4 Expert Insights in Applying Data Privacy to Your Business

On April 27, 2017, the After Six Club, in partnership with LinkedIn Local, held a special event for entrepreneurs, who want gain more knowledge on how to keep their information secure in the digital space.

The event entitled Social Profiling and Data Privacy, which was in part conducted with Globe MyBusiness, featured prominent speakers from different industries. They shed some light on the basics of information security, the laws that govern it, and how businesses can apply it.

Check out these professional insights from industry experts and use them to further improve how your business employs data privacy:


Hiring Data Protection Officers and the Data Privacy Law

Mark Parcia, a practicing lawyer and a partner for Disni & Disni Law Office, explained the technicalities behind Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA).

Under the law, there are three key figures in data privacy:

These three are governed by the National Privacy Commission (NPC), whose role is to ensure that the DPA is followed. One way the commission does this is by ensuring businesses have data protection officers (DPO).

Speaking with entrepreneurs and key business figures, Mark says that while “The law didn’t mention the words ‘data protection officer’, it is in the implementing rules and regulations of the DPA.”

The DPO is in charge of ensuring data security and protecting the integrity of information that falls into companies hands. According to Mark, by default, the business head is the DPO. Otherwise, companies, who operate in a larger scale, can hire one.


Getting the consent of data subjects

Data subjects must be fully informed before their data is collected. This means that before any controller asks for any person’s record, they should disclose what data they are collecting, where it would be used, and their purpose.

This is what Darwin Rivers, the President of PHILHGR Inc, did in his company. Besides taking every step to ensure data security through system upgrades and information privacy trainings, Darwin says seeking consent is part of their process.

“We collect and protect data, making sure that all employees and candidates will sign a waiver, that allows us to use their data in the context of their application. They have to fully understand the reason behind it,” Darwin shares.

According to the DPA, the unauthorized collection, processing, use, and access to personal information, especially sensitive ones, are considered violations of the law and may be penalized via fines and/or jail time.


Applying a “members first” policy

According to the DPA, these information can be categorized into the following:

These kinds of information must be handled diligently and with utmost security. In the case of LinkedIn, they do this by putting the well-being of data subjects first.

Cliff Adora, one of LinkedIn Singapore’s Regional Account Managers, says their employees around the world take tests and trainings to make sure that they are aware and knowledgeable in handling member data.

“LinkedIn is a member first company. Even if we lose money, we would not give away your personal data of our members as per the Data Privacy Act. In every action we do, we think of our members too,” Cliff says.


Creating a culture that respects data privacy

In the Philippines, it is typical to give away personal information. From the way the local workplace culture works, it is sometimes inevitable to have one employee revealing sensitive personal information out in the open.

This is one of the reasons Ivy Paraluman De Borja, the Asia Director of Human Resources for Harte Hanks, had for saying that the Philippines wasn’t ready when the DPA first came out.

One example she mentioned was how companies give supervisors access to medical certificates of absentees. Ivy says such practice shouldn’t be allowed, noting companies must establish a workplace culture that respects data privacy.

“We have put sensitive information in a secured space that not everyone can access. Even supervisors cannot see it, they can only trust what they were told. You can’t know the diagnosis, unless the employee voluntarily tells you,” Ivy says.

Data privacy is a right that must be protected not only by the state, but also by businesses. With these expert tips, you can now apply data privacy to your business and ensure that every information you collect are safe and secure.


Did you miss the event? Get updates on the latest events, seminars, and conferences that can help your business succeed by signing up with Globe MyBusiness via this link.

Become a Member

Get access to all our exclusive member-only content

By clicking the sign-up button, you agree to our Terms of Service and Privacy Policy.