On April 27, 2018, the After Six Club, in partnership with LinkedIn Local, held a special event for entrepreneurs, who want to gain more knowledge on how to keep their information secure in the digital space.

The event entitled Social Profiling and Data Privacy, which was in part conducted with Globe myBusiness, featured prominent speakers from different industries. They shed some light on the basics of information security, the laws that govern it, and how businesses can apply it.

Check out these professional insights from industry experts and use them to further improve how your business employs data privacy:

1. Hiring Data Protection Officers & the Data Privacy Law 

Mark Parcia, a practicing lawyer and a partner for Disni & Disni Law Office, explained the technicalities behind Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA).

Under the law, there are three key figures in data privacy:

• Data subject – refers to an individual whose personal information is processed.
• Personal information controller – the one who controls and instructs collection and use of data.
• Personal information processor – the one whom a controller may outsource processing of data.
  
  

These three are governed by the National Privacy Commission (NPC), whose role is to ensure that the DPA is followed. One way the commission does this is by ensuring businesses have data protection officers (DPO).

Speaking with entrepreneurs and key business figures, Mark says that while “The law didn’t mention the words ‘data protection officer’, it is in the implementing rules and regulations of the DPA.”

The DPO is in charge of ensuring data security and protecting the integrity of information that falls into companies hands. According to Mark, by default, the business head is the DPO. Otherwise, companies, who operate in a larger scale, can hire one.

2. Getting the consent of data subjects 

Data subjects must be fully informed before their data is collected. This means that before any controller asks for any person’s record, they should disclose what data they are collecting, where it would be used, and their purpose.

This is what Darwin Rivers, the President of PHILHGR Inc, did in his company. Besides taking every step to ensure data security through system upgrades and information privacy trainings, Darwin says seeking consent is part of their process.

“We collect and protect data, making sure that all employees and candidates will sign a waiver, that allows us to use their data in the context of their application. They have to fully understand the reason behind it,” Darwin shares.

According to the DPA, the unauthorized collection, processing, use, and access to personal information, especially sensitive ones, are considered violations of the law and may be penalized via fines and/or jail time.

3. Applying a “Members first” policy

According to the DPA, these information can be categorized into the following:

• Personal information – refers to data that, when alone or together, can pertain to a specific individual.
• Sensitive personal information – could be any information that may subject a person to discrimination or prejudice, or information like health records, court files, and those issued by government agencies.
  
  

These kinds of information must be handled diligently and with utmost security. In the case of LinkedIn, they do this by putting the well-being of data subjects first.

Cliff Adora, one of LinkedIn Singapore’s Regional Account Managers, says their employees around the world take tests and trainings to make sure that they are aware and knowledgeable in handling member data.

“LinkedIn is a member first company. Even if we lose money, we would not give away your personal data of our members as per the Data Privacy Act. In every action we do, we think of our members too,” Cliff says.

4. Creating a culture that respects data privacy  

In the Philippines, it is typical to give away personal information. From the way the local workplace culture works, it is sometimes inevitable to have one employee revealing sensitive personal information out in the open.

This is one of the reasons Ivy Paraluman De Borja, the Asia Director of Human Resources for Harte Hanks, had for saying that the Philippines wasn’t ready when the DPA first came out.

One example she mentioned was how companies give supervisors access to medical certificates of absentees. Ivy says such practice shouldn’t be allowed, noting companies must establish a workplace culture that respects data privacy.

“We have put sensitive information in a secured space that not everyone can access. Even supervisors cannot see it, they can only trust what they were told. You can’t know the diagnosis, unless the employee voluntarily tells you,” Ivy says.

Data privacy is a right that must be protected not only by the state, but also by businesses. With these expert tips, you can now apply data privacy to your business and ensure that every information you collect are safe and secure.

Did you miss the event? Get updates on the latest events, seminars, and conferences that can help your business succeed by signing up to Globe MyBusiness Academy.