Meet Robert Sanchez Paguia, a dynamic force in the realm of data privacy and IT, carving an inspirational path despite a non-IT background. Starting his journey at the Philippines' National Privacy Commission, Robert delved into data privacy advocacy, becoming a seasoned educator and consultant.
Unconventional Journey: Robert's leap into the IT domain stems from a diverse educational background in Philosophy, Law, and Public Management. Joining the IT department at PhilHealth marked the onset of his transformative journey.
Advocacy & Accomplishments: As a pivotal figure, Robert led pioneering projects like UMID at PhilHealth and the PhilSys project at PSA, while also contributing significantly as a resource speaker at the NPC.
Future Endeavors: Looking ahead, Robert aims to bolster DPA compliance and enhance the country's cybersecurity landscape, ensuring his organization is at the forefront of data protection.
Robert Sanchez Paguia's narrative showcases an inspiring tale of adaptation, leveraging expertise across domains to fuel innovation and fortify data protection in
JOIN US FOR ROBERT'S SPOTLIGHT STORY
Q. Can you share how your journey, transitioning from a non-IT background to a prominent role in data privacy., has shaped your perspective on technology and privacy practices?
Being a non-IT person, my transition into data privacy did not come easy. Data privacy and protection, being a new concept at that time, was something that was not easy to fully grasp and understand. It took me lots of readings and listening to our Commissioners then to really understand what the law was and its implications in our everyday lives. It made me realize how important technology was and how rapidly it is evolving that if we don’t know how to make use of it properly, we would find ourselves at the mercy of these technological advancements happening around us. It also helped me to understand that technology and data privacy can go hand-in-hand by putting in the required security measures under the law to fully safeguard our personal information or personal data.
Q. Could you highlight the critical areas where organizations often overlook or struggle to comply with data privacy laws, and what advice do you offer to overcome these challenges?
From my years of practice in data privacy and protection, one critical area that is often overlooked not only here in the Philippines but also globally is the requirement for Consent. It is enshrined in all privacy laws of each country that before companies, known under the Data Privacy Act of 2012 as Personal Information Controllers (PICs) and Personal Information Processors (PIPs), can process personal information / personal data, there should be consent on the part of the individual concerned or those referred to as Data Subjects under the law. Awareness and full respect for the rights of the data subjects is one way to overcome this challenge of getting consent from the data subjects before processing of their personal information. Once these PICs and PIPs learn how to really get first the required consent from data subjects complying with the law would be a breeze for these companies collecting data subjects’ personal information.
Q. Your experience as a Project Head/Coordinator for the UMID Project and Project Manager for the PhilSys project is quite notable. How did these roles contribute to your understanding of data privacy and cybersecurity?
Being appointed as Project Head / Coordinator of the UMID project and Project Manager of the bigger PhilSys project considering its national scope and application, it has made me more aware on the implications of the Data Privacy Act of 2012 (RA 10173) and the Cybercrime Prevention Act of 2012 (RA 10175) considering that in both projects we are required to collect and process personal information of data subjects. The PhilSys project in particular where we started from scratch determining what are the personal information that we need to collect from data subjects, my previous experience with the National Privacy Commission (NPC) helped a lot in the proper determination of the personal information that we needed to include in our Registration Form that would not violate the proportionality principle of the DPA of 2012. As far as cybersecurity is concerned, knowing that we are dealing with data subjects’ personal information, it really helped a lot in knowing how we can appropriately secure, safeguard and protect all these personal information that we are collecting and consequently storing in our servers from so-called hackers and scammers.
Q. What advice would you give to individuals or organizations aiming to enhance their data privacy measures and compliance with data protection laws?
My first and foremost advice for individuals and organizations wishing to enhance their compliance with the DPA of 2012 is for them to really understand all the regulatory requirements of the law and to be aware of the basic and most important prerequisite which is consent. Once these individuals and organizations learn the importance of securing first the consent of data subjects all other regulatory requirements would become so much easier to comply with. Nothing beats educating ourselves (as individuals) and capacitating each and every employee (for organizations) on the intricacies of the DPA of 2012.
Q. Lastly, how do you envision the future of data privacy advocacy and its role in shaping a more secure and ethically-driven technological landscape?
Personally, I envision a future where all data subjects would be more empowered to really safeguard and protect their personal information by being more aware of their rights under the law. By being more empowered to protect our respective personal information, we can make sure that PICs and PIPs are properly collecting, processing and making use of our personal information in accordance with what the law requires. By being empowered, we, as data subjects, can make these PICs and PIPs more transparent in the way they collect and process personal information and make them accountable in cases of data breaches and other security incidents involving our personal information.
Bình luận