‘Industry groups should come up with privacy code’

MANILA, Philippines — Industry groups are urged to come up with their own privacy code to enable firms to comply with the Data Privacy Act, the National Association of Data Protection Officers of the Philippines (NADPOP) said.

NADPOP founding president Sam Jacoba said all industry groups must have their respective privacy code to serve as a roadmap to allow their members to comply with the Data Privacy Act.

He said having a privacy code specific to an industry would take into account the needs of that sector.

“Recently, the fintech industry is the one put on the spotlight because of the debt shaming that happened. As a result of that, the fintech association of the Philippines came up with a code of conduct and code of ethics. The same should be done per industry,” he said.

Last month, FinTechAlliance.Ph, which groups financial technology and digital firms, committed to promote a code of ethics and adopt a code of conduct for responsible lending following the move by the National Privacy Commission (NPC) to recommend the filing of criminal charges against officials of online lending apps which allegedly committed data privacy violations by using the information of borrowers to harass and embarrass them to collect loan payments.

Under the FinTechAlliance’s initiative, standards were set for the fintech industry to protect customers from any possible malpractices and other unethical actions.

The code, among others, prohibits member firms of the FinTechAlliance offering online lending from using intimidation to collect from borrowers, and requires full disclosure of all costs of customers including interest rates, processing fees and fines for late payment.

Recognizing that some industry groups may not have the capability or capacity to come up with their own code, Jacoba said NADPOP is reaching out to the different associations.

“We’re actually engaging and helping other associations who may not have the capacity or the capability to help their members comply with the Data Privacy Act,” he said.

Among those approached by NADPOP are those in the technology and education sector.

He said violations of the Data Privacy Act would mean jail terms and fines, while other countries like those in Europe, as well as in Singapore and Japan do not impose such penalties.

For his part, NPC deputy commissioner Leandro Angelo Aguirre said the Data Privacy Act allows each sector to come up with their own code which would set standards and expectations, as well as govern the industry.

He said the NPC is currently convening the different industry groups for this purpose.

While the crafting of the code would be up to the different sectors, he said the code would still be subject to the approval of the NPC.

“Once it is approved, that is what the commission will use to govern this particular sector,” he said.