By Bernie Cahiles-Magkilat
A total of 57 data breach notifications have been received by the National Privacy Commission (NPC) since January this year, but not all have progressed into an actual investigation by the data privacy body.
NPC Commissioner Raymund E. Liboro told reporters covering the Multi-Pillar Discourse on Data Privacy and Protection organized by the Chamber of Commerce of Philippine Islands that these notifications emanated from various sectors and at varying degrees of seriousness.
“We’re looking at everything, some we’ve looked into to investigate and if there is a need for example to notify data subjects, otherwise we really extend our help to companies that come to us,” said Liboro. NPC released of Rules of Procedures in December 2016.
The commission, however, is expected to come up middle of this year the guidelines on security incident reporting to weed out which incidents merit reporting to NPC.
Once the guidelines on security incident reporting has been released, Liboro said they will be able to come up with a profile as to the affected companies or organizations and what sectors that are deemed vulnerable to data breaches.
“We have live cases that heard as a commission, but again what is very important is for these companies to come up stronger and see how these breaches happened,” he added.
He explained that the recent data breach reported by Wendy’s cannot yet be determined as gross negligence as he stressed there is no system that is 100 percent “unhackable”.
In the case of Jollibee, Liboro said that they are looking at the signs. One thing good with Jollibee, he said, is they have efforts to comply and they have Data Protection Officer and they have privacy notice when you one calls up.
When Jollibee closed its website, Liboro said it was a one step backward but when it opens its website it will be two steps forward because customers are assured of better data protection measures in place.
“If you look at the scope there is no prioritization, we are emphasizing our sectoral approach but, it is clear to everyone that it is a responsibility and it pays for all firms to fortify their defenses,” he added.
Liboro has reminded companies that criminals are becoming more sophisticated and crimes become nefarious that is why there is a need to exercise utmost security measures to protect personal data.
“Data privacy and data protection should now be at the forefront of every organizational mindset,” he concluded.