NPC issues guidelines for personal data protection

Louella Desiderio - The Philippine Star

MANILA, Philippines — The National Privacy Commission (NPC) has issued guidelines for public and private organizations to ensure personal data protection under a work from home (WFH) setup as part of the new normal given the coronavirus disease 2019 or COVID-19 crisis.

In its Public Health Emergency Bulletin 12, NPC said organizations opting to implement WFH as part of their business continuity plan should implement well-defined security measures.

Under the guidelines, NPC said organizations should make sure employees are provided with the proper information communication technology (ICT) assets, while workers should take care of the devices.

NPC said personnel are encouraged to use only the ICT devices and software issued and authorized by the organization and to ensure encryption when using portable media to transfer data.

To prevent cybersecurity attacks and malicious damage, NPC said security patches should be installed for operating system, authorized antivirus software, web browser and its preferences, personal productivity software, as well as video conferencing software or platform.

Organizations must also have an acceptable use policy defining allowable personal uses of ICT assets and unacceptable and unauthorized uses.

Allowable personal uses of ICT assets may include personal emails, browsing of news and articles, social media or networking and video streaming.

NPC said access to the organization’s data must be through a “need-to-know-basis” based on pre-defined user profiles and controlled via a systems management tool.

In addition, NPC said organizations are advised to require strong passwords to access personnel credentials and accounts, as well as to have multi-factor authentication for all accounts.

NPC said organizations likewise need to have policies to ensure sensitive data is processed in a protected and confidential manner to prevent unauthorized access.

In case of a personal data breach while working from home, NPC said employees must immediately inform the organization and the data protection officer and/or data breach response team.



  • Latest
  • Trending
Are you sure you want to log out?

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

or sign in with