Category Archive: Press Statement
Empowering Youth Protection: Privacy Commissioner’s Full Support for Anti-OSAEC and CSAEM Act's IRRComments Off on Empowering Youth Protection: Privacy Commissioner’s Full Support for Anti-OSAEC and CSAEM Act's IRR
The National Privacy Commission (NPC) wholeheartedly supports the issuance of the
Implementing Rules and Regulations (IRR) for the Anti-Online Sexual Abuse or Exploitation of
Children (OSAEC) and Anti-Child Sexual Abuse or Exploitation Materials (CSAEM) Act, also
known as the Anti-OSAEC and CSAEM Act. This legislation signifies a significant milestone in our
ongoing efforts to combat online sexual abuse and exploitation of children, as well as the
dissemination of child sexual abuse or exploitation materials.
The process of drafting the IRR for the Anti-OSAEC and CSAEM Act was commendably thorough
and inclusive. It entailed multi-sectoral consultations involving various stakeholders such as
children's groups, the private sector, the general public, and other organizations dedicated to
combating online sexual abuse and exploitation of children. This collaborative approach facilitated
invaluable dialogue and insights, undoubtedly contributing to the IRR's comprehensiveness and
The NPC acknowledges the importance of safeguarding the privacy and personal data of
individuals, particularly children, in today's digital era. Through our Youth Online Protection
Program, known as Kabataang Digital, we are fully committed to promoting online safety and
security among the youth.
We firmly believe that raising awareness and understanding of these legal instruments is crucial
for ensuring their successful implementation. As our nation progresses in the fight against online
sexual abuse and exploitation of children and child sexual abuse or exploitation materials, the
NPC, along with our Kabataang Digital Program, stands prepared to provide support, collaborate,
and engage with all stakeholders to accomplish the objectives outlined in the law.
Let us continue working together towards creating a safer and more secure digital environment for
our children, where their rights are upheld, their privacy is safeguarded, and their well-being
ATTY. JOHN HENRY D. NAGA
Statement of Privacy Commissioner John Henry Naga on the alleged leak of personal data among law enforcement agenciesComments Off on Statement of Privacy Commissioner John Henry Naga on the alleged leak of personal data among law enforcement agencies
Today, 20th of April 2023, the National Privacy Commission gathered the concerned government agencies, namely, the Philippine National Police (PNP), National Bureau of Investigation (NBI), Civil Service Commission (CSC), and Bureau of Internal Revenue (BIR) to address the alleged leak of personal data involving law enforcement agencies.
According to representatives of said agencies, after conducting their respective investigations and vulnerability tests, the NBI, CSC, and BIR have confirmed that there were no breaches on their part and will release their respective statements to the public. However, the Philippine National Police requested for time to validate and review its systems for possible security compromise considering that the Police was highlighted in the report alleging the data leak.
To further investigate this matter, we issued an order to conduct an onsite investigation on the concerned data processing system of PNP on 24 April 2023 headed by the Complaints and Investigation Division of this Commission. Likewise, we also ordered Mr. Jeremiah Fowler, the cybersecurity researcher who published an article regarding this matter, to appear before this Commission on 21 April 2023 to aid this Commission in its investigation.
The recent allegations of a data breach involving law enforcement agencies in the country should serve as a reminder that no organization, not even the government, is immune to the threat of cyberattacks. And that we should remain in constant vigilance in protecting personal data.
I call on all government agencies and private sectors processing personal data to review the implementation of their data privacy and security measures. It is not enough to simply comply with existing regulations and standards; we must also proactively identify and address potential vulnerabilities.
Even as our probe is underway, the NPC strongly demands of these government agencies, such as the PNP, to strictly comply with the Data Privacy Act of 2012, including the mandatory breach notification requirement under various NPC Circulars.
ATTY. JOHN HENRY D. NAGA
STATEMENT OF PRIVACY COMMISSIONER JOHN HENRY NAGA ON SELFIE VERIFICATION IN SIM CARD REGISTRATIONComments Off on STATEMENT OF PRIVACY COMMISSIONER JOHN HENRY NAGA ON SELFIE VERIFICATION IN SIM CARD REGISTRATION
In performing their responsibilities under the Subscriber Identity Module (SIM) Card Registration Act, Public Telecommunications Entities (PTEs) are reminded of their obligation to process our citizens' personal data in accordance with the Data Privacy Act of 2012.
