UPOU CCDPO

Certificate Course for Data Protection Officers

The course is designed to train Data Privacy Officers who will be tasked with designing, implementing, and overseeing the respective data privacy policies of their organizations, in compliance with the Data Privacy Act and its Implementing Rules.

At the end of the course, participants who pass the final exam and submit a Privacy Impact Assessment (PIA) worksheet shall receive a certificate of completion.

Course Objectives

At the end of the course, participants will be able to discuss:

  1. Data Privacy Act, its Implementing Rules, and relevant issuances of the National Privacy Commission (NPC);
  2. the role of the Data Protection Officers and their expected duties;
  3. how to develop a Privacy Management Program for your organization;
  4. how to handle security or data breach incidents within your organization; and
  5. the basics of Information Security

Course Structure

The 4-week long online course is divided into seven (7) modules. It begins with an introduction to basic concepts of Privacy and Data Privacy, then progresses to more detailed discussions on the specific rights, obligations, and requirements under the Data Privacy Act.

Participants are then taken through practical exercises designed to train them in implementing data privacy practices and policies amidst the daily routine of an organization. Participants are also apprised of the appropriate information security practices that are recommended for adoption to ensure compliance with their data privacy obligations under the law.

Module Title Module Description
Module 1: Basic Privacy Concepts Overview on the basics of privacy law.
Module 2: Data Privacy Act (Basic Concepts) Fundamental concepts about the Data Privacy Act of 2012 and its Implementing Rules.
Module 3: Lawful Bases for Processing, Rights of Data Subject Various rights and obligations of data subjects and those who acquire possession and/or control over their personal data under the Data Privacy Act.
Module 4: Enforcement of Data Privacy Act Enforcement and implementation mechanisms under the Data Privacy Act, focusing in particular on these elements: Penalties, Compliance Officers for Privacy, Data Protection Officers, Registration, and Data Transfers.
Module 5: Privacy Management Program Guide, together with written exercises, on the establishment of a privacy management program, including on conducting a privacy impact assessment.
Module 6: Data Breach Management Necessary, compliant and best practices in the event of a data breach, including practical exercises for learners involving various scenarios of data breach.
Module 7: Information Security Information security practices required particularly for public sector employees.

Mode of Instruction

The course will be delivered online through a combination of video lectures, live Q&A sessions and workshops with the lecturers via videoconferencing. The course materials include course guide, study guides, video lectures and other online resources that will be uploaded in the course site.

The final examination is also administered online.

Course Lecturers / Resource Persons

Jose Jesus “JJ” M. Disini, Jr. is the founder and Executive Director of the Digital Freedom Network. JJ is a leading information and technology law expert in the Philippines. His areas of expertise are in intellectual property, technology law, cybercrime and privacy.

He is the first lawyer member of the Philippine Internet Commerce Society (PICS) and was actively involved in the lobbying efforts for the passage of the eCommerce Act (ECA Republic Act No. 8792). He later drafted its Implementing Rules and Regulations in 2000, under the supervision and control of an inter-agency task force committee co-chaired by the Department of Trade and Industry, Department of Budget and Management and the Bangko Sentral ng Pilipinas. A year later, he co-drafted the Rules on Electronic Evidence as part of the Supreme Court’s eCommerce Sub-committee.

JJ graduated with a Dean’s Medal at the UP College of Law, where he is now an Associate Professor. He is also an alumnus of the Harvard Law School where he obtained his Degree in Masters of Law LLM. He has been continuously practicing law since 1994 and established the Disini & Disini Law Office in 2000, where he is currently the Managing Partner. JJ is also the Program Director of the Law, Technology and Policy Program of the University of the Philippines Law Center.

JJ is a frequent speaker in legal forums and news and current affairs programs on television, where he discusses issues involving e-commerce, cybercrime, data privacy, and intellectual property, among others. In partnership with a recognized provider of custom-made human resource management systems, he developed an electronic training and certification course on Data Privacy, and a Philippine Data privacy resource website, both of which are already accessible online.

Together with the Disini Data Privacy Core Team, he is currently working on the compliance requirements of the leading open university in the Philippines, a major food chain, a top provider of business process outsourcing solutions, and a principal provider of water and wastewater services in the Philippines, among others.

Oliver Xavier “Oliver” A. Reyes is the Policy Officer of the Digital Freedom Network. A member of the Philippine Bar since 2002, he had previously worked for the Supreme Court of the Philippines as a Judicial Staff Head. During his service with the judiciary, he was Secretary for the Sub-Committee on Rules for Special Commercial Courts, and participated in the drafting of the Manual of Judicial Writing. Oliver then worked with the American Bar Association Rule of Law Initiative as Senior Program Manager working on a project for the automation of Philippine trial courts, and the Southeast Asia Internet Freedom Project, which built the capacity of lawyers in the region to litigate cases involving freedom of expression online and online privacy.

A co-founder of the internet rights advocacy group Democracy.Net.Ph. Oliver is also currently a Program Manager with the Law, Technology and Policy Program of the University of the Philippines Law Center.

Oliver is a graduate of the University of the Philippines College of Law, where he served on the Editorial Board of the Philippine Law Journal. In 2016, he was selected as a Fellow representing the Philippines for the Hong Kong University Media Law & Policy Workshop. At present, he is a professorial lecturer at the De La Salle University College of Law, the Far Eastern University Institute of Law, and the Lyceum of the Philippines College of Law.

