ADVISORY OPINIONS
The National Privacy Commission (“NPC”) issued NPC Circular No. 18-01 dated 10 September 2018 which provides the rules of procedure on requests for advisory opinions on matters relating to data privacy or data protection.
The Circular mandates that requests for advisory opinions be commenced by a letter request addressed to the Privacy Commissioner and Chairman. Likewise, the Circular enumerates issues that may be the subject of an advisory opinion as well as requests that may not be accommodated by the NPC. The Circular further provides that if during the pendency of the request for advisory opinion a complaint has been filed before the NPC Complaints and Investigation Division, the complaint shall be given precedence and the request for advisory opinion previously filed shall be held in abeyance.
The Circular clarifies that an issued opinion shall not be used as a standing rule binding on the NPC and the general public. Neither shall any advisory opinion be used to adjudicate issues, impose sanctions or award damages.
Click here to download the Advisory Opinions.
GUIDELINES ON COMPLIANCE CHECKS
The National Privacy Commission (“NPC”) issued NPC Circular No. 18-02 dated 20 September 2018, providing Guidelines for the conduct of Compliance Checks.
Compliance Checks are the systematic and impartial evaluation of a Personal Information Controller (PIC) or Personal Information Processor (PIP) to determine whether the entity’s processing of personal data is carried out in accordance with the standards mandated by the Data Privacy Act and other issuances of the NPC. Under the Circular, the NPC may employ any of the following three (3) modes of Compliance Checks: (i) a Privacy Sweep wherein the NPC reviews publicly available and/or accessible information (i.e. websites, brochures, etc.); (ii) Documents Submission, under which the NPC may require the PIC or PIP that has undergone a Privacy Sweep to submit documents and additional information to clarify certain findings or to determine compliance; and (iii) an On-Site Visit, if there are persistent or substantial findings of non-compliance. The NPC may, in its discretion, directly employ this last mode if the totality of the circumstances warrants such action.
Rules on when to conduct the checks as well as the prescribed manner and timelines for sending out the Notice of Compliance Checks are also set forth in the Circular.
The NPC may issue a Notice of Deficiencies, a Compliance Order, or a Certificate of No Significant Findings, whichever is applicable. Failure to comply with Compliance Orders may subject the PIC or PIP to criminal, civil or administrative penalties.
Download the Guidelines on Compliance Checks here.
Need legal advice?
If you are in need of legal advice, you can request a quote with DFDL lawyers or get a Quick consult with experienced lawyers. With Quick Consult, from a transparent, flat fee of $49, the lawyers will call you back on the phone within 1-2 days to answer your questions and give you legal advice.
This article is written by DFDL Lawyers.
This article was first published on the DFDL website.
This article does not constitute legal advice or a legal opinion on any matter discussed and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and practice in this area. If you require any advice or information, please speak to practicing lawyer in your jurisdiction. No individual who is a member, partner, shareholder or consultant of, in or to any constituent part of Interstellar Group Pte. Ltd. accepts or assumes responsibility, or has any liability, to any person in respect of this article.