• share this

Gov’t, firms face probe on lax data security defenses

The National Privacy Commission (NPC) warned government agencies and private companies could face “compliance checks” for failing to meet the deadlines for the registration of their data processing systems.

According to NPC, a compliance check would involve interviews, operation inspections, documents analyses, and pertinent activities intended to appraise the organization’s culture of privacy.


The registration has two phases. The first involves the registration of Data Protection Officers (DPOs) who would serve as point persons for the privacy matters of the company or the government organization.

The deadline for the first phase, which was originally set on Sept. 9, a nonworking holiday, was moved to Sept. 11.


The second phase, which involves the registration of personal data processing systems, is up to March 8 of next year.

“Failure to register may subject a company or an agency to compliance checks, compliance orders, and depending on attendant circumstances may be considered evidence of unauthorized processing, punishable under the Data Privacy Act,” said Privacy Commissioner Raymund Enriquez Liboro.

“For one thing, in case an organization suffers a data breach in the future, its nonregistration would imply lack of due diligence, critical in defending against charges of negligence,” he added.

Liboro said the NPC would continue accepting registration papers even after the deadline, but warned these would be considered “late registrants.”

According to NPC, several conglomerates have already registered their DPOs with the NPC, among them were companies under the Ayala Group, SM Group as well as the Lucio Tan Group.

Not everyone is required to register. Under the implementing rules and regulations of the Data Privacy Act, only companies or government agencies that employ 250 workers or more are required to register. Those with fewer than 250 workers are required to register only if their “operations involve the processing of personal data that may likely pose a risk.”

Read Next
Don't miss out on the latest news and information.
View comments

Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.

TAGS: Data Protection Officers (DPOs), data security defenses, National Privacy Commission (NPC)
For feedback, complaints, or inquiries, contact us.

© Copyright 1997-2019 | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.