PAW 2022: Data privacy awareness advances culture of privacy in PH

Data privacy awareness, as a crucial part of creating a culture of privacy in the Philippines,
sits at the forefront of this year’s Privacy Awareness Week (PAW) celebration.

Pursuant to Presidential Proclamation No. 527 signed by President Rodrigo Roa Duterte
in 2018, PAW is annually celebrated every last week of May. The two-day conference held on
May 25 and 26, 2022 aimed to further empower data subjects to protect their personal data and
to know their respective data privacy rights. One of the highlights of the event is the message of
President Duterte for PAW 2022 which encourages the NPC to “continue to cultivate public
awareness on data privacy practices, and institute more stable and secure data protection policies
in various media channels” and to “pursue initiatives that will empower our citizenry to
safeguard their private data against unscrupulous groups and individuals.”

The NPC conducted the PAW 2022 with a theme: “Ang PAWer ng Data Privacy Mo:
Praktikal, Angkop, at Wastong Paggamit ng Datos ni Juan at Juana.” The two-day PAW 2022
conference was streamed live via MS Live, Facebook, and YouTube.

Privacy Commissioner John Henry D. Naga said during his Commissioner’s Report that
the National Privacy Commission’s (NPC) conduct of a privacy awareness campaign consisting
of trainings, activities, and projects is a “testament of its commitment to expand and cultivate the
public’s awareness of their rights as data subjects under the Data Privacy Act (DPA).”

The NPC held 21 activities and projects, 359 stakeholders’ consultative meetings, 308
social media campaigns, and 5 DPO ACE trainings as part of its extensive data privacy awareness
campaign to arm data subjects with knowledge in protecting their data and equip data protection
officers and their organizations in the development of their data protection strategy and
implementation.

The NPC encourages the data subjects to do their part in protecting themselves against
threats and risks by following these 5 tips: 1) reading up on data privacy through educational
materials accessible on the NPC website and social media pages; 2) conducting a privacy check
on their online accounts; 3) sharing their knowledge on data privacy to friends, family, and peers;
4) calling out data privacy violations online and offline; and 5) being an advocate by doing small
privacy-friendly projects. All these precautions have significant impact on the advancement of
the culture of privacy in the Philippines.

Enhanced Compliance and Monitoring Program

The NPC made significant efforts in 2021 to exceed the expectations of its stakeholders in
the face of threats to the public’s data privacy rights. The NPC firmly believes that protection of
personal data is a joint responsibility between personal information controllers (PICs) or personal
information processors (PIPs), and data subjects.

Last year, the NPC launched an enhanced compliance and monitoring program to ensure
the compliance of the PICs and PIPs with the DPA. A total of 895 compliance checks were
conducted in 2021, which include 685 privacy sweeps, 50 notices of documentary submissions,
and 160 warning letters. A total of 2,964 PIC applications for registration were recorded in the
same year.

As a response to the surge of complaints regarding data breach security and privacy
concerns, the NPC intensified its complaints handling, case investigation, and enforcement
program. In 2021, the NPC handled 147 notices to explain, 363 complaints, 24 sua sponte
investigations, and 8,487 data privacy concerns. In its adjudicatory function, the NPC performed
28 adjudication meetings that resulted to 129 Decisions, Resolutions, and Orders.

To aid PICs and PIPs in fortifying their data privacy and protection, the NPC issued
Circulars, including (i) NPC Circular 2021-01 or the “2021 Rules of Procedure of the National
Privacy Commission”, and (ii) NPC Circular 2021-02 or the “Guidelines on the Processing of
Personal Data during Public Health Emergencies for Public Health Measures”, Advisories, and
Advisory Opinions to guide stakeholders in interpreting the DPA. The most recent advisories of
the NPC have laid out the guidelines on requests for personal data of public officers, processing
of personal data for election campaign or partisan political activity, and data subject rights,
among others.

Since the pandemic began, the NPC has released 24 public health emergency bulletins to
help health authorities, local government units, and other stakeholders navigate the balance
between the public’s right to health and right to privacy. Further, the NPC coordinated with the
Department of Health (DOH) to include telemedicine in the regulatory sandbox as part of
processing personal data using innovative methods.

The coordination with the DOH yielded 3 Joint Circulars, as follows: (1) DOH-NPC Joint
Memorandum Circular No. 2020-0001 or the “Guidelines on the Use of Telemedicine in COVID-19 Response”; (2) DOH-NPC Joint Memorandum Circular No. 2020-0002 or the “Privacy
Guidelines on the Processing and Disclosure of COVID-19 Related Data for Disease Surveillance
and Response”; and (3) DOH-NPC Joint Memorandum Circular No. 2020-0003 or the “Guidelines
on the Monitoring and Evaluation (M&E) of the Use of Telemedicine in COVID-19 Response”.

Moreover, the NPC passed the International Organization for Standardization (ISO)
9001:2015 certification. It is an international standard dedicated to a quality management system
based on the principles of customer focus, leadership, engagement of people, process approach,
improvement, evidence-based decision making, and relationship management.

In actively participating in the global data privacy landscape, the NPC, as Chair of the
Global Privacy Assembly (GPA) COVID-19 Taskforce, has organized 5 webinars attended by
participants from Australia, New Zealand, the United States, the United Kingdom, Singapore,
Argentina, Canada, Hong Kong, and Switzerland, among others. Three of the webinars were
separate collaborations with the Center for Information Policy Leadership, International
Association of Privacy Professionals, and Organization for Economic Cooperation and
Development.

Commissioner Naga, in his Commissioner’s Report, stated that, “The GPA COVID-19
Taskforce’s work has been recognized by various countries in advancing capacity-building
initiatives aligned with the GPA’s goal to evolve global privacy and work towards a regulatory
environment with high standards of data protection.”

What to Expect

Acting Secretary of the Department of Information and Communications Technology
Emmanuel Rey Caintic, said in his keynote message that “data privacy is not intrusive and is
supposed to help things move faster and safer,” emphasizing the importance of keeping data
privacy compliance simple for government agencies and companies alike.

Moving forward, Commissioner Naga assured stakeholders of the Commission’s fierce
commitment to meet its mandate of protecting the Filipino people’s data privacy rights.

“For our countrymen – the data subjects, PICs, PIPs, and data privacy advocates - you can
hope that in the year 2022 and the coming years, the National Privacy Commission will carry on
in implementing programs, reforms, and projects to create a strong culture of privacy in the
Philippines. The Commission will continue to endeavor setting its sight on equipping Filipinos
with knowledge on data privacy, security, and protection,” Commissioner Naga added.

The PAW 2022 conference gathered speakers from both the government and private
institutions to give insights on topics such as information safety on social media; protecting data
privacy in schools; VaxCertPh; establishing trust in online lending; online banking safety;
ensuring child safety in the online world; and cybercrime in the Philippines particularly emerging
trends, prevention, prosecution, and remedies.

Speakers include representatives from the Department of Social Welfare and
Development, Cybercrime Investigation and Coordinating Center, Department of Justice,
Philippine National Police – Anti-Cybercrime Group, DOH, Department of Education,
Commission on Higher Education, Bangko Sentral ng Pilipinas, Securities and Exchange
Commission, Union Bank of the Philippines, Bank of the Philippine Islands, Google Philippines,
Globe, UNICEF, Meta, St. Scholastica’s College, University of the Philippines Diliman, Cebu
Pacific Air, Home Credit Philippines, and Fintech Alliance.

Visit paw2022.privacy.gov.ph for more information. The full recording is available for
replay at Facebook facebook.com/privacy.gov.ph and YouTube
https://youtu.be/jqGQpZ0lTRI.

###