The five commandments of data privacy, according to NPC | Inquirer Technology

The five commandments of data privacy, according to NPC

/ 07:07 PM January 19, 2017

In an age of information overload especially in the digital media, how can government agencies, private companies and even ordinary individuals protect data privacy and personal information?

The National Privacy Commission (NPC), which implements the Data Privacy Act of 2012, said simple and practical measures, coupled with adherence to the law, should be undertaken to avoid data breach. NPC commissioner Ramon Liboro said the data privacy act is a “21st century law addressing 21st century realities of crime in the digital age.”

The biggest case yet that landed on the lap of NPC, which was constituted only last year, was the so-called “Comeleak,” or the notorious 2016 hacking of the Commission on Elections (Comelec) website, which leaked 55 million distinct and sensitive voter information.

Article continues after this advertisement

“The sheer magnitude of the data involved really put us in a tester. By sheer volume alone, this practically involves everyone, not only Filipinos here but also abroad. This is the biggest breach of sensitive personal data on a database held by a government body,” Liboro told INQUIRER.net in an interview. The NPC ruled that Comelec Chair Andres Bautista committed gross negligence under the data privacy act and presented evidence to aid in his criminal prosecution.

FEATURED STORIES

To avoid data breach, Liboro said the NPC is expecting government agencies and private firms to implement the following data privacy guidelines:

Rule #1: Appoint a data protection officer

Article continues after this advertisement

Personal informational controllers and processors are required to appoint or designate a data protection officer or compliance officer, who will be accountable for compliance with applicable rules and regulations, relating to data protection and privacy.

Article continues after this advertisement

Rule #2: Know your risks: Conduct a privacy impact assessment

Article continues after this advertisement

“You’ve got to realize the nature of the processes that you do, the attendant risks, and the threats. Identify vulnerabilities so we can institute proper organizational and technical security measures,” Liboro said.

Rule #3: Write your plan: Create your privacy management program

Article continues after this advertisement

The program or security manual serves to align everyone in the organization in the same direction to facilitate compliance with the data privacy act and to mitigate the impact of a data breach.

Rule #4: Be accountable: Implement your privacy and data protection measures

The measures laid out in your privacy and data protection policies should not remain theoretical. They should be continuously assessed, reviewed and revised as necessary, while training must be regularly conducted.

Rule #5: Be prepared for breach: Regularly exercise your breach reporting procedures

Upon the discovery of personal data breach or reasonable suspicion thereof, it is important to conduct an initial assessment of the breach, to mitigate its impact and to notify both the affected data subjects and the NPC within 72 hours of discovery.

Liboro said the NPC is anticipating cybercrimes and cases of such nature to escalate especially amid technological innovation but noted that matters of data privacy protection and preparedness should not be left in the hands of IT experts and geeks alone.

“It’s general awareness that data is valuable and it must be secured. These are very practical recommendations na hindi naman kailangang gastusan ng milyun-milyon (which won’t cost millions). You can actually jumpstart your privacy program with these simple steps,” he said.

“We as a citizenry must develop this culture of privacy and security which we can incorporate into our daily lives. Sometimes, measures which we call data hygiene could actually lower or mitigate this risk—from as simple as developing a strong password, using a two-factor authentication, and getting to know all these modus, etcetera,” he added.

For inquiries and complaints on data privacy, the NPC can be reached at [email protected] or through their social media pages. RAM

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

RELATED STORIES

IN THE KNOW: National Privacy Commission
Data privacy in a hyper-connected world
TOPICS: data privacy, National Privacy Commission, NPC, technology
TAGS: data privacy, National Privacy Commission, NPC, technology

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.