is a person assigned by the organization to ensure that the personal and sensitive information of the data subjects is protected and secured. As such, DPOs will be accountable for ensuring compliance by the Personal Information Controllers or Personal Information Processors with the DPA, its Implementing Rules and Regulations, related issuances of the NPC, and other applicable laws and regulations in relation to data privacy and security.

 

What are the General Qualifications to be a DPO?

The law does not expressly state the qualifications required to be a DPO; however for a smoother compliance, a DPO should possess specialized knowledge and demonstrate the reliability necessary for the performance of his or her duties and responsibilities. As such, they should have expertise in relevant privacy or data protection policies and practices. Likewise, they should have sufficient understanding of the processing operations being carried out by the controllers or processors.

 

Duties and Responsibilities of the DPO.

A DPO, among other things, shall monitor whether the collection of personal information or data subjects is in accordance with the DPA. For this purpose, he/she may:

  1. Monitor the controller, or processor’s compliance with the DPA, its IRR, issuances by the NPC and other applicable laws and policies. As such, they may:

  • Collect information to identify the processing, operations, activities, measures, projects, programs, or systems of the Personal Information Controllers PIC) or Personal Information Processors (PIP), and maintain record thereof;

  • Analyze and check the compliance of processing activities, including the issuance of security clearances and compliance by the third-party service providers;

  • Inform, advise, and issue recommendations to the PIC, or PIP;

  • Ascertain renewal of accreditations or certifications necessary to maintain the required standards on personal data processing; and

  • Advise the Personal Information Controllers or Personal Information Processors as regards the necessity of executing a Data Sharing Agreement with third parties, and ensure its compliance with the law;

  1. Ensure the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems of the controllers, or processors;

  2. Advise the controller, or processors regarding complaints and/or the exercise by data subjects of their rights such as request for information, clarifications, rectifications or deletion of personal data;

  3. Ensure proper data breach and security incident management by the controllers or processors, including the latter’s preparation and submission to the NPC of reports and other documentation concerning security incidents or data breaches within prescribed period;

  4. Inform and cultivate awareness on privacy and data protection within the organization of the controller or processor, including all relevant laws, rules and regulations and issuances of the NPC;

  5. Advocate for development, review and/or revision of policies, guidelines, projects and or programs of the controllers, or processors, relating to privacy and data protection;

  6. Serve as the contract person of the controller, or processors vis-à-vis data subjects, the NPC and other authorities in all matters concerning data privacy or security issues;

  7. Perform other duties and tasks for the further interest of data privacy and security and uphold the rights of the data subjects.

Conclusion:

In sum, the first step to compliance is appointing a qualified Data Protection Officer for the furtherance of protection and security of all kinds of information of its data subjects, whether personal or sensitive. The primary function of a DPO is to protect and secure all private information; any DPO failing to do so shall be accountable before the National Privacy Commission.

The second pillar of compliance is Assessment of Risk: Conducting a Privacy Impact Assessment, which I’ll discuss in the next article.

Atty. Matthew Mortega. Sept. 12, 2018.

LINK :  RA10173 – The Data Privacy Act of 2012.

WE FIND SOLUTIONS
As a rapidly growing, highly qualified group of lawyers, associates, accountants, consultants and paralegals we are dedicated to finding innovative and swift solutions to all our clients' concerns.