The National Privacy Commission has issued two Memorandum Circulars (MCs) this week, the first since the body was formed earlier in 2016.
The first circular, MC No. 16-001, is on the Security of Personal Data in Government. The Circular applies to all government agencies engaged in the processing of personal data. It defines the duties and responsibilities of such government agencies, including designating a Data Protection Officer, conducting Privacy Impact Assessments, and registering data processing systems, when applicable.
Meanwhile, MC No. 16-002 contains the rules and guidelines on Data Sharing Agreements Involving Government Agencies. The issuance sets data-sharing safeguards to be implemented by personal information controllers in the government. These include entering into Data Sharing Agreements, reviewing technical security measures before allowing online access to personal data, and providing for the return, destruction or disposal of transferred personal data.
According to Commissioner Raymund Liboro: “The responsible processing of personal data is a vital component of e-government which is a major thrust of the Duterte administration. As more and more government records are digitized and services go online, we must make sure that citizen’s personal data is kept secure. It should be a top priority.” The government is considered as the biggest collector and repository of personal data in the Philippines.