The City Council, during last Monday’s regular session, called on the local government to immediately designated a data protection officer and to formulate data privacy management programs pursuant to the pertinent provisions of Republic Act (RA) 10173 or the Data Privacy Act of 2012 and National Privacy Commission Circular No. 16-01.
In a resolution, local legislators stated that pertinent provisions of RA 10173 also requires an agency processing information to establish and formulate a data privacy management program to ensure strict compliance with the general data principles of privacy pursuant with the 5 pillars of compliance crafted by the National Privacy Commission as enshrined in various circulars that were provided concerned government agencies and local governments nationwide.
The council stipulated that as part of the health and safety protocols being implemented in the city, residents are being required to register their information in the Baguio in My Pocket (BIMP) portal but many individuals are still hesitant to register while those who already registered raised apprehension on the integrity of the system, the protection and confidentiality of the data collected from them and of the possibility of disclosure or transfer to a third party.
RA 10173 or the Data Privacy Act of 2012 provided that it is the policy of the State to protect the fundamental human rights of p[privacy of communication while ensuring free flow of information to promote innovation and growth.
Further, the State recognized the vital role of information and communication technology in nation building and its inherent obligation to ensure that personal information and information and communication systems in the government and in the private sector are secured and protected.
Moreover, Section 22, Chapter 7 of the aforesaid law stated that it is the responsibility of the head of the government agencies to ensure that all personal information maintained by the government shall be secured, as far as practicable with the use of the most appropriate standards recognized and recommended by the Data Privacy Commission.
On October 10, 2016, the Data Privacy Commission issued Circular 16-01 on the subject ‘security of personal data in government agencies’ where Section 4 of the same stipulated that a government agency engaged in the processing of personal data shall observe the appropriate duties and responsibilities through its head of agency, designate a data protection officer among others to ensure the safety and security of the collected data.
Earlier, the local government embarked on the implementation of contactless and cashless through the BIMP where residents are mandated to register their personal information in a platform that raised questions on why the city is allowing the secondary information from being registered.
The questions that were raised against the BIMP prompted the local legislative body to pass a previous resolution that called on the City Mayor’s Office and the Pasig-based service provider, Information Technology Business Solutions (ITBS), to change the form being used to cull out data from the interested registrants and to remove the unnecessary information that it is requiring the individuals to provide as there might be a breach of data privacy.
The body expressed confidence that the local government will be able to comply with the prescribed guidelines in the data gathering and the storage of data to prevent the possible breach in the existing protocols. By Dexter A. See