THE National Privacy Commission (NPC) is requiring select companies to submit details of their data-protection officer by September 9 to ensure the public can access the information on NPC’s web site and have a mode of redress should they find fault in the way a company has handled their personal information.
“Privacy is fast becoming the biggest differentiator among businesses. We are also protecting an industry whose main business is processing data so we have a lot of stake here. Client-companies are starting to look at data privacy and culture of privacy,” National Privacy Commission Chairman Raymund Liboro said in a news briefing on Tuesday.
The contact-center industry is a priority sector of the NPC targeted for compliance to the Data Privacy Act of 2012, considering the country’s position as the second top destination for business-process outsourcing (BPO) work.
Other sectors tagged as “high-risk” priority sectors (denoting their core activity is processing personal information) are the government, telcos, public schools and the health sector.
The Data Privacy Toolkit publication said the government and private sectors considered personal- data controllers should comply with the following:
- Appointment of a data protection officer (good governance framework);
- Conduct privacy impact assessment;
- Privacy management program an manual;
- Implementing privacy and data protection measures; and
- Establishing a stringent breach reporting system.
“We are starting from a very low baseline [of awareness and understanding of data privacy], we learned in a survey,” Liboro added.
“The registration is a must for companies with 250 employees and above, and processing personal information, with at least 1,000 records,” he said.
Half of the 285 government agencies have already complied.
For the BPO industry as a whole, improving compliance may mean more outsourced work as the source countries may see the Philippines as upholding equally stringent data-protection measures.
Other countries observe strict data-privacy restrictions when it comes to transferring their residents’ data outside their region unless the outsourcing provider is located in a country with existing data-privacy laws.
In line with this push for wider compliance, the Contact Center Association of the Philippines (CCAP) will be hosting one of the biggest data privacy summits in Asia, Data Privacy Asia 2017 on July 20 at Makati Shangri-La.
In 2016 the Philippine IT-BPM industry generated $22.9 billion in revenue. It also provided direct employment to 1.15 million Filipinos and created an additional 3.68 million jobs outside the industry (indirect and induced employment).
The industry’s road map showed that by 2022, it aims to garner $40 billion in revenues, 1.8 million in direct jobs and 7.6 million indirect jobs in IT-BPM.