Data Privacy Compliance Trainings Held
The Intellectual Property Practice Group and Information Technology & Communications Industry Group of Quisumbing Torres conducted a series of data privacy trainings as part of the team's continuous efforts in educating clients and professionals about data privacy, particularly on the requirements of the Philippines' Data Privacy Act of 2012 and its recently issued Implementing Rules and Regulations.
The first training was conducted for Novartis Healthcare Philippines, Inc. on 10 February 2017 at the Novartis office in Makati City. Quisumbing Torres partner Divina Ilas-Panganiban and associate Neonette Pascual were the speakers for the event. The training saw more than 60 participants, composed of Novartis employees and third party service providers. The talk focused on the importance of handling of sensitive personal information in the healthcare industry including the medical condition of patients.
Ilas-Panganiban and Pascual also emphasized the difference between handling of personal information and sensitive personal information specific to the healthcare industry. They discussed that the handling of sensitive personal information under the DPA is more stringent and has more compliance requirements compared to personal information.
On 28 February 2017, Quisumbing Torres' Intellectual Property Practice Group and IT & C Industry Group held the second data privacy training for Air Liquide Philippines, Inc. Air Liquide is one of the world's leading providers of gases and technologies for a wide range of industries including electronics, automotive and construction. The training was held at Air Liquide's head office in Bonifacio Global City, Taguig City. Both Ilas-Panganiban and Pascual spoke about the features of the Data Privacy Act and provided a review of Air Liquide's own sensitive documents including contracts, annual reports and employment forms. They concluded the talk with recommendations for the company on how to be compliant with the DPA requirements.
The third data privacy training was conducted for John Clements Consultants, Inc. last 8 March 2017. John Clements Consultants, Inc. is one of the country's leading service providers of professional staffing, training and outsourcing. Held at John Clements' office in Makati City, the training was attended by over 60 participants comprising of the company's sales and administrative officers. Ilas-Panganiban and Pascual again discussed the salient features of the DPA and answered questions from the participants on how to apply the rules and regulations of the DPA to their business processes.
On 18 April 2017, another session dubbed, "A Call for Action: Prepare for the Data Privacy Act and Its Compliance Requirements", was conducted by the Intellectual Property Practice Group and IT Industry Group, in partnership with the European Chamber of Commerce of the Philippines (ECCP) at Quisumbing Torres' office. The session was conducted by Ilas-Panganiban, Pascual and another associate Reena Mitra-Ventanilla, and facilitated by ECCP's Executive Director Florian Gottein.
The session aimed to educate companies and individuals involved in the processing of personal information about the DPA and guide them towards compliance.
"A company will have to appoint a Data Protection Officer, and this appointment is the first compliance step and the only way for the company to continue complying with the other requirements of the Data Privacy Act. So if you don't have a DPO yet, it's time to appoint a DPO in your organization," said Ilas-Panganiban.
Pascual discussed the organizational, security, and technical measures which are required under the implementing rules and regulations of the DPA while Mitra-Ventanilla talked about the qualifications of a Data Protection Officer (DPO) and the guidelines provided by the National Privacy Commission (NPC) in appointing a DPO.
With the impending 9 September 2017 deadline set by the National Privacy Commission for the registration of data processing systems, Quisumbing Torres' IP/IT group held another seminar on the DPA last 25 April 2017 at the firm's BGC office to further raise awareness and emphasize the importance of complying with the implementing rules and regulations of the DPA. Bienvenido
The firm invited representatives from the NPC to talk about the DPA compliance points and to discuss the registration requirements for data processing systems of companies with the NPC. Spearheaded by Quisumbing Torres partners Bienvenido Marquez III and Divina Ilas-Panganiban, the seminar was attended by more than 80 participants, including representatives from various companies in different industries.
Atty. Vida Zora Bocar, Attorney IV at the Compliance and Monitoring Division of the NPC, talked about the guidelines in conducting a privacy impact assessment. While Matthew Yap, IT Officer at the Compliance and Monitoring Division of the NPC, discussed the requirements in appointing a company's DPO.
"Once you appoint a Data Protection Officer and you start to cascade or implement your data privacy policies, we recommend that a privacy impact assessment must first be conducted by the organization in order for you to determine your strengths and weaknesses and whatever policies you have to strengthen or formulate," shared Bocar.
A panel discussion moderated by Ann Edillon followed after the seminar. Participants were also given the opportunity to ask questions and share their views on the topic through an interactive mobile app.
The firm's IP/IT group is rolling out more trainings and seminars about data privacy in the coming months in order to help organizations comply with the DPA ahead of the NPC's September deadline.