On 16 March 2020, following the sharp increase in the number of confirmed Covid19 cases, the President of the Philippines declared an enhanced community quarantine and ordered the imposition of stringent distancing measures over the entire Luzon effective from 17 March 2020 (12am) to 13 April 2020 (12am).
As regards work in the private sector, a strict home quarantine shall be observed, and movement shall be limited to accessing basic necessities. A work from home arrangement is implemented with the exception of those establishments providing basic necessities and such activities and services related to food and medicine. Banks, money transfer services, power, energy, water and telecommunications supplies and facilities, bpo and export-oriented industries shall be open.
For most of the Data Protection Officers (DPOs), you may be included in the workforce who can render a work from home. In managing your day to day tasks as a DPO working from home, you may check below key important activities that you can do as part of your routine:
- E-monitor your organization’s compliance with DPA, IRR, issuance by NPC and other applicable laws and policies.
- This is may be an opportunity for you to release email guidance/reminders or other e-materials to your employees on how to comply with data privacy rules. You can also disseminate e-learning materials on privacy and data protection.
- Issue email recommendation to your management on how employees who are working from home can protect personal data.
- Draft/review those necessary NDA, DSA, OSA, or other data privacy undertakings that can be used to ensure protection of personal data.
2. Review the e-PIA forms submitted to you by your process owners.
If some process owners have not yet submitted their e-PIA forms, take this opportunity to do a follow-up by sending them an email or by doing a call. Evaluate the accomplished e-PIA forms to determine the existing risks and vulnerabilities.
Recommend the appropriate policy to your management to address the risk that you may discover. If you have e-copy of your policies, review the same and recommend if appropriate revision is necessary.
3. Monitor your email/phone if there are complaints/concerns raised by your data subjects. Advise your management on how to address the same.
There will be data subjects who will be requesting for information and who will exercise their rights as data subjects by sending an email or by making a call. Please take this time to remind your customer service hotline personnel on how you may be contacted if they will receive those concerns.
4. Remind your employees to report to you any security incident that they may encounter. Be ready to report to NPC and to your data subject should there be any reportable personal data breach.
As a best practice, advise your employees to report to you immediately any security incident that they may encounter. You are in the best position to determine which incidents are reportable or not. Remember, in case of a personal data breach, you only have 72 hours from discovery to notify the NPC and the data subjects.
5. Monitor NPC website for updates and coordinate with them regarding matters concerning data privacy and security.
Since a work from arrangement is also implemented in the Executive Branch, NPC as part of the Executive Branch is also expected to continue performing its functions. Hearings are suspended but the public is advised to temporarily course all forms of correspondence/concerns online.