The City Government of Davao on October 6 issued Executive Order No. 30 series of 2023, implementing the Republic Act No. 10173 or the Data Privacy Act (DPA) of 2012.
Ordinance No. 30 mandates the implementation of the DPA through the appointment of âappropriate personnel to undertake the specific functions under the said Actâ.
The EO stipulates the designation of a Data Protection Officer (DPO) by the city mayor to ensure that the city government is compliant to the DPA, its Implementing Rules and Regulations as well as to data privacy issuances from the National Privacy Commission (NPC).
The DPO is obligated to collect and keep records of the processing operations of the City Government of Davao and its departments and units; check for compliance of data processing activities; inform and advise the local government and its various offices on data management and security, including Data Sharing Agreements with third parties; and ensure proper response protocol in the event of a data breach, among others.
The DPO is also responsible for cultivating privacy and data awareness within the local government as provided by the NPC.
A Data Privacy Committee chaired by the City Legal Office is established to assist the DPO, while two personnel from each office will be designated as Compliance Officers for Privacy (COP).
The main functions of COPs are âto report to the DPO any data breach and security incident within their respective office within the prescribed period,â raise awareness on data protection in their respective office, serve as âthe focal person of their respective offices in all matters concerning data privacy,â and other duties the DPO may assign to further strengthen data protection.
EO No. 30 also mandates the creation of a Data Breach Response Team within the city government which is responsible for assessing and evaluating all security incidents (including personal data breaches), restoring integrity to the affected information and communications systems, recommending measures for mitigation and remedies, complying with the mandatory notification and other reporting requirements, among others. CIO
