The Digital era has created unprecedented opportunities to conduct banking and deliver financial products and services in the digital space. Globally, financial institutions must collect, store, process, and exchange large volumes of information in order to serve clients in this digital space and must also face increasing challenges in the areas of data security, maintaining data privacy, and meeting related compliance obligations.
Republic Act No. 10173, known as the Data Privacy Act of 2012, requires government and private sector entities to apply the principles of Transparency, Legitimate Purpose, and Proportionality in their processing of personal data so that the data is only used in relevant and specifically stated ways, is not stored for longer than necessary, is kept safe and secure, is used only within the confines of the law, and is stored following people’s data protection rights.
We are committed to protecting and respecting individuals’ privacy and rights to control information about themselves and to decide how and to what extent such information is shared with others.
We have a Data Privacy Office, headed by a Board-appointed Data Privacy Officer (DPO), a lead senior management officer. The key focus of the DPO is to oversee data privacy compliance and manage data protection risks for the organization consistent with the Data Privacy Act rules and regulations, issuances by the National Privacy Commission and other applicable laws. Management has also appointed Compliance Officers for Privacy (COP) for major business units of the Bank.
Ultimately, our Board of Directors is responsible for ensuring that data privacy is a fundamental element in the over-all corporate governance, responsible for overseeing implementation of the Bank’s strategic objectives and risk strategies for data privacy. At the Board level, apart from oversight through its Risk Management and Audit Committees, directors focus on key issues of cyber security and data privacy at board meetings in order to execute the Board’s compliance and managerial oversight as well as to mitigate risk.