MANILA, Philippines – As the world becomes increasingly information-driven, most Filipinos recognize the value and importance of data privacy and the rights over their personal information, according to a survey commissioned by the National Privacy Commission (NPC).

A Social Weather Stations (SWS) survey on data privacy and Internet usage, conducted from June 17 to 21, 2017, showed 85% of respondents agreeing that the rights of data subjects are important.

The rights of Filipinos in terms of personal data privacy are the right to be informed, right to access, right to object, right to erasure or blocking, right to damages, right to file a complaint, right to rectify or correct, and right to data portability, said the NPC.

Meanwhile, 94% want to know more about where the personal information they provide during transactions or applications will be used. 

In terms of trust in private institutions that collect personal information, schools are found to be the most trustworthy, getting a +85 net trust rating. It is followed by hospitals and clinics (+71), banks (+52), telecommunications companies (+35), and credit card companies (+24).

Through the survey, “we have confirmed that Filipinos value their privacy,” said NPC Commissioner Raymund Liboro in presenting the results on Tuesday, August 29.

Liboro added that provisions in the 1987 Constitution and Republic Act 10173 or the Data Privacy Act of 2012 help “protect individuals in today’s modern society.”

The survey also showed that 37% of Filipino adults use the Internet, up by 2 percentage points from last year, said Liboro. Among them, 62% said they get their news online, while 56% said they go online to share information.

Other activities on the Internet as ranked in the survey include getting information on health and fitness (50%), getting information on a sensitive health topic (32%), looking for a job (30%), playing online games (25%), buying things online (18%), studying online courses (10%), visiting online dating sites (10%), and creating or working on a blog (3%).

The poll has 1,200 respondents, said Liboro, who presented the survey results at the DPO6 assembly of data protection officers (DPO) from media and social media. (READ: NPC reminds media: Balance freedom of press, right to privacy)

The NPC previously assembled DPOs from the government, banking industry, telecommunications industry, higher educational institutions, and the business process outsourcing (BPO) sectors.

September 9 deadline

To ensure the data privacy compliance of those handling personal information, the NPC had earlier identified 10 sectors that are required to appoint DPOs and register their names with the agency by September 9. (RELATED: NPC outlines 90-day plan for data protection officers)

In an appendix to its NPC Circular No. 2017-01, the privacy body said the following are subject to mandatory registration of DPOs:

• government branches, bodies or entities, including national gov’t agencies, bureaus or offices, constitutional commissions, local government units, and government-owned and controlled corporations
• banks and non-bank financial institutions, including pawnshops and non-stock savings and loans associations
• telecommunications networks, internet service providers, and entities/organizations providing similar services
• BPO companies
• universities, colleges, and other institutions of higher learning, all other schools and training institutions
• hospitals, including primary care facilities, multi-specialty clinics, custodial care facilities, diagnostic or therapeutic facilities, specialized outpatient facilities, and other organizations processing genetic data
• providers of insurance undertakings, including life and non-life companies, pre-need companies and insurance brokers
• business involved mainly in direct marketing, networking, and companies providing reward cards and loyalty programs
• pharmaceutical companies engaged in research
• personal information processors (PIP) processing personal data for a personal information controller (PIC) included in the preceding items, and data processing systems involving automated decision-making 

These sectors are “considered involved in the processing of personal data that is likely to pose a risk to the rights and freedoms of data subjects, or where the processing is not occasional,” said the NPC in a press release.

Other PICs and PIPs are also required to register their DPOs by September 9 if it has at least 250 employees or is processing at least 1,000 records involving sensitive personal information. – Rappler.com