The city government designated City Human Resource Management Officer Atty. Agustin P. Laban III as the city’s concurrent Data Protection Officer (DPO) to ensure its compliance to the pertinent provisions of the Data Privacy Act.
Further, the city government can also designate compliance officers for privacy (COP) at the barangay level provided that these shall be under the supervision of the Data Privacy Officer of the city government that the barangay is part of.
However, a city shall only be allowed to register one DPO provided that the local government may designate one or more COP who shall then be indicated as such in the DPO registration in cases where the Personal Information Controller (PIC) has several branches, offices or has a wide scope of operation.
Among the duties and responsibilities of the DPO are to monitor the compliance of the PICs with the Data Privacy Act, its implementing rules and regulations, issuances by the National Privacy Commission (NPC) and other applicable laws and policies; collect information to identify the processing operations, activities, measures, projects, programs, or systems of the PIC and maintain a record thereof; analyze and check the compliance of processing activities, including the issuance of security clearances to and compliance by third party service providers; inform, advise, and issue recommendations to the PICs; ascertain renewal of accreditation or certifications necessary to maintain the required standards in personal data processing and advise the PICs as regards the necessity in executing a data sharing agreement with third parties and ensure its compliance with the law.
Aside from the aforesaid duties and responsibilities, the DPO is also tasked to ensure the conduct of privacy impact assessments relative to activities, measures, projects, programs, or systems of the PIC; advise the PIC regarding complaints or the exercise by data subjects of their rights; ensure proper data breach and security incidents management by the PIC, including the latter’s preparation and submission to the NPC of reports and other documentation concerning security incidents or data branches within the prescribed period; inform and cultivate awareness on privacy and data protection within the organization of the PIC, including all relevant laws, rules and regulations and issuances of the NPC; advocate for the development, review and/or revision of policies, guidelines, projects and/or programs of the Pic relating to privacy and data protection by adopting a privacy design approach; serve as the contact person of the PIC vis-à-vis data subjects, the NPC and other authorities in all matters concerning data privacy or security issues or concerns in the PIC; cooperate and seek the advise of the NPC regarding matters concerning data privacy and security and perform other duties and tasks that may be assigned by the PIC that will further the interest of data privacy and security and uphold the rights of the data subject.