Topic: Data Privacy Act Compliance
Come September 9, 2017, enterprises dealing with customer information must fully comply with the Implementing Rules and Regulations of the Data Privacy Act or Republic Act No. 10173. Non-compliance will result in sanctions and penalties, ranging from 1 to 6 years imprisonment, and a fine of not less than PHP 500,000 and not more than PHP 5 million.
Some IT functions view this as an opportunity to finally get its cyber security initiatives approved. Others view this as yet another responsibility that needs to be led from the business perspective or better yet, via a cross-functional approach.
Despite a compliance market packed with providers and the investment from companies to ensure they stay on the right side of regulations, time is running out. Are we sure we are indeed taking the proper steps, or is it possible we may have missed something?
We will be discussing:
- What role should IT play in the compliance program?
- How should IT leverage this data privacy compliance deadline without compromising its mandate?
- What are some of the pitfalls and challenges members have faced and how have they overcome these challenges?
Optional preparation material:
- Republic Act Number 10173: link
- Key items to note re the Implementing Rules and Regulations: link
- National Privacy Commission (see middle column “I Want to Comply”): link