Systems regulations are needed to protect one’s personal information and prevent a data breach.
Almost every transaction online or offline requires the submission of personal information. Consumers do not have the slightest idea how their data is used and why. Governments from different countries are already forging measures to prevent occurrences of data breach and identity theft. Systems regulations could be the key to hinder such occurrences.
In the Philippines, the Republic Act 10173 or the Data Privacy Act of 2012 (DPA) along with the National Privacy Commission (NPC) govern its absolute enforcement.
For the majority in the business sector, it could be appalling to fathom several of the law’s requirements and interpreting DPA amenability into an organization’s daily operations. However, it is a crucial task that needs to be done.
Two experts, Ateneo de Manila University Protection Officer Jam Jacob and Deputy Privacy for Policies and Planning of the NPC Commissioner Ivy Patdu will provide insight into the issue. Both will co-author an array of articles that embrace different accordance fundamentals of the law, as cited from two perspective points which will be manifested in FAQ form. The NPC’s registration platform will be discussed for processing systems.
According to Patdu, one of NPC’s compliance provisions is to register the data processing structures. It is EU’s General Data Protection Regulation’s correlative “notification” stipulation. The NPC maintained this condition in correlation with the schemes with would employ in accordance with its adherence monitoring purpose. It recognizes the structure as a way to apply and enforce the DPA, especially in bolstering transparency and public responsibility in the handling of personal information.
In case the company neglect to register, the NPC could deal out compliance orders and arrange court procedures to necessitate conformity. Likewise, non-registration is one of the developments in determining the business to be laid open to compliance inspection. Being aware of due process considerations along with an appropriate inspection, the Commission might issue halt procedure orders and other implementation orders.
In other countries, it is recognized that the direction is to distance from notification or registration requirements. It could be that the rising relevance of the responsibility of data protection officers (DPOs), and the aspect that registration requirements are just a regulatory obligation.
In the US, the White House is already in the course of shaping its consumer data privacy regulations with the Commerce Department. Because of the increasing volume of data breaches started by the Cambridge Analytica and Facebook controversy, the spotlight has been focused on protection of personal data and the implementation of data privacy laws.
The data breach scandal has exploited personal information of 87 million Facebook users that the analytical firm has accessed without the users’ consent. It’s not only the social media account that encountered data breach. An account of 3 billion Yahoo users was hacked in 2017, while Equifax, Target, and Home Depot customers have fallen victims to hackers as well.