NPC expands data privacy education
Efforts include crafting issuances about the research exception under Section 4 of the Data Privacy Act, as well as guidelines for data scraping
The National Privacy Commission — the country’s vanguard in protecting citizen’s data privacy — is launching this year projects that will expand basic data privacy education outside of Metro Manila.
This comes amid pronouncements from the Department of Information and Communications Technology that various government agency websites are currently under significant threat from cyberattacks.
During the recent fireside chat titled “Insights into the Future: Fireside conversations on data privacy for 2024” hosted by the International Association of Privacy Professionals Knowledgenet Philippines, NPC deputy commissioner Leandro Angelo Aguirre said this year’s data privacy protection initiatives include plans for a Data Privacy Foundational Course that can be easily implemented by training providers outside of the capital.
The course is designed to be both operational and practical, with benefits for senior management as well as legal professionals and data protection officers.
“We want to democratize access to privacy education,” to release the course materials before Privacy Awareness Week in May. The intention is to enable groups outside of Metro Manila to run their courses with materials from the agency,” said Aguirre.
He also stressed the NPC’s commitment to transparency by launching “Calls For Public Input In Addition To Public Consultation.”
These efforts include crafting issuances about the research exception under Section 4 of the Data Privacy Act, as well as guidelines for data scraping.
“We want to institutionalize this because the input coming from the private sector from people that are actually affected by these issuances is very valuable,” Aguirre said, highlighting the importance of engaging with affected parties even before the drafting of issuances to ensure that the regulations are meaningful and well-informed.
The NPC official also mentioned a Notice for Public Consultation over CCTV issuance and the Commission’s planned issuance for model contractual terms for cross-border transfers, as well as a circular on privacy codes, to establish a clear approval process.
He also unveiled plans to come up with Guidelines on Children’s Privacy, emphasizing a risk-based approach and the significance of taking into account the unique cultural and sociological factors of Filipinos.
The country’s privacy watchdog also wants to release rules on tracking mechanisms, with a focus on consent cookies and how they comply with the Circular on Consent as Aguirre also announced plans to issue an advisory for the protection of lawful rights and interests in court proceedings and the development of legal claims, with the goal of providing clarification on an often-questioned topic.
He also discussed the NPC’s upcoming circular on security measures, highlighting the intention to revise NPC Circular 16-01, which now solely applies to the public sector. The circular aims to provide basic measures for both the private and public sectors to follow.
Aguirre explained that for those who are already working on their compliance, the circular is not intended to establish new requirements but rather to serve as a benchmark for organizations to evaluate their existing security measures.
Earlier, the DICT recently intercepted attacks originating “within China,” with a particular focus on entities such as the Overseas Workers Welfare Administration.
In reaction to these alarming incidents, Senator Grace Poe has called for rapid improvements to the firewall mechanisms on government agency websites.