Privacy Commission commends local government’s latest push towards data privacy compliance

The National Privacy Commission (NPC) commends the Department of the Interior and Local Government (DILG) and local government units (LGUs) for its policy to appoint data protection officers (DPOs) as part of a push to set data privacy standards in the collection and processing of personal data.

In a memorandum circular dated Jan. 14, 2021, local chief executives such as governors, mayors, and barangay captains are directed by the DILG to appoint DPOs as part of ensuring “compliance to the provisions of laws and issuances relative to privacy and data protection.” Non-compliant LGU officials may be subjected to disciplinary actions.

The policy covers provinces, cities, municipalities and barangays, DILG regional offices, BARMM-MILG or Bangsamoro Autonomous Region in Muslim Mindanao—Ministry of the Interior and Local Government Office, and other offices concerned

NPC continually reminds LGUs to beef up its data privacy safeguards especially in the time of COVID-19 where data collection is a huge part of the government’s pandemic response. In November 2020, NPC enjoined software developers for LGUs to create applications and systems where users’ personal data is protected at all times.

Privacy Commissioner Raymund Liboro said that the role of DPOs is to monitor and ensure that their organizations are compliant with the Data Privacy Act of 2012 and issuances of the NPC, which includes having privacy and data protection policies ensuring the safety and security of personal data being processed, and the proper and effective implementation of such policies.

“Data privacy requires not just the safety and security of tools used to collect and process personal data. DPOs and implementors of tools and services must also be well-informed about the data privacy law so they can properly oversee their organization’s data protection strategy and implementation,” Liboro said.

The DILG policy is in line with NPC Advisory No. 2017-01, “Designation of Data Protection Officers.” It reiterates DILG’s prior circular dated March 19, 2018 titled “Designation of Data Protection Officers Pursuant to Republic Act No. 10173, Titled Data Privacy Act (DPA) of 2012.”

Under Section 26 of the implementing rules and regulations of the DPA, “any natural or juridical person or other body involved in the processing of personal data shall designate an individual or individuals who shall function as DPO or compliance officer, shall be accountable for ensuring compliance with applicable laws and regulations for the protection of data privacy and security.”

Liboro said that the policy indicates DILG’s willingness and commitment to work with the NPC in setting a data privacy standard in the Philippines.

“LGUs implementing data privacy safeguards in their daily operations will usher in improved administration, enhanced delivery of services, and greater public trust. As a great deal of personal data are entrusted to the LGUs, this move of the DILG is a crucial step towards the LGUs’ compliance journey. This is just the beginning because data privacy compliance is continuous work and is ever evolving,” Liboro said.