Compliance for data privacy law pressed

Stakeholders urged to build ‘a culture of privacy’

Better late than never.

Government and foreign authorities underscored this Wednesday by calling on both government and private sectors to comply with the Data Privacy Act of 2112 in ensuring data privacy “in the age of disruption.”

“The digital age cannot be denied as we can no longer depend on the pen and paper,” Raymund E. Liboro, commissioner of the National Privacy Commission told a forum hosted by the Management Association of the Philippines  and the Davao City Chamber of Commerce and Industry, Inc. at the Marco Polo Hotel in Davao City.

To ensure data privacy, management representatives were told to come up with data protection office, private impact assessment, privacy management program, privacy and data protection and breach reporting procedures.

“Let us help build a culture of privacy so as not to be negligent,” said Liboro, adding that the NPC will next talk with the tourism industry in enlisting its support and compliance with the law.

Reginald Ezeh, partner and data scientist of a United States-based data analytics consulting firm, said that nobody should be exempted from complying with the law on data privacy.

He also enumerated common trends in breaches of data privacy that included social engineering tactics, human behaviors like credential re-use, popular vulnerabilities exploited by hackers, social engineering, phishing, business email, executive impersonation, payroll schemes and cyber extortion mails.

Jaime Casto Jose P. Garchitorena, president and CEO of the state-run Credit Information Corporation called for managements to ensure data integrity to bring about institutional integrity.

He said this can be achieved through: integrity control, access control, transmission security, audit controls, and by recorded and auditable data.

“Everything must be recorded and audited,” he said.

He said customers should be involved in data gathering with the assurance that this is safeguarded.

“There must be training and reward so that customers will be part of the data quality, integrity and security process,” he said.

Jallain Marcel S. Manrique, partner of the Makati-based KPMG in the Philippines, said it is never too late for managements to protect data privacy. “Better late than never,” he said.

For establishments to be compliant, he said they must undertake inventory of personal information and sensitive information, data flow mapping and documentation, privacy impact assessment, data privacy program, annual security and privacy assessment, periodic awareness and enhanced data privacy policy.