In its constant pursuit of helping citizens get a more relatable understanding of various tech related policies, initiatives and services, OpenGov endeavours to speak directly with those responsible.
As the Philippines pursues its digital transformation journey, security and privacy are at the fore.
To learn more about how the nation is addressing these sensitive and complex aspects of its digital journey, OpenGov Asia had the privilege of speaking with Mr. Raymund Enriquez Liboro, Privacy Commissioner and Chairman of the National Privacy Commission of The Philippines.
In speaking with Mr. Liboro, it is clear that he is passionate about his role and the impact that his agency can bring to the country.
His immense wealth of knowledge and experiences are evident; but more importantly, he is able to translate both, in words, which the average person can easily understand and relate to.
As the Head of the Agency, he performs administrative and executive functions. He is a seasoned ICT convergence and communications and public administration professional and holds the rank of a Secretary.
He served as the former Assistant Secretary of the Department of Science and Technology (DOST) for Climate Change Adaptation and Disaster Risk Reduction and was concurrently the OIC Director of the Science and Technology Information Institute.
The Data Privacy Act of 2012 (DPA) of the Philippines is an Act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a National Privacy Commission, and for other purposes.
It aims to protect the fundamental human right of privacy, of communication while ensuring the free flow of information to promote innovation and growth.
The scope of the DPA covers the processing of all types of personal information and to any natural and judicial person, in the country and even abroad, subject to certain qualifications.
Admittedly, it is only recently that knowledge on Data Privacy gained traction in the Philippines. This is due in large part to the efforts of the National Privacy Commission.
Created in 2016, the National Privacy Commission (NPC) is a quasi-judicial body with 6 main functions: Make Rules; Give Advice; Promote Privacy; Check for Compliance; Handle Complaints; and Enforce the Law.
Once formed, the Commission set out a survey and discovered that only 10% of Filipinos have heard about Data Privacy, while only 11% have some sort of an understanding or have heard of the NPC.
Despite this, 89% of those surveyed valued their privacy while 91% were curious and wanted to know what their companies are doing with their data.
The task of improving the numbers fell on the shoulders of the Commission, particularly on the Privacy Commissioner and Chairman. He had a mission and he set out to fulfil them.
Background
An understanding of the National Privacy Commission and its projects will require knowledge of its background.
Mr. Liboro began by reiterating that resilience is the key. According to him, “Having privacy resilience is a privacy disaster that did not happen.”
His objective until 2022 is to fulfil the national vision: To attain a resilient, high trust society that is the foundation of a knowledge-based economy.
It is a daunting task because he started with literally a handful of Filipinos who had only a semblance of awareness about Data Privacy.
To begin, the National Privacy Commission launched the 5 Pillars of Data Privacy Accountability and Compliance that each organisation in the country is expected to follow. These pillars are:
- Commit to Comply: Appoint a Data Protection Officer
- Know Your Risks: Conduct a Privacy Risk or Impact Assessments
- Be Accountable: Develop a Privacy Management Program and Privacy Manual
- Demonstrate Compliance: Implement Privacy and Data Protection Measures
- Be Prepared for Breach: Regularly Exercise Breach Reporting Procedure
The Data Protection Officer is responsible for the overall management of compliance to the DPA. Ideally, each organisation should have one as the DPO will serve as the point person that the NPC will liaise with.
Currently, there are 22,000 registered Data Privacy Officers in the Philippines. With this number, sending out announcements, coordination and communication will be difficult if done individually.
Privacy Wall initiative
To address this, the National Privacy Commission launched their project called the Privacy Wall. It is a community of practitioners that are grouped according to industry sectors in order for the DPOs to actually engage in dialogue, seek advice and ask for support.
This serves as the platform for constructive stakeholder engagement and responsive regulation wherein the National Privacy Commission can provide them with Advice, Information, Dialogue, and Support (AIDS).
Mr. Liboro highlighted his three-pronged strategy in everything that he does.
- Creation of compelling content
- Constructive stakeholder engagement
- Digital Tools and Solutions
Utilising Digital Tools and Solutions
He is a firm believer of utilising digital tools and solutions. However, he warned that digital solutions are merely tools unless they are used for a purpose.
“Any technology platform must spur and promote innovation. But more importantly, it should give us the courage to go for it and the agility to adjust.”
He outlined three important things about digital solutions. First, it should guarantee that innovation continues. Technology must spur innovation and not hinder it.
Secondly, digital solutions should provide courage in taking risks that will actually push for the implementation of the technology. Innovation, according to Mr. Liboro, is useless if one does not have the courage to implement it.
Lastly, digital tools should provide users with the agility to shift quickly. It should allow for a quick change in strategies and a quick response to trends.
With the Privacy Wall, they did not encounter problems with creating the platform. This platform aims to provide an easy way to cascade a clear message as well as be a channel for organisations to go to.
The critical part was in populating it with members and spreading the news, which is being addressed by developing supporting initiatives that will encourage the DPOs to take part in the community.
An industry sector approach is being implemented wherein the DPOs are grouped by industry sector, and is managed and curated by a sectoral policy advisor.
There is one sectoral policy advisor for each of the 21 industry sectors that are now part of the community.
The NPC continuously works to increase the number of sectors involved in the community, with a goal of involving all the sectors in the country.
Measures of Success
Mr. Liboro highlighted the significance of having this community engagement for enlightenment. Being in the 21st century meant encountering risks, threats, and harms.
However, they are all manmade and can therefore be prevented. The project’s ultimate goal is to build privacy resilience.
The Commission will be able to confidently proclaim that their initiative is successful through the increase in numbers and count of DPOs who voluntarily become a member of the community.
DPOs are the champions of the organisations. More members mean more people are being reached. Thus, more people are being prepared and becoming resilient.
For instance, an industry sector with a count of 50 one month and then becomes 100 the next, means that their initiatives have worked, that they have made headway and have brought in an additional 50 new members.
While a decrease in membership will show that there is a problem and that they need to address it.
Numbers are important and this accounts for proof that there is indeed something happening with the project.
Other Projects
The Privacy Commissioner also shared other projects and initiatives that they are doing to accomplish their objectives of protecting data subjects’ rights and ensuring the free flow of information.
The Privacy Safety Security and Trust (PSST) is an online campaign that raises awareness on how Filipinos might be placing their information at risk through online services.
The 30 Ways to Love Yourself Online is a beginner’s guide to personal data privacy, which serves as reminders to Filipinos how they can protect themselves online.
Some examples include changing passwords regularly and to always lock devices and log out of browsers.
Privacy Sweeps are done regularly to check on websites and mobile apps. The Commission also does site visits and requests for document submissions. This is a random but guided check for compliance.
It serves as a forewarning to the industries that they are conducting regular audits, thereby encouraging them to adhere and comply.
Mr. Liboro explained that they look into a sector after receiving a plethora of complaints because, for them, complaints serve as intelligence. People will not be complaining if there are no problems.
There are a number of channels where Filipinos can voice their complaints. They can call the office, send an email, go to the office for personal and face-to-face consultations, or they can use AskPriva.
AskPriva is a chatbot tool, which is part of the Commission’s public engagement initiative, that answers commonly asked queries.
Privacy Commissioner and Chairman Mr Raymund Enriquez Liboro concluded the interview by saying:
“Ultimately, our task is to encourage good behaviour and discourage bad behaviour in personal data processing. For Filipinos, resilience is the key. You cannot avoid, but you can prepare.”
