Audit of privacy law compliance pushed | Inquirer Business

Audit of privacy law compliance pushed

/ 12:40 AM March 11, 2017

The National Privacy Commission wants an audit of companies and government entities on their compliance with the National Privacy Act, a government official said yesterday.

Privacy commissioner Dondi Mapa said the agency was planning to hire an accountability agent, in line with Asia-Pacific Economic Cooperation (Apec) rules.

He was referring to the Apec’s cross border privacy rules system, under which the Philippines could assign an accountability agent that needed to be approved by other member states.

Article continues after this advertisement

“The accountability agent is the one that does that audit, the results of which will be submitted to us,” Mapa said at the sidelines of a forum organized by Microsoft Philippines.

FEATURED STORIES

The agency, he said, hoped to start the process within the next two years.

The privacy commission is pursuing this direction as private entities need to comply with the privacy law by Sept. 9 this year. That date marks the end of the one-year grace period since the law’s implementing rules and regulations were published last year.

Article continues after this advertisement

Under the rules, companies with at least 250 employees or those that handle data of at least 1,000 people need to hire a data protection officer, the first step toward compliance.

Article continues after this advertisement

According to the law’s IRR, a data subject refers to any individual whose personal or privileged information, such as names, addresses and birthdays, is processed.

Article continues after this advertisement

There are no existing statistics on the number of Filipino companies that would be covered by the Data Privacy Law, which also covers government agencies and corporations, local government units and state universities.

Mapa estimated that about a million private entities and individuals could be covered, including small businesses, schools and professionals.

Article continues after this advertisement

Apart from the planned audit, the privacy commission would also rely on complaints from customers or employees, in case a private sector data breach occurred. The law slaps hefty penalties on violators, including imprisonment and steep monetary fines.

Risks associated with data privacy exposure were brought to the fore with the notorious hacking of the voter database of the Commission on Elections in March last year. —MIGUEL R. CAMUS

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS:

No tags found for this post.
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.