Thus, as an additional layer of protection against fraud and identity theft, the processing involved in selfie verification should pass the general data privacy principles of transparency, legitimate purpose, proportionality, and all other data privacy safeguards in the law.
Ensuring the privacy of our registrants is paramount to instilling trust in the full implementation of the SIM Card Registration Act. This will be bolstered if PTEs can guarantee that all the data in their possession are protected against misuse, unauthorized processing, data breaches, and all other security incidents.
ATTY. JOHN HENRY D. NAGA Privacy Commissioner
Press Statement of NPC on the SIM Card Registration BillComments Off on Press Statement of NPC on the SIM Card Registration Bill
The National Privacy Commission (NPC) supports the intention of the SIM Card
Registration Bill to prevent the proliferation of various and evolving electronic communicationaided criminal activities.
The NPC is fully aware that implementing a SIM card registration system will entail a
massive collection of personal data. Hence, there is a strong need to develop a technology-neutral
approach and to future-proof the proposed legislation to achieve its intended purpose, in a
manner that respects the rights and freedoms of the data subjects.
The NPC advocated to the House of Representatives and the Senate of the Philippines to
consider the proportionality principle and data minimization mechanisms concerning the
provisions on social media providers and authorized resellers. Mechanisms must be developed
and implemented to prevent security risks and data breaches that may arise from overcollection
and improper or inadequate monitoring practices.
The NPC recommended that the burden to determine the SIM card buyer’s identity
should not fall on retailers who may not have the necessary know-how or resources to properly
verify the identity of data subjects and the authenticity of the identification cards that will be
presented. Delegating it to these retailers may result in overcollection and improper or
inadequate monitoring and security practices. This was adopted in Section 5 of the Bill.
The NPC also discouraged the use of a centralized server or database as it carries greater
risks if a security breach occurs. This recommendation was adopted in Section 6 of the Bill, which
requires that the designated government agencies or public telecommunications entities (PTEs)
maintain their own databases. The PTE must strictly use the database to process, activate, or
deactivate a SIM or subscription, and not for any other purpose.
In fulfillment of its duty to uphold the rights of data subjects, the NPC will closely
coordinate with other agencies to develop the necessary guidelines to properly implement the
Privacy Commissioner’s statement on invoking data privacy in the refusal to comply with subpoenasComments Off on Privacy Commissioner’s statement on invoking data privacy in the refusal to comply with subpoenas
We would like to reiterate that the Data Privacy Act of 2012 (DPA) does not prohibit the disclosure of personal or sensitive personal information (collectively, personal data) when necessary for purposes of complying with validly issued subpoenas by government investigating bodies. Data privacy rights should not be cited as an excuse to evade legal proceedings.
While we advocate for the protection of the right to data privacy of data subjects, there are provisions in the law that recognizes the processing of personal information when necessary for compliance with a legal obligation or to fulfill functions of public authorities. On the other hand, sensitive personal information may also be processed when provided for by existing laws and regulations, or necessary for establishment, exercise, or defense of legal claims, among others.
We hope that this clarifies the scope and limitation of our law and its implications to existing and future legal proceedings.
RAYMUND ENRIQUEZ LIBORO
Stop Profiling and Red Tagging Pandemic HeroesComments Off on Stop Profiling and Red Tagging Pandemic Heroes
The National Privacy Commission denounces in the strongest terms any act of unjust profiling of community pantry organizers whom we consider heroes of this pandemic as this may violate their right to privacy. We have always been firm in our stand that unjust profiling activities are unwelcome due to the risks it entails to our citizens, such as discrimination and stereotyping.
It is for this reason that we express our grave concerns over the statement of Lieutenant General Antonio Parlade Jr. regarding Ms. Ana Patricia Non, likening her selfless act to that of Satan’s.
Labels like these are unnecessary when the people are struggling to find every means to survive in this pandemic.
The unwarranted profiling activities are being carried out against those organizing community pantries in aid of the less fortunate. Despite this good intention, they have been discouraged from continuing this activity because of red tagging.
It is during these trying times that we should not, by any means, fuel discrimination against anyone who has done nothing to deserve such. We must aim to build a united community driven by volunteerism with the genuine desire to help others and the needy.
Unjust profiling destroys the Filipino Bayanihan spirit.
