The go-to firm for Corporate, Taxation, Negotiation, Visa and Immigration concerns.

OUR LOCATION

Unit 1202 Tycoon Centre Bldg. Pearl Drive
Brgy., San Antonio Ortigas Center,
1611 Pasig City, Philippines
MFBR Logo MFBR Logo

CONTACT US

Phone : +632 6953262
Email: mfl@mflegal.com.ph
  • Blog

    Blog

‘APPOINTING A DATA PROTECTION OFFICER.’ The first of Atty. Matthew Mortega’s articles on the Data Privacy Act of 2012.

data privacy

We live in a time when personal information can be freely transferred from one entity to another without any authorization whatsoever, causing consternation among many who use online services, particularly social media. Thus, in 2012, Republic Act No. 10173 or The Data Privacy Act of 2012 was passed, the purpose of which is “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.” (Sec. 2). This Act protects an individual’s personal data in information and communication systems in both the government and private sector.

In order to guide the public for compliance of the said provision, the National Privacy Commission (“NPC”), created five pillars of compliance and accountability to assist entities that are covered by the DPA. The first pillar is the appointment of Data Protection Officers.

 

Why Appoint a Data Protection Officer?

A Data Protection Officer (“DPO”), is a person assigned by the organization to ensure that the personal and sensitive information of the data subjects is protected and secured. As such, DPOs will be accountable for ensuring compliance by the Personal Information Controllers or Personal Information Processors with the DPA, its Implementing Rules and Regulations, related issuances of the NPC, and other applicable laws and regulations in relation to data privacy and security.

 

What are the General Qualifications to be a DPO?

The law does not expressly state the qualifications required to be a DPO; however for a smoother compliance, a DPO should possess specialized knowledge and demonstrate the reliability necessary for the performance of his or her duties and responsibilities. As such, they should have expertise in relevant privacy or data protection policies and practices. Likewise, they should have sufficient understanding of the processing operations being carried out by the controllers or processors.

 

Duties and Responsibilities of the DPO.

A DPO, among other things, shall monitor whether the collection of personal information or data subjects is in accordance with the DPA. For this purpose, he/she may:

  1. Monitor the controller, or processor’s compliance with the DPA, its IRR, issuances by the NPC and other applicable laws and policies. As such, they may:

  • Collect information to identify the processing, operations, activities, measures, projects, programs, or systems of the Personal Information Controllers PIC) or Personal Information Processors (PIP), and maintain record thereof;

  • Analyze and check the compliance of processing activities, including the issuance of security clearances and compliance by the third-party service providers;

  • Inform, advise, and issue recommendations to the PIC, or PIP;

  • Ascertain renewal of accreditations or certifications necessary to maintain the required standards on personal data processing; and

  • Advise the Personal Information Controllers or Personal Information Processors as regards the necessity of executing a Data Sharing Agreement with third parties, and ensure its compliance with the law;

  1. Ensure the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems of the controllers, or processors;

  2. Advise the controller, or processors regarding complaints and/or the exercise by data subjects of their rights such as request for information, clarifications, rectifications or deletion of personal data;

  3. Ensure proper data breach and security incident management by the controllers or processors, including the latter’s preparation and submission to the NPC of reports and other documentation concerning security incidents or data breaches within prescribed period;

  4. Inform and cultivate awareness on privacy and data protection within the organization of the controller or processor, including all relevant laws, rules and regulations and issuances of the NPC;

  5. Advocate for development, review and/or revision of policies, guidelines, projects and or programs of the controllers, or processors, relating to privacy and data protection;

  6. Serve as the contract person of the controller, or processors vis-à-vis data subjects, the NPC and other authorities in all matters concerning data privacy or security issues;

  7. Perform other duties and tasks for the further interest of data privacy and security and uphold the rights of the data subjects.

Conclusion:

In sum, the first step to compliance is appointing a qualified Data Protection Officer for the furtherance of protection and security of all kinds of information of its data subjects, whether personal or sensitive. The primary function of a DPO is to protect and secure all private information; any DPO failing to do so shall be accountable before the National Privacy Commission.

The second pillar of compliance is Assessment of Risk: Conducting a Privacy Impact Assessment, which I’ll discuss in the next article.

Atty. Matthew Mortega. Sept. 12, 2018.

LINK :  RA10173 – The Data Privacy Act of 2012.


MFBR at the Summits!

CollageMaker_20180911_101556077_Fotor

It’s been a busy time recently for MFBR. Attorney Matthew Mortega represented us at the Data Privacy Summit last August 24, 2018 in Fort Bonifacio and has authored a fascinating article on that very subject which we will be adding to our blog very soon. Meanwhile, our Blockchain and Cryptocurrency specialist, Attorney Stephanie Tible, attended the Blockchain Summit in Singapore last August 28, 2018, along with our IT Associate, Strauss Santos.

  Collage_Fotor

WE FIND SOLUTIONS
As a rapidly growing, highly qualified group of lawyers, associates, accountants, consultants and paralegals we are dedicated to finding innovative and swift solutions to all our clients' concerns.