NPC rolls out privacy trust mark

MANILA, Philippines — The National Privacy Commission (NPC) has launched a certification scheme that would assure the public of businesses and government offices’ compliance to data privacy standards and secure cross-border data transfers.

In a statement, the NPC said it unveiled the Philippine Privacy Trust Mark (PPTM) with the aim of increasing the trust and confidence in businesses and government offices in terms of data privacy compliance and cross-border data transfers.

“Our launch of PPTM comes at an opportune time as we aim to fully embrace digitalization for our economic recovery. This won’t be achieved without strengthening the foundation of trust in every action and transaction we make online,” NPC commissioner Raymund Liboro said.

He said the scheme would help consumers make informed choices and have greater control over personal information being collected by establishments.

“By helping data subjects identify organizations they can entrust their personal data, we are also encouraging consumers to be more data privacy-conscious and to exercise their rights more prudently,” he said.

NPC is urging all personal information controllers (PICs) and personal information processors (PIPs) to apply for the PPTM.

“Certified PICs and PIPs can more easily integrate themselves in global value chains as they gain more clients, customers and business partners with their branding of secure privacy systems,” Liboro said.

To obtain the PPTM certification, an organization’s compliance with the Data Privacy Act, as well as organizational, physical, and technical security measures to ensure data protection would be assessed.

Guidelines for the certification also cover cross-border data transfers to align compliance mechanisms with global practices and standards.

Certifying bodies recognized by the NPC will need to show independence throughout the certification process, which must be completed in six months upon submission of application documents and requirements.

An organization’s PPTM certification would be valid for three years and may be renewed.

While the mark is voluntary and only applicable to management systems, NPC emphasized the need for organizations to make sure all identified products, services, programs, and projects adhere to data privacy principles of legitimate purpose, transparency, and balance through the data life cycle.

NPC said organizations that have secured certification may still face suspension for failure to comply with requirements.

An organization’s certification may be revoked if an issue is not resolved within six months.

Revocation would also apply for violations of the terms of the audits or for lacking the declared requirements for management systems.