More than 100 large Philippine firms still appear to be “noncompliant” with provisions of the Data Privacy Act despite the looming deadline later this week for measures to be put in place to protect client information and prevent its misuse.
The alarm was raised on Friday by European Innovation, Technology and Science Center (EITSC) president Henry Schumacher, who said that many companies had yet to comply with the law ahead of the March 8 deadline set by the National Privacy Commission.
“We have all the rights to dispute the inaccuracies or errors in the personal data and to request the suspension, withdrawal, blocking, removal and destruction of personal data,” he said. “We also have the right to complain for any damages brought by inaccurate, incomplete, outdated, unlawfully obtained, or unauthorized use of personal data.”
The EITSC last year partnered with the commission to run a series of data privacy workshops for companies to raise awareness about Republic Act No. 10173, or more commonly known as the Data Privacy Act.
Schumacher said that over the course of these workshops, it was revealed that more than 100 companies have yet to fully comply with the provisions of the law, even as he expressed hopes that many would meet this week’s deadline.
The Data Privacy Act of 2012 requires companies with at least 250 employees or those with access to personal data of at least 1,000 people to have a data protection officer and register their data processing systems with the NPC.
Offenses under the Data Privacy Act are punishable by up to seven years imprisonment and up to P7 million in fines depending on the nature and degree of violation. —DAXIM L. LUCAS