The go-to firm for Corporate, Taxation, Negotiation, Visa and Immigration concerns.


Unit 1202 Tycoon Centre Bldg. Pearl Drive
Brgy., San Antonio Ortigas Center,
1611 Pasig City, Philippines


Phone : +632 86953262
  • Blog


MFBR lawyers and associates care!

In light of the constantly changing social and economic landscape in the world due to COVID-19, everyone at Mallari Fiel Brillante Ronquillo has taken steps to make good our steadfast commitment to serve our clients and our communities.

To this end, we designed a new business model incorporating the traditional “brick and mortar” and “virtual” law offices. This new model is to achieve the continuity of rendering our legal and business consultancy services to clients and friends, and the immediate implementation of our crisis management and business transformation activities.

Thus, we’re glad to announce that for every fortnight, half of our team will be physically present at our offices from Monday thru Friday, 8:00am to 3:00pm. Clients and our friends can reach us through our office phones and online platforms (website, emails, Facebook, LinkedIn, Zoom, etc.). And to ensure the health and safety of our staff, they have the option to be housed in the Firm’s private residence or shuttled back and forth using the company’s private vehicle. Safety protocols are also observed at our offices.

Finally, our team has prepared a series of materials around the impact of COVID-19 and related considerations. Please take time to view our sample articles and research published in our website. A complete listing and discussion of these articles are available in our newsletter to be distributed to our esteemed clients.

Should you have questions, please reach out to our Office Manager, Argie Macawile, at +632 86953395, +63977 8502357; or email our Managing Partner, Atty. Rob Mallari, at and


  • Home
  • blog
  • How to Protect Your Personal Data in a Work-from-Home Arrangement

How to Protect Your Personal Data in a Work-from-Home Arrangement

The COVID-19 pandemic has greatly affected the way on how people conduct their duties and responsibilities in their respective careers and professions. In line with the government’s measures in curbing the spread of the virus, the Department of Labor and Employment (“DOLE”) encouraged employers from the private sector to adapt to the “new normal” which includes telecommuting.

Telecommuting, as defined under Republic Act No. 11165 is defined as a work arrangement that allows an employee in the private sector to work from an alternative workplace with the use of telecommunications and/or computer technologies. With this, reliance on technology has dramatically multiplied for the past months as data exchanges are widely adopted by utilizing the internet and/or online platforms.

With the sudden spike in its demand, issues on data privacy began to circulate. The National Privacy Commission (“NPC”) puts emphasis on the fact that the adoption of computer technology in the workplace is not risk-free. To prevent unauthorized access to an improper disposal of documents containing personal data due to unprotected home devices, the NPC released guidelines which cover general security measures which may be implemented by organizations and individuals as provided for under NPC PHE Bulletin No.12 on 15 May 2020.

Authorized Information Communication Technology (ICT) Assets:
1. Computers and other ICT peripherals.
– Ideally, employers should issue their staff with appropriate ICT resources to adequately perform their duties
2. Removable Devices.
– Personnel are encouraged to only use organization-issued ICT peripherals (such as USB flash drives, USB mouse, USB keyboard, etc.)
3. Software.
– Only softwares authorized by the organization must be used and only for official purposes.
4. . Proper configuration and security updates.
– Install security patches prior to and while WFH is enforced to prevent cyber security exploits and malicious damage
5. Web Browser Hardening.
– Ensure that your browser is up to date & properly configured.
6. Video conferencing.
– If available, only use video conferencing platforms contracted by your organization, which should pass its privacy and security standards.

Acceptable Use
Organizations must have an Acceptable Use Policy (AUP) that defines allowable personal uses of ICT assets. This may include:

  • Personal emails;
  • Browsing of news and articles;
  • Social media/networking (can be defined in a separate organizational policy); and
  • Video streaming.

The AUP should also define unacceptable and unauthorized uses, which may include:

  • Uses contrary to laws, customs, mores & ethical behavior;
  • Uses for personal benefit, entertainment, profit-oriented, partisan, or hostile activities;
  • Uses that damage the integrity, reliability, confidentiality and efficiency of ICT resources; and
  • Uses that violate the rights of other users

Access Control
– Personnel access to organization data must only be on a “need-to-know-basis”, anchored on pre-defined user profiles, and controlled via a systems management tool.

User Authentication
– Require strong passwords to access personnel credentials and accounts. *Passwords must be at least eight (8) characters long, comprising of upper- and lower-case letters, numbers and symbols.
Prohibit sharing of passwords.
Set up multifactor authentication for all accounts to deny threat actors immediate control of an account with a compromised password.

Network Security
When organization ICT assets are connected to personal hotspots and/or home Wi-Fis, observe the following:

  • Don’t visit malicious webpages. Always look for the “https” prefix on the URL to ensure it is encrypted;
  • As much as possible, ensure high availability and reliability of internet connection;
  • Configure the WiFi Modem or Router; and
  • Avoid connecting office computers to public networks, such as coffee shop Wi-Fis. If left with no choice, use a reliable Virtual Private Network (VPN) when connecting

Records and File Security
Set up policies to ensure sensitive data is processed in a protected and confidential manner to prevent unauthorized access, including:

  • A records management policy;
  • A policy against posting sensitive documents in unauthorized channels, such as social media sites;
  • A policy imposing the use of a file’s digital version instead of physical records, whenever possible; and
  • A retention policy for processing sensitive data in personal devices

When transferring sensitive data via email, encryption of files and attachments should be done.
Also, ensure that personnel always use the proper “TO, CC and BCC” fields to avoid sending to wrong recipients or needlessly expose other people’s email addresses to all recipients.

Physical security
Create workspaces in private areas of the home, or angle work computers in a way that minimizes unauthorized or accidental viewing by others.

  • Lock away work devices and physical files in secure storage when not in use.
  • Never leave physical documents with sensitive data just lying around, nor use them as a “scratch paper”.

Security Incident Management
Personnel must immediately notify his or her immediate supervisor in case of a potential or actual personal data breach while working from home.
The organization’s Data Protection Officer and/or Data Breach Response Team should immediately be alerted

It’s better to adopt preventive measures than curative measures. As we venture into various alternatives in conducting our livelihood, specifically telecommuting, we must take into consideration the confidentiality of our personal information.

For further queries on this matter or other legal concerns, you may contact us from Mondays to Fridays, 9:00 AM to 6:00 PM, through our email:, and our website at

As a rapidly growing, highly qualified group of lawyers, associates, accountants, consultants and paralegals we are dedicated to finding innovative and swift solutions to all our clients' concerns.