Full implementation of privacy compliance sought
ZAMBOANGA CITY — The National Privacy Commission (NPC) yesterday called on the government and private agencies to fully implement privacy compliance, citing that most of the data breaches were caused by employees.
Commissioner Raymund Liboro divulged this during the regional data privacy summit here to encourage representatives from various government and private agencies, including academe, to adopt the five simple safety compliance of data privacy accountability and compliance approach.
Based on data and records, Liboro said at least 53 percent of the roots of data breach were due to employees’ negligence and 47 percent due to hackers or cybercrime.
“So, that’s what we are avoiding, that’s why we called them here to address that 53 percent to prevent and mitigate by following the compliance measures,” Liboro told reporters on the sidelines of the summit.
Based on the complaints, however, around 37 percent are due to unauthorized processing, according to Liboro.
He said the data controllers are no longer transparent in processing their data.
“Meaning, (people) are not aware that their data are being processed and then they are complaining,” he said.
Liboro admitted that hackers remained on top because they were a step ahead, as he likened the breach to a disaster warning to local government units which, despite
the information, still suffer casualties due to lack of preparation.
“Ultimately, what we want is to build up a culture of privacy to lower the risk for individuals and to companies who will face trouble with us. And we can only do that by requiring maximum compliance from all companies,” he said.
Liboro added that if there is compliance of data protection, they can assume lower risk and the chance of people getting hurt or harmed by breach of data will be reduced.
A good majority of the breaches are preventable, according to the commissioner, by simply having an accountable officer, having a plan like privacy management program and being prepared for exigencies or breaches.
Meanwhile, Liboro said there has been no global study yet as to the country’s position as far as data privacy protection status is concerned.
The NPC, he said, is still in the process of understanding the landscape and that the commission has required companies and government agencies to file annual reports.
Liboro warned that under Philippine laws, any violator of the breach of data will face a stiff penalty of three to six years’ imprisonment, which other countries would like to adopt.
“We have the stiffest penalty and many countries were amending their laws to follow ours and amending it to make it even stricter because with data as the new oil, it’s like money and managing it is really important,” he said.