Mayor Abby Binay has ordered all city departments and offices to give their full support to ongoing efforts of the city government to fast-track Makati’s full compliance with the Data Privacy Act of 2012, Republic Act 10173. This, Binay said, is “absolutely necessary” to protect Makatizens and other stakeholders from all forms of cybercrime.
“My administration is firmly committed to pursuing full compliance with the Data Privacy Act of 2012. We regard this as a fundamental and absolute necessity if we are to attain our vision of a Digital Makati, where our citizens and other stakeholders can enjoy the optimum benefits of information technology without worrying about threats to data privacy and exposure to cybercrime,” she underscored.
The mayor also pointed out that being the country’s financial center, Makati’s compliance with the said law will boost investor confidence and strengthen its competitive advantage as an ideal investment destination in Asia.
The local chief executive said the city has taken the initial steps toward the creation of its own Privacy Management Program and Privacy Manual.
“We recognize the urgency of establishing safety protocols against data-privacy breaches, identity theft and fraud. Our desire to promote efficiency and transparency in governance with the aid of modern technology can never be greater than our commitment to uphold the highest level of public trust,” Binay added. “We must ensure that information we gather will serve solely as tools for innovation and development for the benefit of all Makatizens.”
In September 2017 Binay initiated the registration of Makati City in the Data Privacy System of the National Privacy Commission (NPC).
To accomplish the first phase of the Data Privacy Accountability and Compliance, she has designated lawyer Joselino N. Sucion, a certified public accountant (CPA), as the city data protection officer (DPO).
As DPO, the tasks of Sucion shall include the following: Monitor the Personal Information Controller’s (PIC) or Personal Information Processor’s (PIP) compliance with the DPA, its implementing rules, issuances by the NPC and other applicable laws and policies; ensure the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems of the PIC or PIP; advice the PIC or PIP regarding complaints and/or the exercise by data subjects of their rights (e.g., requests for information, clarifications, rectification or deletion of personal data); and perform other related activities as provided for under RA 10173 or DPA of 2012.