NPC inspects telco offices to ensure data privacy law compliance
MANILA, Philippines — The National Privacy Commission (NPC) has conducted onsite visits to the head office of telecommunication companies to ensure that they are implementing appropriate security measures to protect the personal data of Filipinos registering their SIM cards, in compliance with the Data Privacy Act.
In a statement over the weekend, the NPC said its compliance and monitoring division conducted simultaneous compliance check onsite visits to the head offices of Smart Communications, Globe Telecom, and Dito Telecommunity.
Privacy commissioner John Henry Naga, together with the chief of NPC’s compliance and monitoring division Rainier Anthony Milanes led the visit to oversee the activities and discuss the importance of the compliance check with the data protection team of each telco.
“The telcos should consider these compliance check onsite visits as an opportunity to demonstrate that they have sufficient organizational and program controls, and security measures in place to guarantee that the personal data being processed in relation to the SIM registration are safe and secured,” Naga said.
“Telcos must take their responsibility of protecting the privacy rights of their subscribers seriously by ensuring that personal data related to SIM registration are properly collected and stored, access to the data is restricted by role-based access controls, and data servers are protected by encryption and layers of firewall,” he said.
For his part, Milanes stressed that as a regulator ensuring compliance to the Data Privacy Act of 2012, the NPC must see firsthand how personal information controllers conduct their day-to-day operations, which should incorporate items stated in their privacy manuals.
“With the leadership of our privacy commissioner, the NPC’s compliance and monitoring division shall continue to conduct various mechanisms that would ensure telcos’ compliance with the DPA,” Milanes said.
Upon the conclusion of compliance check onsite visit, the NPC said the three telcos were appraised of some gaps in their personal data privacy implementation and were required to submit proof of compliance within 15 days.
Naga noted that, in general, Smart, Globe, and Dito have demonstrated capabilities in protecting personal data of their clients.
He emphasized that telcos should ensure that its security measures are further improved and strengthened as information and communications technology advances.
In December, the NPC directed telecommunication companies to include on a separate page the notices and tick-boxes that are not related to SIM Card Registration, as they work to address public data privacy concerns in line with registration activities.
As SIM registration officially commenced on Dec. 27, various concerns were raised by the public, including matters relating to terms and conditions, and privacy policies being implemented by telcos.
Naga earlier called a meeting with telcos to shed light on these concerns, including the notices and tick-boxes that may be displayed on telcos’ websites and mobile applications asking for the users’ permission or consent in using their personal data submitted for marketing, profiling or sharing with third-party partners.
During the meeting, Smart Communications Inc., (Smart) clarified that these are just optional and are included to determine whether the SIM card is being used by an individual or a juridical entity.
Similarly, Globe Telecom said that the option for their clients to allow the receipt of commercial and promotional alerts, and third-party sharing, among others, were only optional.
In contrast, Dito Telecommunity’s SIM Card Registration, which can be accessed through its application did not include other tick-boxes asking for consent on marketing, profiling or sharing with third-party partners.
In this light, Naga directed telcos to include on a separate page the notices and tick-boxes that are not related to SIM Card Registration, especially those pertaining to data sharing with third-party entities.
He further directed the three telcos to include modifications and improvements on their websites and applications to further comply with the Data Privacy Act of 2012.
The telcos also assured that the users have the option to opt out in receiving promotional alerts.
“Telcos must ensure the secure, ethical, and responsible handling of data, especially in all data processing being conducted in compliance with the SIM Registration Act,” Naga said.
- Latest
- Trending
