The Digital era has created unprecedented opportunities to conduct banking and deliver financial products and services in the digital space. Globally, financial institutions must collect, store, process, and exchange large volumes of information in order to serve clients in this digital space and must also face increasing challenges in the areas of data security, maintaining data privacy, and meeting related compliance obligations.
Republic Act No. 10173, known as the Data Privacy Act of 2012, requires government and private sector entities to apply the principles of Transparency, Legitimate Purpose, and Proportionality in their processing of personal data so that the data is only used in relevant and specifically stated ways, is not stored for longer than necessary, is kept safe and secure, is used only within the confines of the law, and is stored following people’s data protection rights.
We are committed to protecting and respecting individuals’ privacy and rights to control information about themselves and to decide how and to what extent such information is shared with others.
We have a strong Data Privacy Policy in place, which describes to whom the policy applies to, what personal data we collect, how such data is collected, how we may use personal data for core business and marketing purposes, how we may disclose and share such personal data, how such personal data is stored and retained, and how such data can be accessed or corrected.
Our Data Privacy Policy is supported by a comprehensive Data Privacy Program utilizing a combination of policies, organizational structure, access controls, and technologies designed for risk reduction.
We have a Data Privacy Office, headed by a Board-appointed Data Privacy Officer (DPO), a lead senior management officer. The key focus of the DPO is to oversee data privacy compliance and manage data protection risks for the organization consistent with the Data Privacy Act rules and regulations, issuances by the National Privacy Commission and other applicable laws. Management has also appointed Compliance Officers for Privacy (COP) for major business units of the Bank.
Security of personal data is critical to the Data Privacy Program. We have in place safeguards that help ensure that personal data stored with us are secure and are protected in accordance with our Data Privacy Policy. We maintain strict security standards and procedures with a view to preventing unauthorized access to personal data by anyone, including our staff. We use leading technologies such as (but not limited to) data encryption, firewalls and server authentication to protect the security of personal data. All BPI employees are required to observe our privacy standards and are audited for compliance.
Ultimately, our Board of Directors is responsible for ensuring that data privacy is a fundamental element in the over-all corporate governance, responsible for overseeing implementation of the Bank’s strategic objectives and risk strategies for data privacy. At the Board level, apart from oversight through its Risk Management and Audit Committees, directors focus on key issues of cyber security and data privacy at board meetings in order to execute the Board’s compliance and managerial oversight as well as to mitigate risk.