NPC to step up data privacy campaign
THE National Privacy Commission (NPC) said Tuesday that an intensified crackdown against firms not compliant with the country’s Data Privacy Act would start next year.
The privacy watchdog has started strengthening compliance rules where three modes are included—privacy sweep, documents submission, and on-site visit.
Vida Zora Bocar, chief of NPC Policy Review Division, said the first stage would be the privacy sweep where the agency would check company websites, applications, and mobile services. If NPC is unsatisfied, the firms would be asked to submit documents on their privacy policy.
Once the two steps fail to convince the privacy authority, an on-site visit will be conducted where the NPC will monitor how these companies handle personal data. With these compliance checks, the NPC targets to focus on sectors that are “heavy data collectors,” such as schools, banks, and government agencies, Bocar said.
In May this year, the NPC revealed the plan to include more companies in their compliance sweep to address rising cases of data theft. From just 24 cases filed in 2016, the number ballooned to 221 in 2017, the NPC earlier said. The tally is expected to be larger this year with 208 cases already on file as of end-April.
The Philippines recently witnessed data breaches and vulnerabilities involving online delivery and online shopping sites of fastfood chains and a broadcast giant. Wendy’s Philippines in May informed the public about the hacking activity, with over 82,000 records of personal information of its job applicants and customers exposed. Homegrown fast-food giant Jollibee, meanwhile, was mandated by the NPC to temporarily suspend its delivery website given “serious vulnerabilities” in the platform, serving as a threat to around 18 million individuals on Jollibee’s database.
In September, media firm ABS-CBN also decided to temporarily take down its online shopping sites University Athletic Association of the Philippines (UAAP) and ABS-CBN Store, with fears that data of its 213 customers were compromised.
The NPC’s heightened compliance checks will be coupled with privacy awareness campaign for citizens. The agency is set to launch today the three- day pilot class of the Accountability, Compliance and Ethics (ACE) Data Protection Officer (DPO) Program, where it would help data protection officers to comply with the NPC’s issuances and the Data Privacy Act.
LISBET K. ESMAEL