NPC to mitigate data privacy risk concerning national ID system

MANILA, Philippines - The National Privacy Commission (NPC) launched Privacy Awareness Week in the country by addressing the risks of data privacy concerning the Philippine Identification System (PhilSys) proposal, expected to be ratified by Congress.

Part of the technical working group that drafted the proposal later adopted as Senate Bill No. 1738, the NPC said they intend to build trust with the people by mitigating risks of breaches and leakages. The commission will ensure other government agencies adhere to the Data Privacy Act (DPA) when handling or processing personal data.

“Personal data breaches and violations to data subjects’ rights are man-made. They can be prevented by building resilience and a culture of privacy and protection with the organization,” NPC commissioner Raymund Liboro said.

Meanwhile the Philippine Statistics Authority (PSA) together with the Department of Information and Communications Technology (DICT) are tasked to implement all the security measures required to protect the information to be shared.

Additionally, the PSA must make sure that individuals are informed during their registration how their data will be used and how they can access this information, which upholds a data subjects’ rights under the DPA.

The PhilSys registration requires individuals to share basic information such as full name, sex, date of birth, address, among a few others but some are optional including mobile number and email address.

Punishment for violations under PhilSys legislations and the DPA are going to be imposed separately. Violations include unauthorized collection, disclosure or access, or malicious disclosure. Liboro stresses that the heavy penalties which could combine 3 to 15 years of imprisonment with a P1 million to P10 million fine could make potential violators think twice about breaking the law.

During the first day of the conference, the NPC reiterated their current initiatives in promoting the importance of data privacy to Filipinos. Liboro stated that businesses should start appointing Data Protection Officers (DPO) who will be accountable in the protection of personal and private data.

The conference comes after the highly controversial Facebook-Cambridge Analytica scandal and the local data-breach of a fast food delivery website.

“Companies are built on trust. And they will live and die on trust in today’s disruptive times. When it comes to data privacy and security, the responsibility goes all the way to the top,” Liboro said. –