NPC boasts of its accomplishments, vows to do better

The National Privacy Commission, the country’s personal data privacy watchdog, said it achieved significant accomplishments in 2022 and vowed to do better this year to build a high-trust society, and realize a privacy-empowered nation. Privacy Commissioner Atty. John Henry D. Naga reported during the  celebration of the Privacy Awareness Week (PAW) 2023, that “NPC achieved significant accomplishments by further enhancing data privacy and protection.” Naga cited NPC’s issuance of four circulars to assist Personal Information Controllers (PICs) and Personal Information Processors (PIPs) in strengthening their data privacy measures.  The four circulars cover administrative fines, loan-related transactions, private security agencies, and registration of personal data processing systems. Additionally, he said, the NPC released an advisory providing the guidelines on request for personal data of public officers, and 29 advisory opinions addressing privacy concerns faced by data subjects, PICs, and PIPs. The NPC also registered 1,670 new registrations of PICs, PIPs, and individual professional DPOs. Furthermore, the NPC processed 2,047 amendment requests, 711 renewal applications, and conducted 42 On-Site Visits and 543Privacy Sweeps. Non-compliant PICs/PIPs received 63 Notice of Documents Submissions and 45 warning letters. In 2022, the NPC handled 279 new complaints and resolved 1,404 complaints, with a total of 3,175 concerns being managed by its Legal and Enforcement Office. In relation to its adjudicatory function, the NPC issued 35 Decisions, 60 Resolutions, and 45 Orders for cases adjudicated in 2022. The Data Breach Notification Management System (DBNMS) and the NPC Registration System (NPCRS) were launched in 2022 to facilitate its breach notification and registration processes. In September last year, the NPC renewed its ties by signing a memorandum of agreement with the Personal Data Protection Commission (PDPC) of Singapore. Locally, inter-agency collaborations were fostered through a memorandum of agreement with the Philippine Competition Commission and the Cybercrime Investigation and Coordinating Center. In terms of public education, the NPC conducted various capacity-building programs on data privacy and protection for its stakeholders. “Our accomplishments during the year 2022 is proof that the NPC remained true to its principles to invariably uphold data subject rights and be an able partner of personal information controllers and personal information processors,” said Naga. For this year, Naga said they continue to “craft policies toward strengthened privacy regulations, building a high-trust society, and realizing a privacy-empowered Philippines.” Naga noted that in the first quarter of 2023 alone, they have published NPC Circular No. 2023-01 or Schedule of Fees and Charges of the NPC, the draft Circular on Data Privacy Competency Program, and other draft circulars for public input. Recently, the NPC signed two memoranda of understanding (MOU) which commenced collaborations both in the local and international levels. The first MOU was signed with the country’s leading telcos namely, Dito Telecommunity Corporation, Globe Telecom Inc., and Smart Communications, Inc., while the second MOU was entered into with the Office of the Privacy Commissioner for Personal Data – Hong Kong, China. “These partnerships reflect the NPC’s commitment in fostering cooperation and advancing data privacy efforts across various sectors and international boundaries,” said Naga. The NPC also announced the launching of two significant initiatives. Privacy Commissioner Naga introduced the Circular on Prerequisites for the Philippine Privacy Mark Certification Program and released the 2022 Compendium of NPC Issuances, a comprehensive guide designed to educate and inform Filipinos about data privacy and protection, made digitally available at the NPC website.