RAYMUND ENRIQUEZ LIBORO
On the Alleged Profiling of Community Pantry OrganizersComments Off on On the Alleged Profiling of Community Pantry Organizers
While more people set up community pantries in the spirit of bayanihan, it has come to our attention that there were concerns over alleged profiling of organizers of these initiatives. Individuals were purportedly asked to provide personal data including their email address, Facebook account name, family background, among others.
We would like to emphasize that collecting personal data must be done fairly and lawfully with respect to the rights of a data subject, including the rights to be informed and object.
The Philippine National Police’s (PNP) leadership in the past has acted on unlawful profiling and recognized the importance of protecting the privacy of the citizenry in the performance of their duties.
Today, we call on again the attention of the PNP Data Protection Office to look into these reports and take appropriate measures to prevent any doings of its personnel on the ground that could potentially harm citizens and violate rights. Should there be a need to collect personal information to maintain peace and order, it must be accomplished with transparency, legitimate purpose, and proportionality.
In times of adversity, Filipinos have the ability to come together and do extraordinary deeds. We must continue these efforts to build trust within and across communities amid this unprecedented health crisis.
RAYMUND ENRIQUEZ LIBORO
Practice Transparency with Responsibility when Posting SAP Beneficiaries on Social MediaComments Off on Practice Transparency with Responsibility when Posting SAP Beneficiaries on Social Media
The National Privacy Commission is urging local government authorities to practice transparency with responsibility when posting the identities of the financial beneficiaries of the Social Amelioration Program (SAP) on social media.
We understand that using social media platforms is a quick and accessible method to reach the public and uploading the list of SAP beneficiaries through these platforms may be considered an efficient way to exercise transparency in utilizing public fund.
However, public disclosure of personal information should strictly adhere to the principle of proportionality. Local Government Units (LGUs) must determine the types of personal data that they will disclose, particularly when the original list of SAP beneficiaries contains sensitive personal information.
The Data Privacy Act does not prohibit LGUs to disclose information which it deems essential for the public to know in the name of transparency. Nevertheless, LGUs should be mindful of its concomitant responsibilities as personal information controllers.
NPC INVESTIGATING ALLEGED LARGE-SCALE FACEBOOK BREACHComments Off on NPC INVESTIGATING ALLEGED LARGE-SCALE FACEBOOK BREACH
The National Privacy Commission (NPC) is currently validating information that says 879,699 Facebook accounts of Filipino netizens allegedly are compromised as part of the large-scale breach affecting 533 million global users in the social media platform.
Initial information shows that the data leaked includes phone numbers, full names, location, e-mail addresses, and biographical information of users across various countries.
The NPC immediately reached out to Facebook’s Philippine Data Privacy Officer to gather more information on the matter.
As we await more answers, we highly encourage Facebook users to be more cautious online. We reiterate the need for the regular changing of passwords and the activation of two-step authentication of accounts to safeguard their personal information.
We assure the public that the NPC is on top of this matter.
Unified contact tracing app a welcome development says the Privacy CommissionerComments Off on Unified contact tracing app a welcome development says the Privacy Commissioner
Throughout this pandemic, we at the National Privacy Commission (NPC) maintained that privacy should be considered in government interventions that make use of personal data.
When the government collects the personal data of our citizenry, we owe to them a solemn covenant to protect their personal data, and ensure that we will not use their data for other purposes.
Filipinos need to be assured that data is handled securely; the data demanded of them is proportional to the purpose; they can understand how their data will be used; there is a specific purpose for the processing; and their data will be retained for no longer than is necessary.
Through these we earn our citizens' trust on which the very success of our contact tracing efforts is hinged.
We see the Memorandum of Agreement (MOA) signing as a welcome development. With the MOA, the government thru the Department of the Interior and Local Government (DILG) gives the Filipinos an assurance that it shall assume complete responsibility and controllership over StaySafe.PH and all sensitive personal data that are collected with the use of this application.
The NPC recognizes the immense benefits of data-driven technologies. We treat our personal information controllers all the same, and we help those that try to comply with the Data Privacy Act and its principles.
We will continue to work closely with the DILG, Department of Information and Communications Technology, Department of Health and the government as we continuously improve the system. We will be there to assist in every step of the way to ensure that privacy is considered at every stage of its implementation.
Privacy Commissioner Raymund Liboro on PNP request to obtain lawyer list in Calbayog CityComments Off on Privacy Commissioner Raymund Liboro on PNP request to obtain lawyer list in Calbayog City
In light of the issue concerning the request of list of lawyers representing communist groups, the National Privacy Commission (NPC) reminds all government agencies as personal information controllers of their duties and responsibilities under the Data Privacy Act of 2012.
