Supporting the government’s drive to promote understanding of the Data Privacy Act, GCash, a mobile wallet firm operated by Mynt (Globe Fintech Innovations Inc.) joined the National Privacy Commission in celebrating Privacy Awareness Week last month.
In a forum with its employees, GCash underscored the need to protect the data privacy not just of GCash customers but also of its data handlers and processors.
Mel Migrino, chief security and privacy officer of Mynt, said the systems and processes used by GCash are aligned with the requirements of the Bangko Sentral ng Pilipinas and the Data Privacy Act of 2012.
“GCash looks at security and privacy as key pillars that will enable and grow the business. If that is how we see security and privacy, then we want to make sure that we uphold the rights of data subjects,” she said, adding that the data privacy team at GCash is constantly examining new regulations on data protection that could affect GCash users.
Migrino, who is also Mynt’s Data Protection Officer, said GCash has the most extensive consent form to ensure that its users are protected even by its partners, such as banks, with whom GCash shares the personal data of customers.
“These are declared because we need to establish transparency. Transparency is one of the core principles of the Data Privacy Act, and we want a way to demonstrate that to our customers,” she said.
“The current consent framework in the GCash app has a provision wherein if you have concerns or if you feel that there should be limitations to how you want GCash to process your data, you can advise our office. We make sure our customers can exercise their rights,” Migrino said.
This year, the theme of the Privacy Awareness Week is “Protecting the Digital Filipino: Accountability, Compliance & Ethics in a Data-driven Philippines,” which focuses on boosting privacy safeguards and raising the sense of accountability, compliance and ethics of entities that handle personal data.
Dr. Rolando Lansigan, former chief of the National Privacy Commission’s compliance and monitoring division, highlighted the responsibility of people to protect their own data privacy.
“When an organization like GCash processes personal information, it should always be accurate, and accuracy will come from the data subjects themselves. It’s good that GCash has the facility to edit user information,” Lansigan said.
He emphasized that the processing of data should always be within the full control of the individual unless the data subject is a minor.
“It’s always a two-way street. There’s no 100% fool-proof security. Sometimes, companies focus so much on cybersecurity but really, all you need is a breach by one person,” he said.
Migrino echoed this reminder, saying that people should not only look at cybersecurity when it comes to data privacy protection.
“The common understanding of people is that breach happens only when there is a cyberattack leading to data exfiltration. It’s not only that. If you accidentally send a file with your name, mobile number, email address to an unauthorized third party, or you leave documents lying around, or you have your laptops open for others to see — that’s a breach of data privacy,” Migrino said.