|Komisyon para sa Proteksiyon ng Personal na Impormasyon|
|Formed||March 7, 2016|
|Jurisdiction||Government of the Philippines|
|Headquarters||5th Floor, Philippine International Convention Center, Vicente Sotto Avenue, Pasay|
|Annual budget||₱220.18 million (2022)|
|Parent agency||Department of Information and Communications Technology|
The National Privacy Commission, or NPC, is an independent body created under Republic Act No. 10173 or the Data Privacy Act of 2012, mandated to administer and implement the provisions of the Act, and to monitor and ensure compliance of the country with international standards set for data protection. It is attached to the Philippines' Department of Information and Communications Technology (DICT) for purposes of policy coordination, but remains independent in the performance of its functions. The Commission safeguards the fundamental human right of every individual to privacy, particularly Information privacy while ensuring the free flow of information for innovation, growth, and national development.
In order to fulfill its mandate, the commission is vested with a broad range of powers, from receiving complaints and instituting investigations on matters affecting personal data protection to compelling entities to abide by its orders in matters affecting data privacy. It also represents the Philippine Government internationally on data protection related issues. The Commission formulates and implements policies relating to the protection of personal data, including the relevant circulars and advisory guidelines, to assist organisations in understanding and complying with the Data Privacy Act. The commission also reviews organizational actions in relation to data protection rules and issue decisions or directions for compliance where necessary. It is mandated to work with relevant sector regulators in exercising its functions.
Beyond regulating data protection issues, the NPC also undertakes public and sector-specific educational and outreach activities to help organizations adopt good data protection practices and to help individuals to better understand how they may protect their own personal data from misuse.
The Data Privacy Act of 2012 is the first law in the Philippines which acknowledges the rights of Individuals over their Personal Data and Enforcing the responsibilities of entities who process them.
The initial definition was offered first in Republic Act 8792, Section 32 better known as the eCommerce Act of the Philippines and was formally introduced by the Department of Trade and Industry (DTI) on its Department Administrative Order #08 – Defining Guidelines for the Protection of Personal Data in Information Private Sector. Along with the Anti-Cybercrime Bill (now RA 10175), The first draft of the law started in 2001 under the Legal and Regulatory Committee of the former Information Technology and eCommerce Council (ITECC) which is the forerunner of the Commission on Information and Communication Technology (CICT). It was headed by former Secretary Virgilio "Ver" Peña and the committee was chaired by Atty. Claro Parlade. It was an initiative of the Information Security and Privacy Sub-Committee chaired by Albert Dela Cruz who was the President of PHCERT together with then Anti-Computer Crime and Fraud Division Chief, Atty. Elfren Meneses of the NBI. The administrative and operational functions was provided by the Presidential Management Staff (PMS) acting as the CICT secretariat.
With rising concerns by the Information Technology and Business Process Association of the Philippines (IBPAP) of an absence of a Data Privacy Law, Philippine Congress passed Senate Bill No. 2965 and House Bill No. 4115 on June 6, 2012. President Benigno S. Aquino III signed Republic Act No. 10173 or the Data Privacy Act of 2012 on August 15, 2012. The law was influenced by the Data Protection Directive and the APEC Privacy Framework.
President Aquino appointed on March 7, 2016, Raymund Liboro as inaugural head of the commission with Damian Domingo O. Mapa and Ivy D. Patdu as inaugural deputy privacy commissioners. With fixed terms of office, they continued with their roles during the administration of President Rodrigo Duterte.
After consultation with various private organizations, civil societies and a series of public hearings in Manila, Cebu and Davao, the Implementing Rules and Regulations of the Data Privacy Act was signed on August 24, 2016. It took effect on September 9, 2016.
In May 2016, the Commission formally investigated the Commission on Elections for the Commission on Elections data breach one of the largest security breach in government held personal data. On February 21, 2017, NPC announced that the Commission on Elections was being investigated for another security breach due to alleged theft of a computer containing personal data of voters.
The NPC also began coordinating with different sectors on privacy and data protection. In 2016, the National Privacy Commission was accepted as a member in the International Conference of Data Protection and Privacy Commissioners and the Asia Pacific Privacy Authorities.
|John Henry D. Naga||Commissioner||December 14, 2021|
|Leandro Angelo Y. Aguirre||Deputy Commissioner||February 9, 2018|
|Raymund E. Liboro||Commissioner||March 7, 2016 - December 13, 2021|
|Damian Domingo O. Mapa||Deputy Commissioner||March 7, 2016 – February 9, 2018|
|Ivy D. Patdu||Deputy Commissioner||March 7, 2016 – December 5, 2019|
- https://www.dbm.gov.ph/wp-content/uploads/GAA/GAA2023/VolumeI/DICT/C.pdf[bare URL PDF]
- Republic Act No. 10173: An Act Protecting Individual Personal Information in Information and Communications Systems in the Government and the Private Sector, Creating for this purpose a National Privacy Commission, and for Other Purposes (2012)
- Data Privacy Act, Section 7
- Data Privacy Act, Section 9
- Data Privacy Act, Section 2
- Ronda, Rainier Allan (January 1, 2017). "Privacy body raises private sector awareness on data security". Philippine Star.
- "Philippine Data Privacy Law is Signed into Law". HL Chronicle of Data Protection. August 23, 2012.
- "DOST exec named first commissioner of National Privacy Commission". NewsBytes.ph. March 7, 2016.
- "IRR for Data Privacy Act released 4 years after passage of law". NewsBytes.ph. August 27, 2016.
- Ronda, Rainier Allan (January 6, 2017). "Comeleak: Bautista faces criminal raps". Philippine Star.
- Nonato, Vince F. (February 21, 2017). "Another Comeleak? Theft probed". Philippine Daily Inquirer.
- de Villa, Kathleen (January 30, 2017). "Agency reminds bank on data privacy law". Philippine Daily Inquirer.
- Cervantes, Filane Mikee (December 17, 2021). "John Naga appointed privacy commissioner". pna.gov.ph. Retrieved July 20, 2023.
- Calimag, Melvin (February 9, 2018). "UP, Harvard law grad named new NPC deputy commissioner". NewsBytes.ph. Retrieved May 12, 2018.