JOB openings for young professionals, especially graduates of information technology (IT)-related courses, are up on account of the law that requires government agencies and private firms to employ data protection officers (DPOs) and compliance officers for privacy (COPs), House deputy majority leader and Cebu Rep. Gerald Anthony Gullas Jr. said Monday.
“Establishments that control or process the personal information of individuals living within and outside the country now have the legal obligation to engage the services of DPOs, and if the entities have branches or multiple offices, they may also have to hire extra COPs,” Gullas said.
He said DPOs and COPs are now as indispensable as an accountant or a finance officer in every organization that handles the personal records of individuals.
“We are now well into the digital age. It is very easy to store and transfer large amounts of personal data through computers and the Internet, and even by means of small electronic devices such as USB flash drives. Without adequate controls, the risk is great that whole systems of personal information may be stolen, lost and misused,” Gullas said.
The lawmaker cited the case of the Commission on Elections (Comelec), which lost the personal files of voters in one of the largest information system security breaches in government.
Congress passed the Data Privacy Act, which aligns the country’s personal data protection policies with global standards, in 2012.
However, enforcement of the law was delayed extensively because Malacañang constituted the three-member National Privacy Commission (NPC) – the implementing authority – only on Mar. 7, 2016.
The law’s implementing rules and regulations took effect only on Sept. 9, 2016, and the NPC finally issued on Mar. 14, 2017 Advisory No. 2017-01, which sets the guidelines for the designation of DPOs and COPs.
According to the NPC advisory, every DPO should have expertise in relevant privacy or data protection policies and practices, and sufficient understanding of the processing operations being carried out by the agency or firm, including the latter’s information systems and data security needs.
Knowledge by the DPO of the section or field of the agency or firm, and the latter’s internal structure, policies and processes is also useful, the NPC advisory said.
In the private sector, Gullas said all firms that manage the personal data of consumers or customers are duty-bound to employ DPOs and COPs.
These include banks, credit card issuers, insurers, pre-need providers, health maintenance organizations, water and electric utilities, telecommunications, cable and satellite TV firms, schools, hospitals, and the like.
Business process outsourcing (BPO) firms that usually deal with the personal data of the customers of their foreign clients are likewise covered. PR