Privacy body raises private sector awareness on data security
The National Privacy Commission (NPC) is setting its sights on the private sector as it takes a pro-active stance to boost the country’s awareness on data privacy and security.
Commissioner Raymund Liboro said that after probing last year’s data breach of the Commission on Elections’ voter database, the NPC is now urging companies in several industries to reassess the amount of personal information they need from clients.
“If the data are not really necessary, they should refrain from asking for more personal information. If they insist on getting so much personal data, then they should make sure that they have strong data privacy policies and systems,” Liboro said.
He pointed out that the NPC ruling on the Comelec data breach should be taken as a warning that the commission is taking a tough stance on violations of the Data Privacy Act of 2012.
The NPC, he added, is targeting as priority the companies that belong to the healthcare, banking and finance, real estate and education sectors.
“Companies especially those that ask their customers and clients or even just their prospects to fill out very long application forms should look into their processes if they can lessen the information they get from people, and how these filled-up application forms are handled by their agents, who has access to these forms and if the personal information in these forms are being guarded adequately from prying eyes,” Liboro said.
He cited as example his experience as a parent sending his children to a private school, where he and his wife fill out application forms that ask for information that are not necessary.
“These are cases of getting too much information,” Liboro said.
The NPC is also campaigning to raise public awareness on their right to withhold
some private and personal information, like provincial addresses or family history, in filling up application forms.
Ivy Patdu, NPC deputy commissioner, said companies should consider the “principle of proportionality” when asking for personal data.
“Kung hindi kailangan, wag
kunin ( If you don’t need it, don’t get it),” she said in a press briefing last week.
“This is the opportunity to tell everyone that data privacy is not just about cyber security. It starts from the time data is collected and used up to the storing of personal information,” Patdu said of the NPC decision finding Comelec Chairman Andres Bautista liable for the Comelec data breach.
“We keep focusing on cyber security, getting the best firewalls or having the best encryption. That’s not the complete picture because you can protect data from the start – from what you collect, use or store. If you don’t need the data, you should not store it,” Patdu added.