I am a Senior Legal Associate of RareJob Philippines, Inc., and have been working with the same company for five (5) fruitful years. I’ve also been an active member of the Information Security Management Committee (ISMC) – a committee designed to assist the company’s compliance with data privacy and other related laws. More about me: I also enjoy learning how to roller skate, jump rope, and play the ukulele, however these add to my profile. Haha!

In its simplest but all-encompassing definition, “Data Privacy” (a.k.a. Information Privacy) is the act of protecting the confidentiality, integrity, and availability of personal information that are collected, stored, managed, and shared – generally, described as processing. Alongside the definition of proper handling of data, data privacy is also about the public expectation of privacy, centering around the individual as a key figure.

The right to privacy is a fundamental human right recognized in the UN Declaration of Human Rights, and International Covenant on Civil and Political Rights, among others. Accordingly, any violation to this fundamental right constitutes legal injury.

As an active member of the ISMC, I was given the opportunity (and responsibility) to define the company’s data privacy policies. During this period, I exhausted the last strain of my brain cells for research and analysis, especially in the area of privacy in the digital world.

At the dawn of intense and wide use of social media, I think people’s perception of data privacy drastically changed – we’ve become more conscious to threats of hacking, phishing, and identity theft / fraud. With the increasing people awareness to data privacy, alongside the ever-progressing digital world, it is necessary and important for the company to run side-by-side these progressions; hence, we conduct Privacy Impact Assessment (“PIA”), and Privacy Awareness Week (“PAW”), among others, as a way to check the current processes being implemented by the company and tap on the minds of everyone regarding data privacy.

With great pride, it is worth saying that for RJPH, data privacy policies have already existed since its incorporation; ISMC merely refined them by incorporating the mandates under the Data Privacy Act of 2012 (“DPA”), its Implementing Rules and Regulations, and other related laws. By refining it, we focused on compliance requirements and improvement of data breach and security, including the notification and reporting line in case of breach (and possibility of breach).

Despite the efforts of the company, and the government, to protect the fundamental right to privacy, the best way to respect this right to privacy is through consciousness. The wide use of social media promotes various trends – flex culture, appreciation posts, overselling oneself – and these trends pose great challenge to our perspective on privacy right. If we treat right to privacy on the same scale as our rights to life, liberty, and property, we will be more cautious (and conscious) to threats and attacks to our privacy, particularly the personal information we are willing to disclose.