The go-to firm for Corporate, Taxation, Negotiation, Visa and Immigration concerns.

OUR LOCATION

Unit 1202 Tycoon Centre Bldg. Pearl Drive
Brgy., San Antonio Ortigas Center,
1611 Pasig City, Philippines
MFBR Logo MFBR Logo

CONTACT US

Phone : +632 86953262
Email: mfl@mflegal.com.ph
  • Blog

    Blog

MFBR lawyers and associates care!

In light of the constantly changing social and economic landscape in the world due to COVID-19, everyone at Mallari Fiel Brillante Ronquillo has taken steps to make good our steadfast commitment to serve our clients and our communities.

To this end, we designed a new business model incorporating the traditional “brick and mortar” and “virtual” law offices. This new model is to achieve the continuity of rendering our legal and business consultancy services to clients and friends, and the immediate implementation of our crisis management and business transformation activities.

Thus, we’re glad to announce that for every fortnight, half of our team will be physically present at our offices from Monday thru Friday, 8:00am to 3:00pm. Clients and our friends can reach us through our office phones and online platforms (website, emails, Facebook, LinkedIn, Zoom, etc.). And to ensure the health and safety of our staff, they have the option to be housed in the Firm’s private residence or shuttled back and forth using the company’s private vehicle. Safety protocols are also observed at our offices.

Finally, our team has prepared a series of materials around the impact of COVID-19 and related considerations. Please take time to view our sample articles and research published in our website. A complete listing and discussion of these articles are available in our newsletter to be distributed to our esteemed clients.

Should you have questions, please reach out to our Office Manager, Argie Macawile, at +632 86953395, +63977 8502357; or email our Managing Partner, Atty. Rob Mallari, at mfl@mflegal.com.ph and rpmallari@mflegal.com.ph.

MFBR

‘APPOINTING A DATA PROTECTION OFFICER.’ The first of Atty. Matthew Mortega’s articles on the Data Privacy Act of 2012.

data privacy

We live in a time when personal information can be freely transferred from one entity to another without any authorization whatsoever, causing consternation among many who use online services, particularly social media. Thus, in 2012, Republic Act No. 10173 or The Data Privacy Act of 2012 was passed, the purpose of which is “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.” (Sec. 2). This Act protects an individual’s personal data in information and communication systems in both the government and private sector.

In order to guide the public for compliance of the said provision, the National Privacy Commission (“NPC”), created five pillars of compliance and accountability to assist entities that are covered by the DPA. The first pillar is the appointment of Data Protection Officers.

 

Why Appoint a Data Protection Officer?

A Data Protection Officer (“DPO”), is a person assigned by the organization to ensure that the personal and sensitive information of the data subjects is protected and secured. As such, DPOs will be accountable for ensuring compliance by the Personal Information Controllers or Personal Information Processors with the DPA, its Implementing Rules and Regulations, related issuances of the NPC, and other applicable laws and regulations in relation to data privacy and security.

 

What are the General Qualifications to be a DPO?

The law does not expressly state the qualifications required to be a DPO; however for a smoother compliance, a DPO should possess specialized knowledge and demonstrate the reliability necessary for the performance of his or her duties and responsibilities. As such, they should have expertise in relevant privacy or data protection policies and practices. Likewise, they should have sufficient understanding of the processing operations being carried out by the controllers or processors.

 

Duties and Responsibilities of the DPO.

A DPO, among other things, shall monitor whether the collection of personal information or data subjects is in accordance with the DPA. For this purpose, he/she may:

  1. Monitor the controller, or processor’s compliance with the DPA, its IRR, issuances by the NPC and other applicable laws and policies. As such, they may:

  • Collect information to identify the processing, operations, activities, measures, projects, programs, or systems of the Personal Information Controllers PIC) or Personal Information Processors (PIP), and maintain record thereof;

  • Analyze and check the compliance of processing activities, including the issuance of security clearances and compliance by the third-party service providers;

  • Inform, advise, and issue recommendations to the PIC, or PIP;

  • Ascertain renewal of accreditations or certifications necessary to maintain the required standards on personal data processing; and

  • Advise the Personal Information Controllers or Personal Information Processors as regards the necessity of executing a Data Sharing Agreement with third parties, and ensure its compliance with the law;

  1. Ensure the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems of the controllers, or processors;

  2. Advise the controller, or processors regarding complaints and/or the exercise by data subjects of their rights such as request for information, clarifications, rectifications or deletion of personal data;

  3. Ensure proper data breach and security incident management by the controllers or processors, including the latter’s preparation and submission to the NPC of reports and other documentation concerning security incidents or data breaches within prescribed period;

  4. Inform and cultivate awareness on privacy and data protection within the organization of the controller or processor, including all relevant laws, rules and regulations and issuances of the NPC;

  5. Advocate for development, review and/or revision of policies, guidelines, projects and or programs of the controllers, or processors, relating to privacy and data protection;

  6. Serve as the contract person of the controller, or processors vis-à-vis data subjects, the NPC and other authorities in all matters concerning data privacy or security issues;

  7. Perform other duties and tasks for the further interest of data privacy and security and uphold the rights of the data subjects.

Conclusion:

In sum, the first step to compliance is appointing a qualified Data Protection Officer for the furtherance of protection and security of all kinds of information of its data subjects, whether personal or sensitive. The primary function of a DPO is to protect and secure all private information; any DPO failing to do so shall be accountable before the National Privacy Commission.

The second pillar of compliance is Assessment of Risk: Conducting a Privacy Impact Assessment, which I’ll discuss in the next article.

Atty. Matthew Mortega. Sept. 12, 2018.

LINK :  RA10173 – The Data Privacy Act of 2012.


MFBR at the Summits!

CollageMaker_20180911_101556077_Fotor

It’s been a busy time recently for MFBR. Attorney Matthew Mortega represented us at the Data Privacy Summit last August 24, 2018 in Fort Bonifacio and has authored a fascinating article on that very subject which we will be adding to our blog very soon. Meanwhile, our Blockchain and Cryptocurrency specialist, Attorney Stephanie Tible, attended the Blockchain Summit in Singapore last August 28, 2018, along with our IT Associate, Strauss Santos.

  Collage_Fotor

WE FIND SOLUTIONS
As a rapidly growing, highly qualified group of lawyers, associates, accountants, consultants and paralegals we are dedicated to finding innovative and swift solutions to all our clients' concerns.