23 Aug Npc Orders Mandatory Registration Of Critical Industry Sectors
In an article from Newsbytes Philippines, the National Privacy Commission (NPC) has issued circular 17-01 which provide the processing scheme for the registration of Data Processing Systems of Personal Information Controllers (PICS) and Personal Information Processors (PIPs).
With that, organizations and companies having at least 250 employees or those having 1000 or more employees, whose personal and sensitive information need to be processed, are directed to register their data processing systems with NPC with the registration of their assigned Data Protection Office (Phase 1 registration) on or before September 9 of this year.
However, the commission noted some critical industries are still required to heed the directory even if they do not meet the criteria stated above so that possibilities of a breaching the “rights and freedoms of data subjects , or where the processing is not occasional”.
Listed below are the critical industries specified:
- Government branches, bodies or entities, including national government agencies, bureaus or offices, constitutional commissions, local government units, and government-owned and controlled corporations (GOCCs).
2. Banks and non-bank financial institutions, including pawnshops, non-stock savings and loan associations (NSSLAS)
3. Telecommunications networks, internet service providers and other entities or organizations providing similar services
4. Business process outsourcing companies
5. Universities, colleges and other institutions of higher learning, all other schools and training institutions
6. Hospitals including primary care facilities, multi-specialty clinics, custodial care facilities, diagnostic or therapeutic facilities, specialized outpatient facilities and other organizations processing genetic data.
7. Providers of insurance undertakings, including life and non-life companies, pre-need companies and insurance brokers
8. Business involved mainly in direct marketing, networking, and companies providing reward cards and loyalty programs
9. Pharmaceutical companies engaged in research
10. Personal information processors (PIPs) processing personal data for a personal information controller (PIC) included in the preceding items, and data processing systems involving automated decision-making.
The mandate also set the guidelines for the requirements in sending notifications on automated decision-making.
On the other hand, the notifications and registration for the data processing systems also known as the second part of the registration (Phase II) is available online through the NPC’s registration portal from January 2018 until March 2018.
No Comments