Personal data in the hands of government offices and all branches of government including state-run schools and colleges are expected to be made more secure with the issuance of the National Privacy Commission’s (NPC) first memorandum circular (#16-001) on the “Security of Personal Data in Government”.
According to Commissioner Raymund E. Liboro, Chairman of the Commission, the circular is about “preventing and mitigating” potential data breaches. “Heightened awareness and setting the appropriate security measures will lower the risk of security incidents and breach,“ Liboro said.
The National Privacy Commission is the country’s privacy watchdog; an independent body mandated to administer and implement the Data Privacy Act of 2012, and to monitor and ensure compliance of the country with international standards set for data protection.
As part of its mandate to provide public services, the government holds personal data of its citizen, as well as visitors from other countries; in fact, the government is considered the biggest repository and collector of personal data. With more and more services becoming more available online and with the increasing prevalence of cybercrimes like identity theft and hacking, it is vital that personal data of citizens be kept secure.
Among the obligations of government agencies contained in NPC Memorandum Circular 16-01 is the designation of a Data Protection Officer, the conduct of a Privacy Impact Assessment for processes that use personal data. The circular also obliges government agencies to create privacy policies, conduct regular training on privacy policies for its employees and contractors and register data processing systems that process personal data of at least one thousand (1,000) individuals. The circular likewise outlines rules on the storage, access, transfer and disposal of personal data in government IT systems.
Compliance of government institutions to this latest issuance by the NPC means that there will be less incidences of personal data breach like the one that happened to COMELEC in March this year, wherein millions of voter records were compromised. “Lessons from the incident and consultations with government agencies themselves through the CIO Forum (a nationwide association of government CIO’s) guided us in drafting the circular,” Liboro said.
Commissioner Liboro is confident that government institutions will be able to comply with the NPC’s memorandum circular. “The responsible processing of personal data is a vital component of e-government which is a major thrust of the Duterte administration. As more and more government records are digitized and services go online, we must make sure that citizen’s personal data is kept secure. It should be a top priority,” Chairman Liboro said.