• Cecilia Soria

Regulator Updates: NPC, July 2020

I was fortunate enough to attend the Data Privacy Council meeting last July 30, where the NPC shared updates on what they've been up to and their plans for the remainder of 2020. Here are the more important items from the presentations:

DPO Registration. As you may already know, the NPC extended the validity of the DPO registrations since the new NPC portal is not yet ready (among a host of reasons for the extension, I am sure). Note though that the NPC continues to accept and process applications for DPO registration. These can be submitted via email. Please refer to the NPC website for more information.

Privacy Sweeps. The NPC continues to do Privacy Sweeps, and they have completed 175 sweeps in Q2 2020. How do they choose which organizations to examine? Here are some of the things they look at:

  • Level of risk to the rights and freedoms of data subjects;

  • Whether NPC has received reports/complaints on the PIC/PIP;

  • Whether the PIC/PIP is registered;

  • Whether there is personal data traced to the PIC/PIP that is available online;

  • Whether the PIC/PIP is part of a sector that has seen a lot of data breaches/complaints.

Personal Data Breaches. In the first half of 2020, the NPC received 120 personal data breach notifications. In June, there was a surge of data breach notifications in the Education sector. Because of this, the NPC met with stakeholders in the sector and reminded them to invest in data protection systems. The NPC noted the inability of schools to detect security incidents. Some data breaches were discovered only after the personal data of students became available online.

Hearings. The NPC clarified that they only suspended their face-to-face hearings but will continue to hold hearing henceforth via video-conferencing. The NPC will be issuing supplemental rules of procedure/guidelines to cover hearings via video-conferencing.

Electronic filing. Electronic filing of complaints and other pleadings is encouraged by the NPC. For filings related to cases, please do not forget to include the case number in the subject line to ensure your filing does not get lost.

ACE Certification. NPC will be working on accreditation of training professionals for their ACE certification program. The NPC plans to hold a Train-the-Trainers training program before giving the accreditation exam.

Notes on the Present Future


Thursday, 15 October 2020

I found an old favorite Medium post on the complications of enforcing the General Data Protection Regulation. If you'd like to nerd out o...

Tuesday, 13 October 2020

Interested in learning more about privacy, security, and data governance? You can still catch the few remaining hours to register for Tru...

Sunday, 30 August 2020

This is off-topic but I am sharing this tweet and urging you to check out the whole thread on Twitter. In the midst of all the debate, it...

©2020 by Cecilia Soria