NPC takes data privacy education beyond Metro Manila

The National Privacy Commission, the country’s vanguard in protecting citizen’s data privacy, is launching this year projects that will expand basic data privacy education beyond Metro Manila, amid pronouncements from the Department of Information and Communications Technology that various government agency websites are currently under significant threat from cyberattacks.

During the recent fireside chat, titled "Insights into the Future: Fireside conversations on data privacy for 2024," hosted by the International Association of Privacy Professionals Knowledgenet Philippines, NPC Deputy Commissioner Leandro Angelo Aguirre said this year’s data privacy protection initiatives include plans for a Data Privacy Foundational Course that can be easily implemented by training providers outside of the capital.

The course is designed to be both operational and practical, with benefits for senior management as well as legal professionals and data protection officers.

"We want to democratize access to privacy education," to release the course materials before Privacy Awareness Week in May. The intention is to enable groups outside of Metro Manila to run their courses with materials from the agency,” he said.

Aguirre emphasized NPC’s commitment to transparency by launching "Calls For Public Input In Addition To Public Consultation."

These efforts include crafting issuances about the research exception under Section 4 of the Data Privacy Act, as well as guidelines for data scraping.

“We want to institutionalize this because the input coming from the private sector from people that are (actually) affected by these issuances is very valuable," Aguirre said as he highlighted the importance of engaging with affected parties even before the drafting of issuances to ensure that the regulations are meaningful and well-informed.

The NPC official also mentioned a Notice for Public Consultation over CCTV issuance and the commission’s planned issuance for model contractual terms for cross-border transfers, as well as a circular on privacy codes, to establish a clear approval process. He also unveiled plans to come up with Guidelines on Children’s Privacy, emphasizing a risk-based approach and the significance of taking into account the unique cultural and sociological factors of Filipinos.

Furthermore, the country’s privacy watchdog wants to release rules on tracking mechanisms, with a focus on consent cookies and how they comply with the Circular on Consent. Aguirre also announced plans to issue an advisory for the protection of lawful rights and interests in court proceedings and the development of legal claims, with the goal of providing clarification on an often-questioned topic.

He also discussed the NPC's upcoming circular on security measures, highlighting the intention to revise NPC Circular 16-01, which now solely applies to the public sector. The circular aims to provide basic measures for both the private and public sectors to follow. Aguirre explained that for those who are already working on their compliance, the circular is not intended to establish new requirements but rather to serve as a benchmark for organizations to evaluate their existing security measures.

Aguirre expressed hope that such initiatives would strengthen the foundation of data privacy in the coming years.

Earlier, the DICT recently intercepted attacks originating "within China," with a particular focus on entities such as the Overseas Workers Welfare Administration.

In reaction to these alarming incidents, Senator Grace Poe has called for rapid improvements to the firewall mechanisms on government agency websites.

The lawmaker emphasized the collective duty of reinforcing these systems, emphasizing the government's commitment to use every available means to safeguard the security and integrity of people's data.

With the mandate to implement the provisions of the Data Privacy Act of 2012 and to ensure the country's adherence to international data protection standards, the agency’s goal this year is to address the ongoing challenges in understanding fundamental concepts of data privacy and the law.