About Fortun, Narvasa & Salazar
Derek Gallimore talks with Walter Robin Go, a partner at Fortun, Narvasa & Salazar Law Firm. Located in Makati, Fortun, Narvasa & Salazar is one of the leading firms in the country that handle several cases relating to taxation and intellectual property.
Walter and Derek will tackle about data privacy in the Philippines. With the current Data Privacy Act in the country, Walter gives advice and information on how the law protects the personal and private information of individuals and companies transacting on a daily basis, especially with outsourcing entities.
About Atty. Walter and Fortun Narvasa & Salazar
Atty. Walter Go is a junior partner at the Fortun Narvasa & Salazar law offices, joining the firm in January 2006 and got invited to the Partnership in 2015. Fortun Narvasa & Salazar Law Offices is a full service law firm based in Makati City, whose field of practice, range from civil criminal litigation, labor practice, commercial law, corporate law, mining and data privacy.
The Data Privacy Act of 2012
The Data Privacy Act in the Philippines was enacted in 2012, and Atty. Walter said that the Act was based and adopted from the GDPR, or the EU law’s General Data Protection Regulation. However, while the act was enacted in 2012, it was only in 2016 when the implementing rules and regulations were finally enacted, and the National privacy commission, which was created by the law, was formally put into place.
Atty. Walter said that his one way of approaching the Data Privacy Act is looking at the four Ws: the Who, What, Where, and Why.
- Who. The Data Privacy Act is mainly geared towards what it refers to as personal information controllers, and personal information processes. These are the persons or entities who collect data. In a business setting, the company’s HR department will fall under this category, as they collect applicants’ and employees’ personal data.
- What. The personal information and sensitive personal information as defined in the law. This could range from a person’s birthday, social security numbers, passport information, religion, and even political views.
- Where. Whether the data is collected locally and shared internationally to a third country, it would still be covered by the Data Privacy Act.
- Why. The essence of the Data Privacy Act is to ensure that the personal information and sensitive personal information of the data subjects are truly protected and not misused or abused by the data handler or controller.
The Philippine outsourcing industry on data security management
Atty. Walter said that he thinks the Philippine outsourcing industry is on top of data security management. He mentioned that when the implementing rules came out in 2016, there was a rush to register on the information systems of these business process outsourcing (BPO) companies. The National Privacy Commission targeted the outsourcing industry as one of the first sectors that was required to immediately submit their compliance along with health care.
Further, Atty. Walter noted that while the country’s data privacy law is relatively young, the BPO industry is one of the more robust in terms of data privacy implementation.
As a closing statement to listeners, Atty. Walter mentioned how the COVID-19 pandemic
“was utilized by certain individuals or was relied upon by certain individuals as a means to avoid their obligations under contract or under law, citing it as force majeure.” He said that from the framework of data privacy, this is not something that companies should latch on as an excuse to avoid their obligations. While there are additional challenges in a work-from-home situation, corporation’s data protection officers are not excused from complying with the law during this time.
For those who’d like to get in touch with Atty. Walter go, feel free to send him an email at [email protected]