While the NPC recognizes that there may be a presumption of regularity in the conduct of police operations, the rights of the data subjects remain to be paramount and must be upheld at all times.
We would like to emphasize that law enforcement or investigative agencies of the government do not have blanket authority to access or use the information about private individuals under the custody of another agency.
Consideration shall be made on the nature of the requested information and on whether these are required to be kept confidential in line with other applicable laws and regulations on the matter.
The NPC is still monitoring the incident to obtain additional information.
Update on Alleged Cashalo Data BreachComments Off on Update on Alleged Cashalo Data Breach
Amid recent reports on the alleged data breach on the cash-loaning application Cashalo, operated by Oriente Express Techsystem Corporation, the National Privacy Commission (NPC) did a preliminary probe on the data security issue. Initial findings show that huge amounts of personal data from Cashalo are being dumped and sold on different cyber forums since February 14, 2021.
A certain user named “creepxploit” sells data of 3.3 million users of Cashalo containing their usernames, passwords, e-mail addresses, phone numbers and device identifications on two sites on the dark web. The user even provides sample data for potential buyers. Given the facts, it is suspected that the user successfully downloaded files from Cashalo's own database, which signifies a potential breach on the application. Creepxploit's posts remain accessible as of writing.
NPC immediately reached out to Cashalo through their data protection officer to relay the incident and required them to provide additional information. The Commission received Cashalo's breach report last February.
The Commission continues to monitor and investigate the case in coordination with the parties involved. Rest assured that the NPC does not condone any data privacy and protection violations, whether committed with malice or due to negligence. We hope to bring clarity to the incident soon and better protect those whose data privacy rights may have been compromised by this incident.
# # #
Privacy Commission wants deeper probe of Facebook, tells social media giant to do more to protect usersComments Off on Privacy Commission wants deeper probe of Facebook, tells social media giant to do more to protect users
We are initiating a deeper probe on Facebook’s proposed preventive actions regarding the proliferation of suspicious accounts as such activities on the platform continue to threaten the personal data privacy and other security-related rights of its Filipino users.
According to Facebook, they “removed two separate networks for violating our policy against coordinated inauthentic behavior (CIB). One of these networks originated in China and the other in the Philippines.” Under the network that originated in the Philippines, they “removed 57 Facebook accounts, 31 Pages and 20 Instagram accounts for violating our policy against foreign or government interference which is coordinated inauthentic behavior on behalf of a foreign or government entity.”
With this, we have sent a letter today inviting them to appear before the Commission as we seek for more details from its findings.
This is not our first encounter with Facebook. You may recall that in 2018, the Commission probe into the exploitation of the “View As” feature to extract user’s access tokens without their consent resulted into an order to comply with the provisions of the Data Privacy Act of 2012, such as establishing a dedicated help desk for Filipino data subjects on privacy related matters.
Now, we call again for Facebook’s compliance with laws, rules, and regulations under our jurisdiction. This ensures that responsible social media platforms shall elevate their community standards to a level that adequately protects the data privacy rights of Filipino data subjects and rights to free speech and expression.
It is incumbent on us at the National Privacy Commission to step up our action especially on platforms, like Facebook that is considered as one of the biggest holders and processors of personal data.
RAYMUND ENRIQUEZ LIBORO
Privacy Commissioner Liboro urges schools to fortify information systems amid rising security incidentsComments Off on Privacy Commissioner Liboro urges schools to fortify information systems amid rising security incidents
- The National Privacy Commission is looking into the reported security incidents sustained by prominent universities these past weeks.
- Amid the increase in personal data security incidents, we call on school officials to fortify their information systems.
- As schools shift to digital operations and virtual learning systems in the wake of the pandemic, they must prioritize the security of their information technology infrastructures and deploy a “privacy by design” approach by embedding privacy into their policies, networks and business practices.
- Security incidents that lead to personal data breaches could expose affected data subjects to possible harms including identity theft, scams, and phishing. Likewise, they undermine people’s trust in institutions, which are expected to keep personal data safe and private.
RAYMUND ENRIQUEZ LIBORO
# # #
Statement of Privacy Commissioner Raymund Enriquez Liboro on NPC’s upcoming meet w/ Facebook regarding impostor accountsComments Off on Statement of Privacy Commissioner Raymund Enriquez Liboro on NPC’s upcoming meet w/ Facebook regarding impostor accounts
- The National Privacy Commission has invited Facebook Philippines for a meeting on Tuesday, 16 June 2020, to seek more information regarding the numerous reports of impostor Facebook accounts.
