UPOU Employees undergo Data Privacy Officer Training Course

In keeping up with the Data Privacy Act (DPA) of 2012 (RA 10173), twenty-three University of the Philippines Open University (UPOU) faculty, Research, Extension and Professional Staff (REPS), and administrative staff members underwent a 4-day Data Privacy Officer (DPO) Training Course. The DPO Certification Course was facilitated by the Digital Freedom Network on 30-31 January and 7-8 February 2019 in Quezon City, Philippines.

Disini & Disini Law Firm Mid-level Associate Roberto Miguel Raneses and Junior Partner Mark Parcia led the training with Policy Officer Oliver Reyes. The training was highly based on the DPA of 2012 and the Implementing Rules and Regulations (IRR) released by the National Privacy Commission (NPC).

The Training Course covered the basic concepts of data privacy which included a discussion of the scope of DPA, the kinds of information included under the DPA, the exceptions, the aspects, threats, rights and the penalties for violating the DPA. The DPO Training Course emphasized that not all personal and sensitive personal information is included under the DPA because information processed for public concern, related to the performance of public function, processed for journalistic, artistic or literary purpose, and those processed for research and for the benefit of the public are exempted. In addition, information necessary for banks to comply with existing laws and information collected from foreign nationals and their existing laws are also exempted from the DPA.

The course also taught that in processing personal information, the principles of legitimacy, transparency and proportionality should always be practiced. Consent should be freely given by the data subject, and it should be specific, evidenced, obtained prior to collection or as soon as practicable and reasonable, time bound and may be withdrawn. Besides the consent, there are other lawful bases for processing personal information such as for legal obligation, responding to national emergencies, protecting vitally important interest of the data subject and for legitimate interest pursued by the data controller.

The functions of Data Privacy Officers and Compliance Officers for Privacy (COP), as the major enforcers of DPA in the organization, were also discussed. Part of their function is to conduct the organization’s’ Privacy Impact Assessment (PIA), which was thoroughly discussed at the training. Information Security Management was also discussed by Mr. Kama Neson Ganson, Information Security Expert and Vice President for Operations of Megawide Constructions.

The training also included workshops and quizzes, including a final exam administered on the final hour of the last day. Employees found the training very enlightening especially in terms of the current practices of UPOU. Most of the participants finished the course with a list of improvement of practices related to data security for their specific units. (ACLlamas)