Hello. Just thought I'd explain to you some changes in the way I will be updating this blog.

I have been blogging--in so many ways on different platforms--on and off since around 2000. And the way I blogged changed in tandem with the way that publishing content online changed: First, my posts looked like online journal entries; Then they became curated links, introduced by quips that were either funny or punny.

And then Facebook and Twitter came along and we all got lazy posting to blogs that only a handful of people ever read. So we all migrated to the social platforms.

I started this blog when I started my consulting work for two reasons:

  1. I wanted to one place where I can put all my notes on what I learned about privacy and what I thought about what I learned. I thought that it would also be interesting to see how my thinking evolved as I knew more about the work.

  2. I also needed a place to show people that I legit knew things about privacy and that I wasn't just selling them snake oil.

Then I moved on to being employed full-time and I forgot about this blog. I felt no pressure to update this website since I didn't do consulting work anymore.

In the past months, I've had some time to think about what I wanted to do with this website. I decided to keep it because my reason #1 for starting this blog was still valid for me in my present professional context. I also didn't want to put my notes on Facebook or Twitter (I regularly delete posts on these platforms), and I also didn't relish posting my work amidst all the displays of professional thirst over at LinkedIn.

So here I am.

Let me warn you though. Since I have shifted the tone of this website to a personal rather than professional one, the way I post will also change. My goal is to post more often, on more diverse topics. I will still post longform (or as longform as I can manage, at least) when I have time to research and study up on some topics. But more often, I will just be posting links with a little bit of commentary. I don't want to flood your inboxes when I do this and so I have turned off the feature which alerts followers of this blog on each new post. I will find a way to let people leave comments on posts, in an unobtrusive way as possible, and I hope we can have discussions on some developments or issues that interest you. In any case, I hope you will find my posts interesting, if not useful.

Thank you for taking the time to read my blog. Here's a really nice XKCD comic as pabaon. Hope to see you more often in my corner of the web!

I was fortunate enough to attend the Data Privacy Council meeting last July 30, where the NPC shared updates on what they've been up to and their plans for the remainder of 2020. Here are the more important items from the presentations:

DPO Registration. As you may already know, the NPC extended the validity of the DPO registrations since the new NPC portal is not yet ready (among a host of reasons for the extension, I am sure). Note though that the NPC continues to accept and process applications for DPO registration. These can be submitted via email. Please refer to the NPC website for more information.

Privacy Sweeps. The NPC continues to do Privacy Sweeps, and they have completed 175 sweeps in Q2 2020. How do they choose which organizations to examine? Here are some of the things they look at:

  • Level of risk to the rights and freedoms of data subjects;

  • Whether NPC has received reports/complaints on the PIC/PIP;

  • Whether the PIC/PIP is registered;

  • Whether there is personal data traced to the PIC/PIP that is available online;

  • Whether the PIC/PIP is part of a sector that has seen a lot of data breaches/complaints.

Personal Data Breaches. In the first half of 2020, the NPC received 120 personal data breach notifications. In June, there was a surge of data breach notifications in the Education sector. Because of this, the NPC met with stakeholders in the sector and reminded them to invest in data protection systems. The NPC noted the inability of schools to detect security incidents. Some data breaches were discovered only after the personal data of students became available online.

Hearings. The NPC clarified that they only suspended their face-to-face hearings but will continue to hold hearing henceforth via video-conferencing. The NPC will be issuing supplemental rules of procedure/guidelines to cover hearings via video-conferencing.

Electronic filing. Electronic filing of complaints and other pleadings is encouraged by the NPC. For filings related to cases, please do not forget to include the case number in the subject line to ensure your filing does not get lost.

ACE Certification. NPC will be working on accreditation of training professionals for their ACE certification program. The NPC plans to hold a Train-the-Trainers training program before giving the accreditation exam.

Updated: Jan 18, 2020

Data privacy professionals around the world celebrate International Data Privacy Day on January 28, 2020. Part of this global celebration will be the IAPP KnowledgeNet Philippines Chapter’s first meeting for the year, featuring a discussion of House Bill No. 5612 amending the Data Privacy Act.

Newly-appointed Deputy Commissioner John Henry Naga of the National Privacy Commission will deliver a keynote. Meanwhile, Ms. Ivy Grace Villasoto, Head of the NPC’s Privacy Policy Office, will be presenting the highlights of the HB 5612. Her presentation will be followed by reactions from panelists representing different sectors of business: BPO, Telecommunications, Hospitality, and Legal.

Learn more about the proposed amendments to the Data Privacy Act and get a chance to meet other Privacy professionals in the Philippines. To register, you may follow this link:

(IMPORTANT: You will need a profile for the IAPP website to register for the meeting. Create your IAPP website profile for free here:

Post Categories