- The Commission is currently coordinating with other government agencies, while conducting a separate investigation this matter.
- The National Privacy Commission is focused on probing the cause of the “privacy panic” triggered by these impostor accounts and instituting remedial measures to protect Filipino Facebook users.
- We shall continue to inform the public on the matter.
RAYMUND ENRIQUEZ LIBORO
# # #
Statement of Privacy Commission Raymund Enriquez Liboro on the Reported Proliferation of “Impostor” Facebook AccountsComments Off on Statement of Privacy Commission Raymund Enriquez Liboro on the Reported Proliferation of “Impostor” Facebook Accounts
The National Privacy Commission is monitoring reports about the proliferation of alleged impostor Facebook accounts that have victimized Filipino data subjects.
While the extent of these incidents is not yet fully determined at this time, we have been receiving reports from different sectors, mostly coming from academic institutions.
We immediately brought this to the attention of Facebook. According to Clare Amador, Facebook representative in the Philippines, they are already investigating this particular matter as well as other information on unauthorized FB accounts.
Meanwhile, the Privacy Commissioner has instructed Facebook to report its significant findings as soon as these become available.
In addition, we urge everyone to report alleged impostor accounts to Facebook through https://www.facebook.com/help/report.
RAYMUND ENRIQUEZ LIBORO
# # #
Press Statement of Privacy Commissioner Raymund Enriquez Liboro on the industry-wide Code of Ethics and Code of Conduct by FinTech AllianceComments Off on Press Statement of Privacy Commissioner Raymund Enriquez Liboro on the industry-wide Code of Ethics and Code of Conduct by FinTech Alliance
The National Privacy Commission is steadfast in protecting Filipino citizens in this rapidly-developing field of financial technology. We are very much committed to our primary goal: “to ensure balance of free flow of information while protecting the privacy of all data subjects”. Our Commission recognizes that one important component of successful digital governance is making sure that legitimate business interests thrive with accountability, compliance and ethics.
Let me take this opportunity to clarify the role of data privacy in light of emerging and sometimes disruptive technologies. As NPC we do not make policy choices. The Data Privacy Act of 2012 is also technology neutral. As NPC, we do not endorse nor condemn any particular technology because that choice is better left to businesses and their customers. As such, privacy regulators all over the world do not exist to disrupt disruptors. However, it is the abusive and harmful use of personal data that we condemn. It is the discrimination, stigmatization, loss of reputation and loss of individual autonomy resulting from the irresponsible and unlawful use of personal data which cause harm to individuals that the Data Privacy Act of 2012 address.
Digital technologies are considered the “engines of change” of the global economy and personal data is the “oil” that makes it work. Therefore, it is crucial to watch over this “oil” to ensure our economic growth that is inclusive, resilient, highly trusted and globally competitive.
Today is a milestone as we cast the widest net for consumer protection in tech driven financial services. The NPC, with its mandate to coordinate with other regulators and the private sector for a more effective implementation of Data Privacy Act of 2012, is working closely with other regulators: Bangko Sentral ng Pilipinas (BSP), Security Exchange Commission (SEC), Department of Trade and Industries (DTI), and FinTech Alliance to ensure the safety and security of consumers.
We are expressing our support to the institutionalization of code of ethics and adoption of code of conduct by the FinTech Industry. Through this, we expect FinTech companies to be more prudent and responsible in processing their clients’ personal data and succeed in achieving genuine financial inclusivity for the country.
Press Statement of Privacy Commissioner Raymund E. Liboro RE: Fact-finding reports on 3 major online lendersComments Off on Press Statement of Privacy Commissioner Raymund E. Liboro RE: Fact-finding reports on 3 major online lenders
The National Privacy Commission received this year multiple complaints against online lending companies. We received a total of 921 complaints reporting essentially the same facts:
- Use of contact list or phone directory without consent or authority;
- Disclosure of unwarranted or false information to other persons;
- Use of personal information for harassment and threatening communications; and
- Unduly intrusive personal data processing
The volume of the complaints filed and the seriousness of the allegations lead this Commission to create a taskforce to conduct an independent investigation against the online lending companies, focusing on the three applications comprising 61% percent of the complaints.
