Makati Mayor Abby Binay has directed all city departments and offices to give their full support to ongoing efforts of the city government to fast-track the city’s full compliance with the Data Privacy Act of 2012, otherwise known as Republic Act 10173.
Given the city’s thrust towards digital transformation, the mayor said it is “absolutely necessary” to take adequate preemptive measures in order to protect Makatizens and all other stakeholders from all forms of cybercrime.
“My administration is firmly committed to pursuing full compliance with the Data Privacy Act of 2012. We regard this as a fundamental and absolute necessity if we are to attain our vision of a Digital Makati where our citizens and other stakeholders can enjoy the optimum benefits of information technology, without worrying about threats to data privacy and exposure to cybercrime,” Binay said.
The mayor also pointed out that being the country’s financial center, Makati’s compliance with the law will boost investor confidence and strengthen its competitive advantage as an ideal investment destination in Asia.
She said the city has taken the initial steps towards the creation of its own Privacy Management Program and Privacy Manual.
“We recognize the urgency of establishing safety protocols against data privacy breaches, identity theft and fraud. Our desire to promote efficiency and transparency in governance with the aid of modern technology can never be greater than our commitment to uphold the highest level of public trust,” Binay said.
“We must ensure that information we gather will serve solely as tools for innovation and development for the benefit of all Makatizens,” she added.
In September 2017, Binay initiated the registration of Makati City in the Data Privacy System of the National Privacy Commission.
To accomplish the first phase of the Data Privacy Accountability and Compliance, she has designated Atty. Joselino N. Sucion, a certified public accountant, as the city Data Protection Officer.
As DPO, the tasks of Atty. Sucion shall include the following: Monitor the Personal Information Controller’s or Personal Information Processor’s compliance with the DPA, its IRR, issuances by the NPC and other applicable laws and policies;
Ensure the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems of the PIC or PIP; Advice the PIC or PIP regarding complaints and/or the exercise by data subjects of their rights (e.g., requests for information, clarifications, rectification or deletion of personal data); and Perform other related activities as provided for under RA 10173 or DPA of 2012.
Last January, Atty. Sucion presided over a meeting with designated Compliance Officers for Privacy of city departments and offices to discuss the proposed data privacy system and gather their inputs for the immediate drafting of the Privacy Impact Assessment on Makati.
The purpose of the PIA is to provide standards in preserving the confidentiality, integrity, and availability of information obtained, created, processed, stored, transmitted, and/or disposed in the performance of the respective duties and functions of city offices.
Republic Act No. 10173 or the Data Privacy Act of 2012 is an act protecting individual personal information in information and communication systems in the government and the private sector, creating for this purpose a national privacy commission, and for other purposes.
The NPC has outlined five pillars or phases of Data Privacy Accountability and Compliance, as follows: I. Commit to Comply: Appoint a Data Protection Officer; II. Know your Risks: Conduct a Privacy Risk or Impact Assessment; III. Be Accountable: Write your Privacy Management Program and Privacy Manual/Privacy Management Program Guide; IV. Demonstrate your Compliance: Implement Privacy and Data Protection Measures; and V. Be prepared for Breach: Regularly exercise your Breach Reporting Procedure.
At present, Makati is in the second phase and currently preparing for the third phase of the five pillars.
According to the NPC, advantages to be gained through compliance with the Data Privacy Act include protecting the privacy of individuals while ensuring free flow of information to promote innovation and growth; regulating the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of personal data; and ensuring that the Philippines complies with the international standards set for data protection through the NPC.