THE National Privacy Commission has assured the public that the Philippines has the “strictest” law in the world when it comes to personal data protection, amid concerns over proposals to implement a national identification (ID) system.
Privacy Commissioner Raymund Liboro on Tuesday said the agency was formed in March 2016 to implement the Data Privacy Act of 2012 or Republic Act 10173.
“It’s a 21st-century law for 21st-century concerns and challenges,” Liboro said during a roundtable discussion with The Manila Times editors and reporters.
He said the NPC was one of the bodies tapped by Congress to help in the crafting of the law implementing the national ID system.
“We have one of the strictest laws on data processing, at this point. It’s quite punitive even by world standards. We have imprisonment, others don’t have,” he said.
“We are here to equip companies and the government [agencies]to equip themselves, to analyze for themselves, and to come up with measures to protect personal data. This is the next frontier. We want people to trust ID systems,” he added.
Liboro, however, clarified that the commission is not a policy-making body.
“But we can look, based on the law, how do we prevent or how would they prevent adverse impacts on individuals by applying these principles: transparency, purpose, and proportionality,” he said.
“We assume that the government’s actions is really for societal good, for public good. If the government will violate it, or any agent of the government will violate any provisions of the law, then mananagot sila (they will be held liable),” Liboro said.
Privacy by design
To prevent data breaches, businesses and government agencies should include privacy features in the planning stages of their projects.
“What is the underlying theme of data privacy? It’s trust. It’s building trust in the digital economy and maintaining that trust,” he said.
“We are now looking at how companies, internally, can protect your data so that they can establish that trust. And government is the No. 1 repository of personal data,” he added.
Liboro cited the commission’s recommendation to file charges against former Commission on Elections (Comelec) chairman Andres Bautista for the breach of the poll body’s computer system at the height of preparations for the 2016 national elections.
The so-called “Comeleaks” compromised the sensitive personal information of over 55 million Filipino voters.
“We do not try but we only provide the information. It’s already with the courts,” Liboro said.
He said the 2016 Comelec case was the “biggest breach of a government-held database in the world.”
“This is what we are trying to avoid because it affects the reputation (of the concerned data collecting agency). You will have trust issues toward that agency,” he said.
He pointed out that people now lead two lives: the physical life and the digital life, making data privacy regulations imperative to prevent hacking and similar security breaches.
“It’s time to bring back control of your digital life to the persons who really own these assets, which is your personal data,” he said.