The DOST-Philippine Science High School System headed by Executive Director Lilia T. Habacon has taken initial steps towards compliance to the Data Privacy Act Law.
Around 19 participants, eyed as Data Protection Officers, from the 16 PSHS campuses and Office of the Executive Director, attended a one-day Seminar-Workshop on Data Privacy Act last October 25, 2017 held at Hotel Estrella, Tacloban, Leyte.
The resource speakers, who are all from the National Privacy Commission, were Deputy Privacy Commissioner, Atty. Ivy Patdu and Atty. Michael Santos, both PSHS alumni, and Atty. Karl John Baquiran.
The participants were briefed on the Overview of the Data Privacy Act (R.A. 10173) and Compliance Framework; Role and Functions of the Data Protection Officer and Breach Management. A Privacy Impact Assessment Workshop was held in the afternoon.
It was stressed during the seminar that according to the law, every entity, both public and private, must implement reasonable and appropriate measures intended for the protection of personal information being collected from its data subjects (i.e. students, parents, employees). The law also requires that all entities involved in data processing and subject to the act must develop, implement and review procedures for the collection of personal data, obtaining consent, limiting processing to defined purposes, access management, providing recourse to data subjects, and appropriate data retention policies. These requirements necessitate the creation of a privacy program. Requirements for technical security safeguards in the act also mandate that an entity must have a security program.
The PSHS System is bent to meet the deadline set by the National Privacy Commission for the registration of its data processing system on or before March 8, 2018. The System is in close coordination with the NPC for guidance towards operational compliance. Private legal counsel shall also be sought in the conduct of its privacy impact assessment and other compliance requirement.
The Philippines passed the Data Privacy Act 2012, comprehensive and strict privacy legislation “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.” (Republic Act. No. 10173, Ch. 1, Sec. 2). This comprehensive privacy law also established a National Privacy Commission that enforces and oversees it and is endowed with rule-making power. On September 9, 2016, the final implementing rules and regulations came into force, adding specificity to the Privacy Act.