Privacy Resilience
Towards the end of September, I had the good fortune to join over a hundred privacy professionals and practitioners from 70 countries and regions at the International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Hong Kong. Given the honor to address the body, I was quick to point out the close ties that the Philippines enjoys with Hong Kong. More than mere geographical proximity, these ties are borne of a deep history of openness, friendship, and support. Dating back to our battle for independence from our colonizers, Hong Kong is where the leadership of the revolution stayed in exile. In fact, it is where the Philippine flag as we know it was crafted. This flag—emblazoned with three stars and the sun—waves proudly over our nation today.
Despite first convening in 1979, this is only the second time that the conference was held in Asia, with the first also in Hong Kong, which is not only understandable but also expected, given the status of Hong Kong at the forefront of information privacy discourse in the region. Even then, the fact that the conference took place in Asia only twice so far in 39 iterations does say something not only about the more advanced discussions on information privacy going on in the West, but also about how information privacy as a concept first gained traction outside of Asia.
Now, of course, privacy is understood to be a universal right; even information privacy, despite being a somewhat new concept borne in today’s information age, is also by consensus understood to be a right enjoyed by all. But there is some point in reflecting on how the differences in histories and contexts gave rise to a variety of values around the world. Case in point, and one interesting point of discussion, is how the East Asian economic powerhouses talked about the concept of community as regards information privacy. Putting the community top of mind, and seeing rights and concepts from a communitydriven lens, is a thought process very common across our part of the globe. Our Western counterparts were very much interested in hearing about the concept of community privacy—especially since information privacy has, for much of its discourse history, been seen from the lens of individual rights.
As for the Philippines, I was very proud to talk about the concept of privacy resilience. As you know, resilience has recently become a buzzword in discussions around the world, owing to climate risk. For our part, however, resilience has always been a way of life: We experience around 20 storms a year; we have always had to brace ourselves for the next disaster, and build stronger communities due to its threats. It has also necessarily affected the way we look at the world.
Applied to privacy, resilience simply means always being aware of threats and risks, being one step ahead, and having processes in place that will allow one to respond—quickly, efficiently, and in a manner that minimizes further damage. An entity is privacy resilient when it is able to prevent privacy risks from coming to fruition.
The Philippines has, admittedly, come later than others to the information privacy discourse party. But this has one distinct advantage: It allows us to put up systems and processes that are already informed by the experiences of others; it allows us to put in place the best practices from all over so that our own information privacy regime need not go through its own disasters to acquire knowledge. At the same time, we are enriching our practices by applying concepts from other fields and from our own experiences, in an interdisciplinary approach. One such concept is privacy resilience, and it will allow us to further build on our strengths as we move along our journey towards a culture that values privacy.