The Directors who are the responsible officers of these companies would have to explain and answer the charges filed by the Commission. To date cases have been filed against:
- Fynamics Lending Inc. and its responsible officers Meng Li, Changjin Wang, Kwinnie Mae Fianza, Jacquielyn Chua Garrido, Helen Joy Amican de Luna, and Bernard B. Salvacion, Jr. operating PondoPeso Online Lending Application
- Unipeso Lending Company and responsible officers, Haolong Li, Guanqun Luo, Flordeluna Rosell, Rizza Mae Lorilla, and Renyvic Duquitan operating Cashlending Online Application
- Fcash Global Lending Inc. and its responsible officers, Kellon De Jesus Manalastas, Tiancai Huang, John Christian P. Sia, Jovy Co Ting, and Zichao Su operating Fast Cash Online Lending Application
The NPC Taskforce concluded its investigation and their report reveal a business model founded on principles violative of the Data Privacy Act. This law is intended to protect the informational privacy of individuals, ensuring that they are not harmed with the illegal or unauthorized use of their personal information. Notable findings in the report include:
- Statements from complainants about the illegal and unauthorized processing of personal information
- Failure to demonstrate compliance with requirements of the DPA, and issuances of the Commission such as late registration, inadequate notice and consent
- Use of applications with dangerous permissions, allowing the company to access phone directory, camera, location and storage of devices where the application is downloaded and installed
- Evidence showing unauthorized processing, processing for unauthorized purpose, malicious disclosure and unauthorized disclosure.
These companies and their directors are now given the opportunity to respond to these charges and are given 10 days to file an answer. If the Directors and these companies fail to answer, this Commission will render a decision based on available evidence. These companies may face possible stop processing orders. Criminal prosecution may also be recommended against its directors before the Department of Justice with possible maximum imposable penalties of up to 7 years imprisonment and fines of up to P5,000,000.00.
This order is one of the many initiatives of our Commission to stop the unethical practices and illegal acts of operators/companies behind online lending mobiles apps. In addition to this independent investigation, the Commission is coordinating closely with the Federal Trade Commission (FTC) through Cross-border Privacy Enforcement Arrangement (CPEA). We are also set to coordinate with other regulatory bodies in efforts to stop these abusive practices.
So far, we received a total of 921 complaints and 4,444 related inquiries by phone, e-mail or in this office. This Commission is ready to assist complainants and those with similar concerns. We will exert all efforts to put a stop to this unethical and illegal processing of personal information by the operators of online lending mobile applications. You may directly file your formal complaint with the Commission. We would also like to warn the public against engaging fixers and individuals who are trying to exploit your current situation.
We would like to caution the people from downloading mobiles applications, particularly online lending application. Please read the terms and conditions carefully, for they may include dangerous permissions such as access to your live location, phone books and social media account, and even camera control. We encourage everyone to responsible for our safety, security, and protection of our personal data.
And for all those operators and companies behind online lending mobile apps who are currently or planning to misuse and abuse the use of technology -- we, the National Privacy Commission, will standby with our mandate to protect the data subjects and the right to privacy of all Filipino.
# # #
Press Statement of Privacy Commissioner Raymund Enriquez LiboroComments Off on Press Statement of Privacy Commissioner Raymund Enriquez Liboro
RE: PERSONAL DATA PROCESSING BY ELECTION CANDIDATES
RE: PERSONAL DATA PROCESSING BY ELECTION CANDIDATES
1. It has come to our attention that some individuals posted on social media about receiving from candidate/s a “precinct locator” or “voter’s information” card, printed with their personal data – name, complete residential address, date of birth, among others.
2. Concerns were raised over the possibility that these candidates may be processing voter personal data without authority.
3. The National Privacy Commission is currently looking into this to determine whether said election-related processing of personal data conforms with the standards of the Data Privacy Act of 2012 (DPA).
4. Political parties and candidates, in their capacity as personal information controllers, should at all times uphold the data subject rights of voters, and provide mechanisms for exercising rights. They have the obligation to ensure that all personal data processing related to any of their partisan political activity satisfy the criteria for lawful processing as provided for in the DPA.
5. Failure to uphold data subject rights in processing voter information may subject political parties and candidates to penalties for possible violations of the DPA.
6. Citizens are likewise encouraged to be aware of their data privacy rights and be on guard whenever their personal data is processed. For guidance or clarification, they may email [email protected] If they think their data privacy rights were violated, they may email [email protected]
# # #