The Securities and Exchange Commission (SEC) is cracking the whip on Philippine companies, especially those publicly listed, which may be amiss in their legal obligations to safeguard data privacy and install proper cybersecurity systems.
The SEC has written to the Philippine Stock Exchange (PSE) and the Philippine Dealing and Exchange Corp. to “remind all market participants of the requirements of data privacy and data protection regulations that may have an impact on the business processes of private entities, including capital market participants.”
These entities are required to submit compliance reports within 30 days, based on a letter dated Oct. 5 issued by SEC director Vicente Graciano Felizmenio Jr.
Trading participants and other stakeholders of the PSE were likewise required to submit such compliance report.
This comes on the heels of reports that the US SEC was now running after firms with deficient cybersecurity systems alongside the report of data breach at the online store of broadcasting giant ABS-CBN.
The Data Privacy Act of 2012 aims to protect personal data in the information and communication systems, both in the government and the private sector. It mandates entities or organizations processing personal data to establish policies and implement measures that guarantee the safety and security of personal data under their control or custody.
Personal information controllers or personal information processors that employ more than 250 persons are required to register with the National Privacy Commission. Also required to register are those that have less than 250 employees but whose processing of information includes sensitive personal data of at least 1,000 individuals and likely to pose a risk to the rights and freedom of data subjects. —DORIS DUMLAO-ABADILLA