CIC on privacy protection at the MAP General Membership Meeting

MAKATI CITY, 27 April 2018 – PCEO Jaime P. Garchitorena seated as one of the panelists in the Management Association of the Philippines (MAP) General Membership Meeting with the theme "Competing in the Age of Disruption" at The Peninsula Manila.

Alongside Chairperson Teresita J. Herbosa of Securities and Exchange Commission (SEC), National Privacy Commission (NPC) Commissioner Raymund E. Liboro, Asia Pacific Varonis System Vice President Mr. Dietrich Benjes, and KPMG R.G. Manabat & Co. Director for IT Advisory Mr. Jallain Marcel S. Manrique, they have entertained questions and concerns from the members of MAP regarding protection of data privacy in the age of disruption.

 

Data Privacy Protection Management

On the panel discussion, panelists were asked on how to reconcile the provision of data privacy law with analytics that require access to full data of target individuals and used by the enterprises for business.

PCEO Garchitorena, in relation to mandating financial institutions to submit their credit data, explained that there must be consent of the data subject and permissible purpose to access their credit information.  The specific transaction which undergoes a thorough assessment could then be recorded and audited in case any misuse of information may be reported to the CIC.

 

Data is the new currency of power

"Gone were the days where anything related to IT was seen as isolated aspect."

As the speaker of the event, Commissioner Liboro emphasized that companies are built not only from the services or products offered, but most importantly from trust. In the age of disruption, the Commissioner aspires that a new mindset and set of skills will be introduced in the workplace.

 

Data Privacy Act of 2012

"The Data Privacy Act humanizes data."

Comm. Liboro also discussed the Data Privacy Act of 2012, where it mandates data collectors in both private and government sector to protect the security, integrity and confidentiality of the personal information they collect.

They are also obligated to collect personal information only for specified and legitimate purpose and should be relevant, accurate, and up to date.

 

Penalties are twice harsher

"For government, penalties are twice – twice harsher."

The panelists were asked how government agencies assess - from national to the department to the LGUs - all their data privacy system and how do they educate and train their employees to ensure that their respective data are well preserved and regulated.

Comm. Raymund Liboro said that officials are not exempted from provisions of the law, instead there are separate laws governing employees from the government - making the penalties twice in relation to security provisions of the law.

With the concern related to the COMELEC data breach, PCEO Garchitorena shared how the CIC realized that the COMELEC database has the same elements as that of the CIC in terms of fields of information in acquiring financial services, thus leading the agency to do vulnerability tests to ensure that what happened to the COMELEC will not happen to the CIC's system.