Massachusetts action item - Data Privacy Act

seen from Germany
seen from Germany
seen from United States

seen from Czechia
seen from United Kingdom
seen from Netherlands

seen from Japan

seen from Ireland
seen from United States
seen from United States

seen from Czechia
seen from China

seen from Australia
seen from United States
seen from United States
seen from Netherlands
seen from Israel

seen from United States

seen from T1
seen from Canada
Massachusetts action item - Data Privacy Act
Moore Signs Immigrant Rights Executive Order — While Letting Stronger Protections Sit Unsigned Governor Wes Moore signed an executive order creating the Maryland Immigrant Rights Protection Task Force, aimed at addressing fraud and exploitation against immigrants. The 12-month task force will focus on legal scams, workplace rights, and housing issues, involving various state agencies. Accountability concerns remain due to its advisory nature and lack of budget.... https://mdbaynews.com/2026/06/06/moore-immigrant-rights-protection-task-force-executive-order/
GCash Celebrates Privacy Awareness Week
GCash Celebrates Privacy Awareness Week
Supporting the government’s drive to promote understanding of the Data Privacy Act, GCash, the Philippines’ leading mobile wallet operated by Mynt (Globe Fintech Innovations, Inc.) joined the National Privacy Commission in celebrating Privacy Awareness Week on May 25-31.
In a forum with its employees, GCash underscored the need to protect the data privacy not just of GCash customers but also of…
View On WordPress
Utah Has Now Banned Warrantless Electronic Data Searches
Utah Has Now Banned Warrantless Electronic Data Searches
In a move that is sure to be celebrated by those who value digital privacy, Utah has banned warrantless searches of electronic data. This now means that the state has the strongest digital privacy laws in the nation. As per a Forbes report, April 16, 2019. Historic Act There has probably...
https://btcmanager.com/utah-banned-warrantless-electronic-data-searches/?utm_source=Tumblr&utm_medium=socialpush&utm_campaign=SNAP
Blog | What Filipinos must know about Data Privacy Act and GDPR
Blog | What Filipinos must know about Data Privacy Act and GDPR
By Sumit Bansal
In this day and age, data is the new currency as the digital economy thrives on acquired, stored, and processed information. Businesses use data to tailor fit services and products to their customers, which has ushered in more efficient interactions and profitable transactions.
If the good guys can have all that information at their fingertips, cybercriminals can illegally obtain…
View On WordPress
Telecommunications firms, ISPs critical to data privacy, protection, gov't says
Telecommunications firms, ISPs critical to data privacy, protection, gov’t says
Telecommunications companies and Internet service providers are critical industry segments that need to comply with the Data Privacy Act of 2012 (DPA), the government said during the first general assembly of Data Protection Officers (DPO), the third in a series for several industries.
This was underscored by National Privacy Commission (NPC) Commissioner Raymund Enriquez Liboro, said, adding…
View On WordPress
QT’s seminar on registering with the National Privacy Commission
Last week, I attended the primer on compliance with the Data Privacy Act organized by Quisumbing Torres. Lawyers from the law firm and representatives from the National Privacy Commission gave presentations and answered questions from the attendees. Here’s a quick run-down of my notes on the forum:
QT’s introduction to the DPA included a discussion on the actors under the DPA. I thought this was a useful approach since the law was presented in a manner that is simple and a bit easier to understand.
QT’s lawyer presented the exceptions to the consent requirement as “not covered by the DPA”. I thought this was confusing because the exception was only with respect to the consent of the data subject on the processing and not the rest of the DPA. The DPA also has portions on the data protection. These provisions apply regardless of whether consent on the processing was obtained from the data subject.
One of the attendees brought up the issue of data retention, noting that neither the law nor the rules prescribe a definite period for data retention. QT said that the personal information controller may consider basing the retention period on the Civil Code and Labor Code provisions on the prescription of claims.
An important point: knowledge by the personal information processor of the data breach or security incident will also be considered as knowledge of the PIC thereof. Thus, the 72-hours reporting period will start to be counted from the time the PIP learns of the breach/security incident. This makes it all the more important for companies to have clear reporting mechanisms with vendors and service providers.
A number of questions centered on the qualifications of the person to be appointed as a data protection officer. The NPC said that it would not recommend a person holding a position with inherent conflict of interest as the data protection officer. Pressed for more clarity, the NPC said that they could recommend that a company change its DPO if they see an inherent conflict of interest in the position. This comment resulted in even more questions, with some attendees challenging the NPC’s right to do so. Some attendees emphasized that small companies would not have the capacity to hire a person who would exclusively perform DPO functions. Further confusing matters, the NPC stated that there will be no sanctions imposed even if the company does not follow the NPC’s recommendation on the DPO. It is important to note here that the law and the rules merely require companies to appoint a DPO. There is no requirement (as far as I can remember) for a company to submit a form or report to the NPC on the DPO’s designation. Thus, I fail to see when the opportunity for NPC to “recommend” a DPO would arise.
According to the NPC, there is no citizenship or residence requirement for the DPO. This means that a company may appoint as DPO someone who is not located in the Philippines. The NPC however underscored that the designated DPO should be able to perform his/her functions even if he/she is based outside the country.
The NPC has no DPO certification process at the moment. However, the companies must ensure that the DPO appointed has adequate training to guide the company in its compliance efforts. What’s interesting to note is that the NPC said that a DPO certification process may be put in place 2-3 years down the line.
I asked a question on the development of data processing system by iteration. Will companies be required to re-register the data processing system gets new functions or features? According to the NPC, the online registration platform for the data processing systems will allow companies to amend their registration to reflect new functions or features added. Thus, there will be no need to re-do the registration.
One attendee asked for clarification on the requirement to disclose if personal information will be transferred out of the country. According to the NPC, companies will not be required to specify the exact location of servers abroad. An indication of which country the servers are located would be enough.
Know your Privacy Rights!
Have you been to the National Privacy Commission’s website lately? If you haven’t, you’d be pleasantly surprised to know that the NPC has revamped its website. It is now so much easier to get practical and usable information on how to comply with the Date Privacy Act (DPA).
NPC officials have been going around the country, conducting road shows for government, local government, and private corporations, encouraging everyone to comply with the DPA. This is important and gruelling work but it’s not like the NPC has a choice in the matter. After all, once September 9, 2017 comes, it’s all systems go for compliance with the DPA. The NPC will not be able to reach every corner of the country before the deadline comes, so the website will be a big help in guiding people on what to do.
The NPC has created such a useful guide that you may be tempted to ask: do we really need to engage a lawyer to help us get ready for compliance? My answer is a definite yes.
While the requirements may now be a bit easier to understand, everyone will still have to anticipate the ramifications of the law and its impact on their operations. The way each company does business is different and so a template Privacy Policy will not work for everyone. Also, while a company may have succeeded in designating an officer with sufficient knowledge of the DPA as the Data Protection Officer, a lawyer would still serve as an invaluable guide for the DPO and Management. Remember that even template contracts with service providers and other third parties within whom the company may be sharing data will have to be reviewed. This is not only to comply with the DPA but, more importantly, to ensure that the company’s ass is sufficiently covered in case it becomes the subject of a security incident or a data breach.
I will also stress the importance of looking at the background of your lawyer. Not all lawyers will be familiar with the DPA and data privacy principles in general. After all, you don’t want to be following the lead of the pied piper.