Strengthen data privacy policies, call centers told

The National Privacy Commission (NPC) said the call center industry could lose its competitiveness if it does not fully enforce data protection policies.

The NPC is strictly enforcing compliance of government agencies and businesses, particularly business process outsourcing (BPO) firms to  the Data Privacy Act which aims for protection of personal information.

In a statement over the weekend, the Contact Center Association of the Philippines (CCAP) assured regulators of its full commitment to cooperate in the enforcement of strict policies that aim to help protect data of all stakeholders in local contact centers’ operations.

Industry executives in a year-opened CEO Forum reiterated their commitment to guide the industry in complying with new rules that uphold data privacy and cybersecurity locally and internationally.

One of the highlights of the CEO Forum was the upcoming enforcement by the European Union (EU) of the General Data Protection Regulation (GDPR) on May 25, 2018.

That policy would apply to all businesses offering services in any of the 28 EU-member countries.

“Trust is the biggest differentiator in businesses today. You can be number one in your field but if you do not make adjustments in this digital economy, your brand and business will suffer. Invest in trust. We are not helpless,” said NPC chairman Raymond Liboro.

Provisions of the Data Privacy Act also align with international regulations, including those of EU and other global economies.

Under the legislation, all agencies and businesses that process sensitive information of consumers must notify NPC and affected entities of any monitored or possible breach of data by unauthorized parties within 72 hours after discovery of such incidents.

Critical to this policy is the appointment of data protection officers (DPOs) by each agency or business. The DPO will be key to implementation of a privacy management program, which adheres to a 32-point checklist set by the NPC.

The commission is set to inspect each government agency and BPO to check if there is a DPO who makes sure its required privacy measures are implemented. Failure to do so, or if a security breach is proven to be intentionally omitted or concealed, would subject violators to a prison term (ranging from a year to five years) and a fine of about P500,000 to P1 million.

Liboro warned that NPC’s penalty is significantly lower compared to non-compliance fines to be implemented by EU, which could go as costly as 4 percent of annual revenue of a BPO or about €20 million ($25 million), whichever is higher.

So far, there are 4,712 government agencies and companies operating in the country that have already committed to register their DPOs with the NPC.

Liboro reminded that the privacy regulator has set a final deadline of March 8 for all other agencies and firms to do so.

Source: https://goo.gl/CgqAAg