So many things have been happening in our business environment. One is the enforcement of the final implementing rules and regulations of the Republic Act. No. 10173 or the Data Privacy Act of 2012, a comprehensive piece of legislation “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.”
This law mandates that “(the) processing of personal data shall be allowed subject to adherence to the principles of transparency, legitimate purpose, and proportionality.” RA 10173 also established a National Privacy Commission to enforce the law, oversee the mechanics surrounding it, and propose amendments to it, as necessary.
Another requirement is for private companies dealing with personal and sensitive information to put in place a privacy program, which will look into the processes for collecting this type of data, securing consent, and making sure that access is given only for the purpose it was initially requested. Companies must also have safeguards to ensure proper access to this information, provide a course of action for those who may wish to remove their personal data, and ensure that data is kept in a time-bound manner. Finally, the law also mandates the installation of a security program to protect personal or sensitive information.
I believe most GICC members have all the above requirements in place, given that most parent companies are multinationals that are fully compliant in jurisdictions where data privacy rules are more advanced. But I would urge you to ensure that our organizations are recorded as compliant by the Philippine government. On the ground, registrations need to be completed and privacy personnel need to be named.
Data is a much-valued asset in our business, and it would benefit us to help the Philippine government enforce this law.
Separately, we’ve discussed the need to support efforts to retain our industry’s fiscal and non-fiscal incentives. One key step in encouraging sustained support from government is to enlist the help of IT-BPM employees in spreading the word about how the industry has changed their lives. To do this, IBPAP has created #Blessed, a social video campaign reminding us that every story counts.
Please share this link with your respective companies and IT-BPM industry colleagues. Post it on your company intranets, websites and social networks. Urge your employees to do so on their personal pages. The more shares, the more stories, the more our concerns will be recognized.
Corporate citizenship respects the law, and participates in its formation. Let’s do our part for a better business environment.
GICC Chair | IBPAP Board of Trustee