DATA PRIVACY officers (DPOs) in the Philippines must contend with cultural factors that result in different requirements for data protection compared with other countries, an industry official said in a conference.
Emmanuel C. Lallana, a former consultant with the National Privacy Commission (NPC) and at the United Nations, said during the 1*DATA Privacy and Security Solutions Day in Makati City that a key competency of DPOs is understanding how data privacy laws apply in the Philippine context.
He said Filipinos may define privacy differently from other nationalities, and may not consider private data to be off-limits to some types of outside parties like relatives.
“Everybody has to know the law, and everybody has to follow the law. What we’re saying is to gain a deeper understanding of the challenges that we face, we have to take into consideration our own version of privacy,” he said on the sidelines of the forum.
He said Filipino views on privacy can be arbitrary, with some information that must be closely held in other countries viewed as shareable within a defined circle of people.
“It’s not that we don’t have (an idea of privacy), it’s just that the boundaries may be a bit different from the boundaries that are set in the West,” Mr. Lallana said.
He said this does not mean that DPOs in the Philippines must be more relaxed in upholding data privacy laws.
“We have to comply with the legal requirements, but in terms of the case-to-case things, that’s when the nuance comes… When we are asking people to comply, we have to take into consideration the fact that maybe Filipinos do not see it this way, that’s why it’s not important to them,” Mr. Lallana said.
“It’s more important now for us to tell them, ‘Hey, look, this may not be our notion of privacy but the extent that we live in a society where there’s free flow of information then we have to follow the global standard,’” he added.
The 1*DATA privacy conference organized by National Association of Data Protection Officers of the Philippines (NADPOP) gathered DPOs from various companies and government agencies with the intent of providing a platform to share best practices.
NADPOP President Sam V. Jacoba said the forum intends to “build up the ecosystem” for DPOs, as the profession is still emerging in the Philippines.
“(The NPC said) enforcement is going to come. And we don’t like to see people caught flat-footed or to be negligent. Especially companies who still do not invest in data privacy. We would like to reach out to them and tell them, ‘Look, you should have done this a long time ago. But there’s still time. So you should comply now. And you should invest now in your data protection officers. If you don’t have one, appoint one. And then empower them more,’” he said.
“The threat of breaches will always be there. But at the end of the day, it’s the people that matter. That’s why NADPOP is going to focus on the DPOs… We are at war against the nameless, faceless, many who try to infiltrate our databases. And people should realize that, that we are at war,” Mr. Jacoba added.
Citing NPC data, Mr. Jacoba said there are 22,000 registered DPOs in the Philippines as of 2018. He said NADPOP aims to someday have all companies that handle databases of personal information appoint a DPO, noting there is a growing need for it with the proliferation of data breaches. — Denise A. Valdez