NPC commends new DILG issuance enhancing data privacy compliance among LGUs

The National Privacy Commission (NPC) commends the issuance of the Department of the Interior and Local Government (DILG) Memorandum Circular (M.C.) No. 2024-135, which aligns Local Government Units (LGUs) with the updated standards and requirements under the NPC Circular 2022-04. This initiative ensures comprehensive compliance with the Data Privacy Act of 2012 (DPA) among all LGUs.

The DILG M.C. No. 2024-135 is an amendment to the DILG M.C. No. 2018-036 which mandates all LGUs to comply with the DPA and NPC issuances, specifically directing the appointment of Data Protection Officers (DPOs) and registration of data processing systems (DPS) of all LGUs.

Section 3 of the DILG M.C. No. 2024-135 reiterates that all LGUs must register their respective DPS that process personal or sensitive information involving automated decision-making or profiling through the NPC Registration System. Further, Section 4 details the appointment of a DPO at the provincial, city, and municipal levels. While barangays are not mandated to appoint their own DPOs, cities or municipalities have the authority to assign a Compliance Officer for Privacy for each barangay which ensures consistent implementation of data protection measures at the grassroots level.

Underscoring the NPC directive of prominently displaying the NPC Seal of Registration (SOR), the memorandum circular mandates the display of the SOR on LGU’s website along with their privacy notice, and at the main entrance of their respective offices or at the most conspicuous place to ensure visibility to all data subjects.

Failure to comply with the provisions of M.C. No. 2024-135 may subject LGUs to administrative sanctions as provided under the DPA and relevant NPC issuances.

Privacy Commissioner Atty. John Henry D. Naga lauded the collaborative efforts between the NPC and the DILG in ensuring that data privacy compliance is upheld across the country. “LGUs collect and process vast amount of personal data from their constituents and this directive from DILG marks a vital step toward enforcing responsible data management at every level. By setting clear standards, we are not just ensuring compliance—we are safeguarding the privacy rights of millions of Filipinos.” “The enhanced framework for data protection within LGUs reinforces public trust and accountability in government institutions. On our part, the NPC will continue to provide the necessary guidance to LGUs to ensure that these protections are effectively implemented,” the Privacy Commissioner emphasized.

Atty. Rainier Anthony M. Milanes, Chief of the NPC’s Compliance and Monitoring Division (CMD), said that the memorandum is a significant achievement for both NPC and DILG. “The NPC, through CMD, has collaborated closely with the DILG and its Data Protection Officer, Assistant Secretary Francisco Cruz, in various programs and projects on data protection since 2022. It is our joint mission to ensure that data protection is consistently implemented to protect communities and uphold the rights of Filipino data subjects,” he added.

The M.C. No. 2024-135, dated 12 September 2024, takes effect immediately.

For more information, visit our website at https://privacy.gov.ph/ or contact NPC-CMD at [email protected] and [email protected].

###