After a series of public consultations, the National Privacy Commission (NPC) released the final version of the Implementing Rules and Regulations (IRR) of the Data Privacy Act (DPA). Passed into law in 2012, the DPA seeks to protect personal information collected by the government and private sectors.
According to NPC Commissioner Raymund Liboro, the rules were made with the citizens’ protection and the country’s progress in mind. “Personal data are your personal assets that should be guarded,” he said.
The IRR focused on data privacy principles including transparency, legitimate purpose and proportionality, security measures for protection of personal data including personal information in the government, rights of data subject and data breach notification.
Data privacy campaigns
Following its release, the NPC will conduct a series of public information campaigns on data privacy. “With the prevalent use of personal data in access devices, social media, smartphone apps as well as the delivery of basic services, it is extremely important that the public and organizations be made aware of the need to responsibly handle personal information,” Liboro said.
The IRR will take effect 15 days after its publication in the Official Gazette. Entities covered by the DPA and its IRR have one (1) year to comply with their provisions from the date of effectivity of the IRR.
Download the full IRR here.