Audit of privacy law compliance pushed | Inquirer Business

Audit of privacy law compliance pushed

/ 12:40 AM March 11, 2017

The National Privacy Commission wants an audit of companies and government entities on their compliance with the National Privacy Act, a government official said yesterday.

Privacy commissioner Dondi Mapa said the agency was planning to hire an accountability agent, in line with Asia-Pacific Economic Cooperation (Apec) rules.

He was referring to the Apec’s cross border privacy rules system, under which the Philippines could assign an accountability agent that needed to be approved by other member states.

ADVERTISEMENT

“The accountability agent is the one that does that audit, the results of which will be submitted to us,” Mapa said at the sidelines of a forum organized by Microsoft Philippines.

FEATURED STORIES

The agency, he said, hoped to start the process within the next two years.

The privacy commission is pursuing this direction as private entities need to comply with the privacy law by Sept. 9 this year. That date marks the end of the one-year grace period since the law’s implementing rules and regulations were published last year.

Under the rules, companies with at least 250 employees or those that handle data of at least 1,000 people need to hire a data protection officer, the first step toward compliance.

According to the law’s IRR, a data subject refers to any individual whose personal or privileged information, such as names, addresses and birthdays, is processed.

There are no existing statistics on the number of Filipino companies that would be covered by the Data Privacy Law, which also covers government agencies and corporations, local government units and state universities.

Mapa estimated that about a million private entities and individuals could be covered, including small businesses, schools and professionals.

ADVERTISEMENT

Apart from the planned audit, the privacy commission would also rely on complaints from customers or employees, in case a private sector data breach occurred. The law slaps hefty penalties on violators, including imprisonment and steep monetary fines.

Risks associated with data privacy exposure were brought to the fore with the notorious hacking of the voter database of the Commission on Elections in March last year. —MIGUEL R. CAMUS

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS:

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Curated business news

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.