Monday, January 30, 2017

National Privacy Commission (NPC) reminds bank on data privacy law | Inquirer News

"x x x.

The National Privacy Commission (NPC) has called the attention of a top universal bank in the country for a statement on its information sheet that asks customers to give up their rights to data privacy.

“You cannot waive a fundamental right,” NPC Chair Raymund Liboro said in a recent briefing with Inquirer editors and staff.

This was the principle behind the red flag given last September to Bank of the Philippine Islands (BPI) by the NPC for letting bank clients sign a statement waiving their rights to data privacy.

A boxed statement, which read, “I waive my rights to the Data Privacy Act,” was signed by customers as a form of consent and authorization for the bank to process information provided on the sheet, Liboro said.

Waiving such rights is against Republic Act No. 10173, enacted in 2012, which aims to protect the privacy of personal information in the government and private sectors as well as govern the processing of such data.

The law’s implementing rules and regulations were approved in August 2016.

A dialogue between NPC representatives and the bank was held after a BPI client raised the issue.

With the waiver, Liboro said BPI could have easily passed on the data it gathered to subsidiaries without first asking for the client’s consent.

People whose personal information is collected, stored and processed are called “data subjects” and are granted certain rights under the law.

BPI has promised to remove the waiver and make a new customer sheet, according to Liboro.

x x x."