DOE Revokes SCC of Pasig LPG Firm; Explosion Probe Underway

Wazzup Pilipinas!

Energy Secretary Alfonso Cusi vowed today to get to the bottom of the explosion in a liquefied petroleum gas (LPG) refilling plant in Pasig City as he ordered close coordination by his staff with the Bureau of Fire Protection (BFP) unit now investigating the incident.

“Public safety is always our priority and the DOE (Department of Energy) is looking closely at this unfortunate incident which injured at least 20 people. Our common objective with the BFP is to ensure that this does not happen again,” said Secretary Cusi.

To ensure their safe operation, LPG refilling plants are tasked to comply with the Philippine National Standards (PNS) for Refilling Plants and the DOE Circular on LPG Industry Rules.

A Standards Compliance Certificate (SCC) is issued once an LPG refilling plant complies with the minimum requirements of the PNS and the DOE circular. Other government agencies like the BFP, as well as local government units (LGUs) have their own requirements for compliance by LPG refilling companies.

Initial reports have said that the company involved in the incident have secured an SCC and all other prerequisite requirements from the BFP and the Pasig government.

Cusi said the DOE will revoke the company’s SCC because of the incident and that it cannot operate until it is able to secure a new SCC after all pertinent investigations have been concluded to the DOE’s satisfaction.

“Violations of the DOE Circular on LPG Rules merit administrative sanctions on those responsible,” Cusi stressed.

LPG refilling firms are also required to comply with provisions of the Fire Code of the Philippines and local government ordinances, if any, with regards to operational safety. Overall, the BFP is mandated to ensure against fire hazards in all businesses in the Philippines.

Appoint Data Protection Officers ASAP - Privacy Commissioner

Wazzup Pilipinas!

The National Privacy Commission (NPC) has reiterated that chief executives of public and private organizations who process personal information must designate their own Data Protection Officers (DPOs) stressing its urgency following its decision on the "Comeleak" breach, which was made public last week.

NPC Chairman and Privacy Commissioner Raymund Enriquez Liboro said organizations that have yet to comply with the Data Privacy Act of 2012 should immediately appoint their own DPO, who would be accountable for ensuring compliance as regards everything related to data privacy and security. Liboro said officially designating a DPO signals an organization's "commitment to comply" with the law.

"Personal data handling is a public trust, and carries with it a burden of accountability. No amount of ignorance or legal naiveté can erase that accountability," Liboro said.

"The Data Privacy Law of 2012 is about making sure those we entrust with our personal data are actually trustworthy by compelling them to do everything they can to protect it," Liboro added.

In its decision dated December 28, 2016, the privacy body said COMELEC has failed to designate an accountable officer for data privacy, as required under Section 21 of the Data Privacy Act of 2012.

"If you process a lot of personal data, you could be a disaster waiting to happen, if you fail to apply the principles provided in the law " Liboro said.

In Section 21 of the Data Privacy Act of 2012, the DPO is defined as an "individual or individuals who are accountable for the organization’s compliance" with the privacy law, so designated by the organization in the exercise of its duty as a "personal information controller" (PIC). This requirement is echoed in the law'simplementing rules and regulations (IRR), under Section 26, which states that such individuals "shall function as data protection officer" and would "be accountable for ensuring compliance with applicable laws and regulations for the protection of data privacy and security."

“The DPO is essentially tasked to champion people's privacy rights from within his or her organization. In so doing, the DPO is able to minimize the risks of privacy breaches, address underlying problems, and reduce the damage arising from breaches if and when they do occur.

Complying with the law produces a lot of upside.” Showing the public your commitment to protect their personal data, lead to increased consumer trust and thus, higher patronage.”, Privacy Commissioner Liboro said.

The DPO is expected to facilitate compliance with the privacy act, which requires the following:

Adherence to data privacy principles
Implementing organizational, physical and technical security measures
Upholding the rights of data subjects

With a view to upholding the rights of data subjects, the DPO’s job is focused on protecting data --- from collection, to storage, to sharing and destruction. Part of this job includes providing data subjects with access to their personal data, and instructions on how they can object to processing and obtain relief when needed.

“What is absolutely required of the DPO is willingness to understand information security and privacy principles and the capability to monitor compliance based on the law. Or in short, he or she has to be an advocate for privacy rights of the data subject,” Liboro said. “For MSMEs that process personal data, the DPO can even be the business owner, what is important is developing a culture of privacy within their organization and ensuring their employees are aware of data privacy principles.” Liboro added.

A DPO, however, could not effectively function in a vacuum. Apart from a strong strategic framework, the job requires committed support from top management.


Lauding National Government Agencies who comply with the law.

From recent consultations with several National Government Agencies, the Commission was pleased to note that some agencies have been complying and/or starting to comply with the provisions of the Data Privacy Act of 2012 like: Department of Health, Philhealth and the Department of National Defense to name a few. Privacy Commissioner Liboro also noted,” even the NEDA has a designated Data Protection Officer who was appointed by management years ago after the law had been passed. The MMDA upon the instructions of Chairman and GM Thomas Orbos have recently appointed their own Data Protection Officer to comply with the law.” The proactive heads of these agencies must be commended for displaying zeal in protecting personal data in their agencies’ possession.”, Privacy Commissioner Liboro added.

A Guide to Security for Today's Cloud Environment

Wazzup Pilipinas!

Enterprises have rapidly incorporated cloud computing over the last decade, and that trend only seems to be accelerating. Private cloud infrastructure, including virtualization and software-defined networking (SDN), is in the process of transforming on-premise data centers, which host the majority of enterprise server workloads around the world. Enterprises are also embracing public clouds at an unprecedented rate, with most connecting back to on-premise environments to create a true hybrid cloud environment. For all their advantages, these accelerated infrastructural changes also raise major concerns about security, and the ability to protect end-users and sensitive data from ever-evolving cyber threats.

As today’s enterprise data centers evolve from static internal environments to a mix of private, public, and hybrid clouds, organizations need to augment traditional firewalls and security appliances (deployed for north-south traffic at the network edge) with expanded protection for east-west traffic moving laterally across the network, both within internal networks and across clouds.

To maintain a strong security posture in private, public, and hybrid clouds, organizations need to increase and perhaps even reallocate security to keep pace with these more dynamic, distributed, and fast-paced environments. 

Here are some specific areas to consider: