Commission working with banks to shore up data privacy defenses
THE National Privacy Commission (NPC) is looking to tap banks and other institutions to enhance data protection protocols, the agency said in a statement.
“The NPC considers banks a critical sector when it comes to protecting personal data and so far, the level of cooperation we are getting from the sector has been encouraging,” Privacy Commissioner and Chairman Raymund E. Liboro was quoted as saying.
The NPC will be holding a Data Protection Officers’ Assembly on May 31 at the Bangko Sentral ng Pilipinas (BSP) headquarters in Manila, as the agency looks to ensure compliance with provisions of Republic Act 10173 or the Data Privacy Act of 2012.
The NPC was established in March 2016 — roughly four years since the passage of the law — and is tasked to protect sensitive data for both public and private databases.
In particular, the NPC requires that all digitally-processed data must be encrypted, whether at rest or while in transit, and must be governed by strict rules on data sharing and access.
Representatives from banks and BSP- supervised firms are expected to align internal protocols with the privacy law.
Banks keep extensive client profiles and transaction records. Mr. Liboro said customer expectations are higher when it comes to dealing with banks, thus the need to establish “strong” data privacy compliance among financial companies.
The NPC lodged a case versus the Commission on Elections over its alleged failure to secure sensitive information for some 55 million Filipino voters, following the so-called “ComeLeaks” incident ahead of the May 2016 polls.
Formal discussions between financial institutions and the NPC come after the central bank rolled out stricter cybersecurity rules for banks to guard against identity theft, hacking, and other forms of electronic crime.
Earlier this month, the BSP made public a set of guidelines on handling ransomware attacks, in the aftermath of the WannaCry attacks which spread across computer systems in 150 countries. The rules mandate financial firms to adopt “multiple layers of defenses” to thwart cyberattacks.