Home NATIONWIDE Framework para sa gov’t data security, cross-border transfers in-update ni PBBM

Framework para sa gov’t data security, cross-border transfers in-update ni PBBM

1
0

MANILA, Philippines – In-update ni Pangulong Ferdinand R. Marcos Jr. ang data security framework ng gobyerno sa pamamagitan ng Executive Order (EO) 119, nagtatatag ng unified rules ukol sa data classification, data residency, at cross-border data transfers.

Ang EO 119, nilagdaan ni Pangulong Marcos noong Hulyo 13, in-update ang Government Data Classification Framework itinatag sa ilalim ng Memorandum Circular (MC) 78 na inisyu noong 1964.

Ang MC 78, inamiyendahan ang MC 196 inisyu noong1968, itinatag ang data classification framework na gumagabay sa seguridad ng ‘classified matter’ sa mga government offices.

“The existing data classification framework established under MC No. 78, as amended, was formulated in the context of a paper-based bureaucracy and is no longer fully responsive to the demands of contemporary digital governance, cybersecurity risks, cloud computing environments, and cross-border data flows,” ang mababasa sa EO 119.

“There is a need to update and modernize the government’s data classification and to establish a coherent policy framework on data residency, and cross-border data transfers to safeguard national security, uphold data sovereignty, ensure compliance with existing laws, and support secure digital transformation across government,” ang mababasa pa rin sa EO.

“The new EO mandates covered government entities to adopt a unified, risk-based approach in classifying, protecting, handling, and managing government data,” ayon sa ulat.

Saklaw ng kautusan ang lahat ng government data sa digital o hybrid form, owned, processed, o controlled ng national government agencies and instrumentalities, kabilang ang government-owned or -controlled corporations, at state universities and colleges, consistent kasama ang existing laws, rules and regulations.

Ang legislature, judiciary, constitutional commissions, Office of the Ombudsman, at local government units ay hinihikayat na i-adopt ang kautusan.

Ang EO ay hindi ina-apply sa private sector commercial data na pag-aari ng private entities. Gayunman, saklaw nito ang ‘government data o information processed o stored’ ng private entities, kabilang ang mga sangkot sa public-private partnerships, public services, public utilities, critical infrastructure, o strategic o sensitive projects, ‘on behalf’ sa mga ahensiya ng gobyerno.

Sa ilalim ng updated Data Classification Framework, “government data will be classified into two general classes: Restricted Access Data and Open Access Data.”

Ayon naman sa EO 119, ang Restricted Access Data ay tumutukoy sa opisyal na usapin na nangangailangan ng proteksyon sa interest ng national security, habang ang Open Access Data ay nangangahulugan ng impormasyon o bagay na hindi babagsak sa restricted classification.

Ang Restricted Access Data ay maaaring ituring bilang “top secret, secret, confidential, and restricted.”

“All data classification, legal basis, and risk assessments shall be recorded in a Government Data Classification Registry System, to be developed and maintained by the Department of Information and Communications Technology (DICT),” ayon sa kautusan.

“Overclassification is prohibited to maintain the integrity of the data classification framework, ensure the importance of correctly classified data, and prevent unnecessary delay, expense, or administrative burden,” ang sinasabi sa kautusan.

“Cross-border transfers of government data containing personal information or sensitive personal information will require a standard of protection guarantee from the Personal Information Controller,” ayon pa rin sa kautusan.

Inatasan naman ang DICT na makipagtulungan at ugnayan sa National Privacy Commission, kaugnay na government agencies, academic institutions, at industry partners sa pagbalangkas at pagpapahayag ng komprehensibong pagsasanay at competency framework ukol sa ‘data protection, residency, at cloud governance.’

“The EO also provides for the creation of a Joint Oversight Committee for Data Classification (JOC-DC), which will monitor compliance and receive annual reports from covered agencies,” ayon sa ulat.

Magsusumite naman ang komite ng pinagsama-samang report sa Pangulo.

Sa pamamagitan ng phased implementation, inaasahan na ang saklaw na government agencies ay ganap na susunod sa loob ng tatlong taon mula sa effectivity ng EO. (KRIS JOSE)

LEAVE A REPLY

Please enter your comment!
Please enter your name here