NordCham Philippines, KPMG Host Data Privacy Update

Written by Dan Napa

Photo credit: NordCham Philippines Facebook page

In 2012, the Philippine Government enacted Republic Act №10173, known as the Data Privacy Act of 2012. This law was modeled after the Data Privacy legislation of the EU and was a response to the Philippines’ increased vulnerability to cyber security attacks and other malicious forms of data privacy invasion. The most notable, recent data breach was the “Comeleak,” which exposed data of 77 million voters registered in the COMELEC database. Unfortunately, since its enactment in 2012, the Implementing Rules and Regulations (IRR) of the Data Privacy Act was released only in August of 2016 — the public is being expected to comply within one year.

The National Privacy Commission was created as a governing body to administer and implement the Data Privacy Act of 2012. At present, the development and deployment of privacy-invasive technologies like big data, mobile applications, and customer profiling is growing; the quantity and impact of privacy-related scandals are increasing, as well. Organizations risk losing the trust of their clients and employees when personal data is not protected adequately. Moreover, the National Privacy Commission of the Philippines has intensified the oversight and enforcement actions on data protection. New rules and regulations are being developed and released to effectively combat and prevent privacy issues.

To further update the business community on the Data Privacy Act, the Nordic Chamber of Commerce of the Philippines (NordCham), in partnership with KPMG, hosted a forum at the KPMG Center in Makati City. The morning started with a simple breakfast over coffee and pastries. Several members of the chamber arrived early to catch up with their contemporaries from the IT industry. At 8:30 am, Joona Selin, NordCham executive director, introduced the resource speaker, Jallain Manrique, KPMG Philippines director for IT.

Photo credit: NordCham Philippines Facebook page

Mr. Manrique started the talk by emphasizing that he was not a lawyer and was not very well-versed in legal terminologies. However, he made a brilliant presentation on the background of the Data Privacy Act and why this law is relevant, especially in the fast-digitizing age that we live in. Following this, he established how much information is currently stored online, as well as the kind of information being stored by companies. He then showed the kinds of data privacy breaches and their respective sources.

In essence, the Data Privacy Act serves as a safety stop for private citizens, whose sensitive data are being collected or stored by private companies, either for record keeping or monetary gain. The law is being implemented in order to help companies become aware of the risks and responsibilities involved in data gathering and collection. Individuals must have a way to keep themselves protected, and companies that store these sensitive information, on the other hand, must be held accountable for their data.

Please visit and join the John Clements Talent Community.

About the author:

Dan is currently a supervising sales consultant at the Executive Search and Selection division of John Clements Consultants, Inc.