National Privacy Commission of the Philippines (NPC) creates “privacy mark.”
The NPC said it will be rolling out a voluntary certification scheme to monitor companies’ compliance with international privacy standards. The certification program, including a “privacy mark,” is aimed at helping companies build up their reputations for protecting privacy.
Companies should invest in earning certifications and seals of approval from the NPC. The incentive is recognition for excellence for achieving a higher level of accountability. The NPC said certifications for compliance with Apec (Asia Pacific Economic Cooperation) cross-border privacy rules would also give firms a pathway to global markets. NPC is partnering with bilateral, regional and international organizations for global data transfer mechanisms to ensure the free and secure flow of data from and into the Philippines.
Inclusion in the cross-border system would allow companies to transfer data to other certified companies operating in the region under a single system, reducing data transfer costs associated with complying with varying international privacy rules.
Privacy war on mobile applications
There are some of the changes to the data privacy/protection laws in the region:
Thailand has delayed full implementation of the Personal Data Protection Act (PDPA) by a year due to the pandemic and the legislation’s related processes have not been settled yet. Meanwhile, in Singapore, the new amendments to the PDPA took effect in February 2021.
There has been a great deal of interest in privacy issues concerning mobile applications. We saw a growing public and media interest regarding the intrusiveness of mobile apps, as well as privacy concerns surrounding them. Reputable media platforms such as Money FM Singapore and BFM Malaysia reached out for radio interviews on dangerous permissions of mobile apps, including Apple’s privacy nutrition label and Apple’s App Tracking Transparency (ATT).
It is heartening to note that there has been greater awareness surrounding data privacy and the inclusion of apps.
NPC will enforce penalties for data privacy violations
NPC is now gearing towards a stricter regulatory environment with penalties ranging up to P4 million in fines per incident of violation and up to seven years of imprisonment. Companies in the Philippines better shape up regarding data privacy protection! Training and automation in privacy protection is available. Ask for support.
Insider data breach and risks
Critical digital assets such as personal, company data and financial data that enable e-commerce are becoming increasingly vulnerable due to exponential growth in online transactions, variations in regulatory requirements, business partnerships and outsourcing of services.
These lead to an increased risk in the compromise of the security of data and/or data breach across all industries globally. According to an analysis of cyber security claims made to the insurance company Chubb in the past 10 years, employee-related incidents (insider) account for a significant percentage of the claims. What are internal risks? This is an employee or third-party vendor that has access to a company’s network.
Covid-19 and data protection
Almost everywhere we go, we are required to have our contact tracing apps scanned or we may have to manually fill in some logbook or contact tracing sheets and provide our age, place of residence, e-mail address, contact number, and health and travel information. The big question: what happens with the information, who is using it beyond the original Covid-19 tracking system? We have to watch our data carefully and rely on the data privacy protection systems as a support.
There is no question that we have to observe the new rules in the Philippines and other places in the region carefully. Feedback is welcome; contact me at email@example.com