In 2012, the Philippines government legislated the Data Privacy Act, Republic Act No. 10173. In September 2016, the Implementing Rules and Regulations (IRR) for the Data Privacy Act became effective. These rules and regulations include the following components:
- Data Privacy Principles covering transparency, legitimate purpose, proportionality, collection, processing, retention and data sharing;
- Lawful processing of personal data;
- Sensitive personal information and privileged information;
- Security measures for the protection of personal information;
- Rights of data subjects; and
- Data breach notification
In addition, certain organisations need to register with the National Privacy Commission. These organisations are dependent on the number of employees and whether they process sensitive information of more than 1000 individuals.
First Advantage has implemented a range of policies and procedures to meet the requirements of the IRR and is currently determining the registration requirements.
