Gov’t, firms face probe on lax data security defenses | Inquirer Business

Gov’t, firms face probe on lax data security defenses

/ 07:08 AM September 18, 2017

The National Privacy Commission (NPC) warned government agencies and private companies could face “compliance checks” for failing to meet the deadlines for the registration of their data processing systems.

According to NPC, a compliance check would involve interviews, operation inspections, documents analyses, and pertinent activities intended to appraise the organization’s culture of privacy.

The registration has two phases. The first involves the registration of Data Protection Officers (DPOs) who would serve as point persons for the privacy matters of the company or the government organization.

Article continues after this advertisement

The deadline for the first phase, which was originally set on Sept. 9, a nonworking holiday, was moved to Sept. 11.

FEATURED STORIES

The second phase, which involves the registration of personal data processing systems, is up to March 8 of next year.

“Failure to register may subject a company or an agency to compliance checks, compliance orders, and depending on attendant circumstances may be considered evidence of unauthorized processing, punishable under the Data Privacy Act,” said Privacy Commissioner Raymund Enriquez Liboro.

Article continues after this advertisement

“For one thing, in case an organization suffers a data breach in the future, its nonregistration would imply lack of due diligence, critical in defending against charges of negligence,” he added.

Article continues after this advertisement

Liboro said the NPC would continue accepting registration papers even after the deadline, but warned these would be considered “late registrants.”

Article continues after this advertisement

According to NPC, several conglomerates have already registered their DPOs with the NPC, among them were companies under the Ayala Group, SM Group as well as the Lucio Tan Group.

Not everyone is required to register. Under the implementing rules and regulations of the Data Privacy Act, only companies or government agencies that employ 250 workers or more are required to register. Those with fewer than 250 workers are required to register only if their “operations involve the processing of personal data that may likely pose a risk.”

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS: National Privacy Commission (NPC)

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.