Data privacy is a kind of data security wherein one’s data is properly handled. It involves the protection of one’s data, the act of whether it is shared with third parties, and the way it is collected and stored. As we encounter digital data every day, it is important to understand data privacy – specifically the data privacy act.
Data Privacy Implementation in the Philippines
The Data Privacy Act of the Philippines, also known as the Data Privacy Act of 2012 or Republic Act No. 10173, is defined by the National Privacy Commission as “the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth” (Republic Act. No. 10173, Ch. 1, Sec. 2).
Sharing one’s sensitive personal information is common especially when applying for a job, joining an organization, and the like. This means that organizations and companies are obliged to follow the rules under data privacy. Collected data must have valid reasons for collection and must be clear to both the recipient and the owner of the data.
Sensitive personal information includes the following:
- Ethnic origin
- Marital status
- Religious, philosophical, or political affiliations
- Health information
- Genetic or sexual life
- Any proceeding for any offense committed or alleged to have been committed
- Social security numbers
- Previous or current health records
- Licenses or its denials, suspension, or revocation
- Tax returns
Implementing Tips for the Data Privacy Act
Photo courtesy of Free-Photos via Pixabay
One of the essential undertakings that companies must know is how to implement the data privacy law. Here are a few tips to guide companies and organizations in implementing data privacy security measures:
- Have a proper understanding of the data
Companies must understand the data they are collecting and why they are collecting such. Have a proper understanding of the purpose of the data and the way it is being processed. Know where the data is stored, how it is being used, and who can access it. More than understanding the data, be sure to read up on the data privacy law. It pays to know what you’re protecting.
- Inform employees about their rights and responsibilities
It’s only fair that the provider of the information is well informed about the know-how of data privacy. Educate your employees on data privacy and the measures that the company takes to ensure the protection of their information. Hold training sessions and seminars that explain how data privacy works. When employees are aware of the process of compliance, they become aware of their roles in data privacy in the organization.
When it comes to protecting customer data, it’s common sense that whoever has access to it must protect it – but it is also crucial that employees know the thorough process of compliance. More than this, educate your employees about possible scams and fraud schemes that could threaten the data in the company’s possession.
- Dispose of unneeded data correctly
When letting go of unneeded data, simply deleting it is not enough. Companies should have a strategy in erasing data to ensure that it is completely inaccessible and irretrievable. Data destruction software can ensure an extra layer of safety beyond a simple delete button.
Data wiping or data erasure is a method of overwriting data in order to destroy all existing electronic data on digital media. This process of overwriting data makes it unrecoverable. Data shredding completely removes data on a digital storage device or hard disk, making the data completely unrecoverable. Lastly, data degaussing is the process of eliminating and disrupting magnetic fields on disk media. It destructs data on magnetic storages like hard drives.
When it comes to printed data, the paper shredder is sure to come in handy.
- Hire a Data Protection Officer
The National Privacy Commission explains that appointing a Data Protection Officer (DPO) is a legal requirement for personal information controllers (PICs) and personal information processors (PIPs). Since personal data is now an essential element in many businesses and companies, we need a DPO now more than ever.
DPOs do not only help companies comply with the legal obligation. They also ensure the protection of personal data collection and accountability to the data privacy act.
- Know what to do in case of security breaches
Companies must have a comprehensive plan in case personal data is compromised or stolen because of a security breach.
The guidelines for technical security measures in Section 28 of the Data Privacy Act says: “Regular monitoring for security breaches, and a process both for identifying and accessing reasonably foreseeable vulnerabilities in their computer networks, and for taking preventive, corrective, and mitigating action against security incidents that can lead to a personal data breach.”
Failing to Comply with the Data Privacy Act
Data privacy is an essential element in any company or organization. Those that fail to comply can be penalized by imprisonment up to six years and a fine of not less than five hundred thousand pesos (PHP 500,000) and not more than five million pesos (PHP 5,000,000).