Philippines embraces consumer data safety, enforces the Data Privacy Act
The Philippines released the RA 10173, known as the Data Privacy Act (DPA) in 2012 as a measure to protect individual personal information. The National Privacy Commission (NPC) acts as the apex body for enforcing the DPA. IN 2016, the implementing rules and regulations (IRR) for the DPA were released and the DPA was formally in place and functional.
While the DPA covers every organization and their processing of data, organizations that will be deeply affected by it are ones that deal with consumer data on a regular basis, like retail (with its huge dependence on consumer loyalty systems), financial institutions, outsourcing firms, software firms etc. Since the DPA targets any, and all, organizations that process data of more than 1000 people in a year, it casts a very wide net, and brings a majority of organized business under its purview.
The DPA provides for penalties, both financial (from Php 100,000.00 to Php 5 million) and incarceration (from 1-7 years), but the enforcement of similar law in various parts of the world shows us that, while both types of penalties are major deterrents, the most powerful impact is the loss of reputation that brands suffer if they are unfortunate enough to have a data breach brought against them. This aspect has literally ensured that organizations take privacy laws seriously and provide the necessary investments to inform and protect consumers regarding their data.
The merits of protection of the private data of consumers (“Privacy”) is no longer something debated over, but fast becoming the norm. This has come about due to the rapid pace of growth brought about by technology, and its associated off shoots: the all-pervasive internet, social networking, and mobile telephony. Young adults today are not cognizant of the time when there was no internet to turn to for any given question, when not everyone was always “available” via mobile phones, or when there were no apps that are able to track friends and family through check-ins and social media updates.
Private organizations (and government ones as well, in many cases) store a lot of data about their customers. Moreover, people being online 24x7 helped create so much machine data (so much data that technologies have been created specifically to deal with it), that the world has simplified this by terming it as ‘Big Data’.
This data that resides in organizations’ servers, and the cloud, contains most peoples’ interests, likes, dislikes, spending / purchase patterns, brand loyalties, personal thoughts and moments, images etc., not to mention addresses, telephone numbers, Govt ID numbers, financial information, health and sexual information and so much more. If an unscrupulous person were to get access to this information, many lives, (as witnessed by the iCloud fiasco, the Ashley Madison imbroglio, and more recently, the Uber data breach) can be compromised.
Of course, it is not only these technologies that are to blame for ‘Privacy’ becoming a buzz word today. Industrial Espionage, disgruntled employees, hackers, and the ever present human error, have also added to the woes. There is so much data about us out there, that it is likely that some of it, a lot, or even all of it, are more likely to be exposed, than it is safely stored away forever.
It is no wonder then, that many countries, over the past few years, have crafted Privacy Laws, which, in a nutshell (and in plain-speak), look to:
While the DPA covers every organization and their processing of data, organizations that will be deeply affected by it are ones that deal with consumer data on a regular basis, like retail (with its huge dependence on consumer loyalty systems), financial institutions, outsourcing firms, software firms etc. Since the DPA targets any, and all, organizations that process data of more than 1000 people in a year, it casts a very wide net, and brings a majority of organized business under its purview.
The DPA provides for penalties, both financial (from Php 100,000.00 to Php 5 million) and incarceration (from 1-7 years), but the enforcement of similar law in various parts of the world shows us that, while both types of penalties are major deterrents, the most powerful impact is the loss of reputation that brands suffer if they are unfortunate enough to have a data breach brought against them. This aspect has literally ensured that organizations take privacy laws seriously and provide the necessary investments to inform and protect consumers regarding their data.
The Rationale for ‘Privacy’ Laws
The merits of protection of the private data of consumers (“Privacy”) is no longer something debated over, but fast becoming the norm. This has come about due to the rapid pace of growth brought about by technology, and its associated off shoots: the all-pervasive internet, social networking, and mobile telephony. Young adults today are not cognizant of the time when there was no internet to turn to for any given question, when not everyone was always “available” via mobile phones, or when there were no apps that are able to track friends and family through check-ins and social media updates.
Private organizations (and government ones as well, in many cases) store a lot of data about their customers. Moreover, people being online 24x7 helped create so much machine data (so much data that technologies have been created specifically to deal with it), that the world has simplified this by terming it as ‘Big Data’.
This data that resides in organizations’ servers, and the cloud, contains most peoples’ interests, likes, dislikes, spending / purchase patterns, brand loyalties, personal thoughts and moments, images etc., not to mention addresses, telephone numbers, Govt ID numbers, financial information, health and sexual information and so much more. If an unscrupulous person were to get access to this information, many lives, (as witnessed by the iCloud fiasco, the Ashley Madison imbroglio, and more recently, the Uber data breach) can be compromised.
Of course, it is not only these technologies that are to blame for ‘Privacy’ becoming a buzz word today. Industrial Espionage, disgruntled employees, hackers, and the ever present human error, have also added to the woes. There is so much data about us out there, that it is likely that some of it, a lot, or even all of it, are more likely to be exposed, than it is safely stored away forever.
It is no wonder then, that many countries, over the past few years, have crafted Privacy Laws, which, in a nutshell (and in plain-speak), look to:
- Provide the consumer(s) information about
- the data being collected and the reason for collecting the data
- know what data an organization already has about them; and
- to decide if they want the data deleted or retained within the organization’s system(s)
- Ensure organizations are aware of the data they process, and the valid reason why they process such data
- Ensure that the organizations are then responsible for the data they store and process
- Provide harsh penalties for organizations that have not invested and protected against data breaches and loss of consumer data
Comments
Post a Comment