Kama Neson “Kamesh” Ganeson is one of the most sought-after speakers and consultants with expertise in and experience spanning 30 years in quality management, enterprise risk management, business continuity and disaster recovery, information security, strategic business planning, IT service management, IT governance, crisis communication and corporate sustainability management. With considerable experience across multiple industries, he takes great pleasure in sharing knowledge, accruing value and providing practical solutions to clients that he works with. He is a certified lead auditor in BCMS, ISMS, QMS, SMS. He is also an accedited CORS, CCP and CSAP specialist. He is currently the Vice-President and Head of Total Quality Management of Megawide Construction Corporation.

Paolo graduated from the University of the Philippines Diliman with a degree in Speech Communication in 2013. He obtained his Juris Doctor from the University of the Philippines College of Law in 2017 and was admitted to the Philippine Bar in 2018. Prior to becoming an associate in January 2018, Paolo first started at the Disini Law firm as a Research Assistant in 2015, writing legal articles and doing policy work for the firm. In 2018, he officially joined Disini & Disini as an associate.

Paolo regularly handles litigation matters in the firm, and has experience in both trial litigation and appellate practice, with a specialty in cases involving electronic evidence, cyber crime litigation, software licensing, IT finance leasing, and large-scale IT projects.Paolo is also well-versed in data privacy practice, including drafting consent forms and privacy manuals, conducting Privacy Impact Assessments, and handling security breach incidents.

In addition to handling litigation and data privacy, Paolo also has experience in corporate practice, mergers and acquisitions, labor law, and tax assessment disputes.

Paolo’s recent work with the firm includes:

  • Acting as both prosecution and defense in cybercrime cases, including hacking, cyberlibel, computer-related fraud, and system interference
  • Representing clients in large-scale IT procurement projects with government agencies
  • Assisting a multinational company in settling infringement claims of a global software company
  • Assisting a virtual asset service provider duly registered with the Bangko Sentral ng Pilipinas (BSP) in recovering digital assets which were unlawfully taken by its users
  • Conducting data privacy compliance audits for an international school and for a global non-profit organization
  • Preparing privacy impact assessments in relation to processes involving online platforms
  • Creating data sharing agreements in accordance with the National Privacy Commision’s latest advisories on data sharing
  • Assisting clients in data breach reporting issues with the National Privacy Commission
  • Assisting employers in implementing retrenchment and redundancy programs due to the ongoing quarantine
  • Drafting terms and conditions and privacy policies for online e-commerce platforms

Paula obtained her Juris Doctor from the UP College of Law in 2018 and was admitted to the Philippine Bar in 2019. She currently focuses on the practice areas of Data Privacy and Technology law.

Since joining the firm, Paula has been involved in various tech and fintech projects including applications for EMI licenses, OPS registrations, and drafting opinions involving BSP regulations. She has been a part of negotiating contracts involving large software development projects, the preparation and review of licensing, software-as-a-service, white-labelling, and co-branding agreements.

Being part of the Firm’s data privacy core group, Paula has handled several data privacy compliance audit projects for various clients such as operators of online platforms and applications, retail and fast-moving consumer goods companies, and mining companies. She also regularly conducts privacy impact assessments for clients involving the roll out of new technology, purchase and implementation of third-party softwares, engagement of third party service providers, and the like.

As an associate, Paula assists in the review and drafting of technology contracts, data sharing or outsourcing agreements, and various other agreements. She also has experience in preparing due diligence reports, mergers and acquisitions, and corporate housekeeping.

She also assists in Banking and Finance, Corporation and Labor law work.

Paula obtained her bachelor’s degree in Management Engineering from the Ateneo de Manila University in 2014.

Paula’s work and projects in the firm include:

  • Handled various data privacy compliance audit projects for clients belonging in different industries such as retail, mining, telecommunications network and customer support provider, social networking platform and technology solutions providers;
  • Took the lead with the data privacy compliance audit of one of the largest e-commerce platforms in Asia, which also involved mapping and analyzing cross-border transfer of data;
  • End-to-end assistance on the EMI application of a joint venture of two of the largest shipping companies in Asia;
  • Assisted in the due diligence for the acquisition of a start-up;
  • Handled the data breach management and compliance of several clients, including the preparation of the necessary mandatory notifications and complying with further orders from the National Privacy Commission;
  • Prepared Privacy Impact Assessments for various clients, particularly for new software or technology roll-out, systems integration and implementation, and other new data processes to be adopted by the clients;
  • Handled several illegal dismissal cases;
  • Drafted various privacy policies and terms and conditions for various platforms and applications;
  • Prepared several opinions on possible data breaches and security incidents;
  • Assisted clients on cross-border data transfers, including transfers of data outside the European Union and compliance with the Schrems II decision;
  • Advised clients on compliance with the BSP regulations on EMI, VASP, money service businesses (remittance), etc.;
  • Reviewed various contracts on software development, support and maintenance, software-as-a-service, white-labelling, data sharing and data outsourcing, and other technology contracts.

Atty. Roberto Miguel O. Raneses is the Data Protection Officer of DITO Telecommunity Corporation. As the DPO, he provides guidance as to how personal data will be processed in a lawful and transparent manner.

In his previous engagement as a lawyer for a leading technology law firm, he participated in and led data privacy compliance projects for organizations in various industries. These organizations included a leading open university, a multinational BPO company, an internationally recognized business school, a multinational car manufacturer, a major FMCG manufacturer, a major bakeshop chain, and a leading independent power producer.

About the Course Providers

The course is offered by the Faculty of Management and Development Studies – UP Open University, the Digital Freedom Network and the UP Open University Foundation, Inc. as part of the project titled “Certificate Course for Data Protection Officers.”

UP Open University
Digital Freedom Network
UP Open University Foundation, Inc.

Registration

Interested participants may register online using the Online Sign-up form.

Contact

For more information, please send an email to [email protected]