The National Privacy Commission (“NPC”) issued NPC Circular No. 18-01 dated 10 September 2018 which provides the rules of procedure on requests for advisory opinions on matters relating to data privacy or data protection.
The Circular mandates that requests for advisory opinions be commenced by a letter request addressed to the Privacy Commissioner and Chairman. Likewise, the Circular enumerates issues that may be the subject of an advisory opinion as well as requests that may not be accommodated by the NPC. The Circular further provides that if during the pendency of the request for advisory opinion a complaint has been filed before the NPC Complaints and Investigation Division, the complaint shall be given precedence and the request for advisory opinion previously filed shall be held in abeyance.
The Circular clarifies that an issued opinion shall not be used as a standing rule binding on the NPC and the general public. Neither shall any advisory opinion be used to adjudicate issues, impose sanctions or award damages.
Click here to download the Advisory Opinions.
GUIDELINES ON COMPLIANCE CHECKS
The National Privacy Commission (“NPC”) issued NPC Circular No. 18-02 dated 20 September 2018, providing Guidelines for the conduct of Compliance Checks.
Compliance Checks are the systematic and impartial evaluation of a Personal Information Controller (PIC) or Personal Information Processor (PIP) to determine whether the entity’s processing of personal data is carried out in accordance with the standards mandated by the Data Privacy Act and other issuances of the NPC. Under the Circular, the NPC may employ any of the following three (3) modes of Compliance Checks: (i) a Privacy Sweep wherein the NPC reviews publicly available and/or accessible information (i.e. websites, brochures, etc.); (ii) Documents Submission, under which the NPC may require the PIC or PIP that has undergone a Privacy Sweep to submit documents and additional information to clarify certain findings or to determine compliance; and (iii) an On-Site Visit, if there are persistent or substantial findings of non-compliance. The NPC may, in its discretion, directly employ this last mode if the totality of the circumstances warrants such action.
Rules on when to conduct the checks as well as the prescribed manner and timelines for sending out the Notice of Compliance Checks are also set forth in the Circular.
The NPC may issue a Notice of Deficiencies, a Compliance Order, or a Certificate of No Significant Findings, whichever is applicable. Failure to comply with Compliance Orders may subject the PIC or PIP to criminal, civil or administrative penalties.
Click here to download the Guidelines on Compliance Checks.
The information provided here is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.