NPC emphasizes privacy protection in anti-fraud data sharing initiatives of the financial industry
Anti-fraud data sharing initiatives of the financial services industry must eliminate potential risks on the personal data of data subjects. Advisory Opinion No. 2021-026 issued by the National Privacy Commission (NPC) guides personal information controllers in protecting the privacy of shared databases through strict adherence to the basic data privacy principles of transparency, legitimate purpose, and proportionality, and the conduct of privacy impact assessments (PIA).
The advisory opinion was issued in response to the initiatives of the financial services industry on cybersecurity that aim to thwart fraud incidents and uphold customers’ confidence in digital payments systems. The industry’s shift to digital financial and payment services due to the COVID-19 pandemic brought about cyber attacks and fraudulent schemes on financial institutions and their clients
The NPC recognizes that a shared database for know-your-customer, enhanced due diligence, and anti-money laundering monitoring purposes may boost the integrity and security of the financial system but may have significant legal effects on the rights and freedoms of data subjects included in the database.
To ensure privacy protection in shared databases, the personal data it contains “must be accurate, relevant, and kept up-to-date. Inaccurate or incomplete data must be rectified, supplemented, destroyed, or their further processing restricted,” the advisory opinion read. In further upholding the rights of data subjects, mechanisms must be provided for the free exercise of these rights.
Read the advisory opinion in full here: Click to Read