To ensure that major telecommunications companies are implementing appropriate security measures to protect the personal data of Filipinos under the Subscriber Identity Module Registration Act (Republic Act 11934), the National Privacy Commission recently held simultaneous on-site visits to the head offices of telecommunication companies for compliance checks.

In a report, the NPC said it visited Smart Communications, Globe Telecom, and Dito Telecommunity on Friday, 13 January 2022.

Privacy Commissioner John Henry Naga, together with the Chief of NPC’s Compliance and Monitoring Division Atty. Rainier Anthony Milanes,  joined the on-site visits to oversee the activities and discuss the importance of the compliance check with the data protection team of each telco.

“The telcos should consider these Compliance Check On-site Visits as an opportunity to demonstrate that they have sufficient organizational and program controls and security measures in place to guarantee that the personal data being processed in relation to the SIM registration are safe and secure,” Naga said.

“Telcos must take their responsibility of protecting the privacy rights of their subscribers seriously, by ensuring that personal data related to SIM registration are properly collected and stored, access to the data is restricted by role-based access controls, and data servers are protected by encryption and layers of firewall,” he added.

Milanes said that “as a regulator ensuring compliance with the Data Privacy Act of 2012, we must see firsthand how these controllers conduct their day-to-day operations, which should incorporate items stated in their privacy manuals.”

“With the leadership of our Privacy Commissioner, the NPC’s Compliance and Monitoring Division shall continue to conduct various mechanisms that would ensure the telcos’ compliance with the DPA,” Milanes added.

At the end of the visit, the three telcos were briefed on gaps found in their personal data privacy implementation, and were required to submit proof of compliance within 15 days.

Naga said that, in general, Smart, Globe, and Dito have demonstrated their capability to protect the personal data of their clients.

He maintained that telcos should ensure that their security measures are further improved and strengthened as information and communications technology advances.

The SIM Registration Act was implemented on December 27, 2022.

Earlier, the NPC had ordered the telcos to address privacy concerns related to the implementation of the SIM registration, which led to immediate changes in the telcos’ SIM registration processes on their websites and mobile applications.