The Philippine Insurance Commission (IC) and the National Privacy Commission (NPC) have signed a Memorandum of Agreement (MOA) to strengthen data privacy safeguards within the insurance industry and other regulated sectors such as pre-need companies and health maintenance organisations (HMOs).
The partnership focuses on promoting the use of privacy-enhancing technologies (PETs) to enhance compliance with the Data Privacy Act (DPA).
PETs are technologies that ensure secure data processing by reducing the risk of exposing sensitive or personal information. Their use is becoming increasingly important in industries like insurance, which routinely handle large volumes of customer data.
Insurance Commissioner Reynaldo A. Regalado highlighted the necessity of modern privacy tools during the signing ceremony.
“The insurance industry processes vast amounts of personal data daily through activities such as policy underwriting, claims processing, and customer service transactions,” he said.
He said the Insurance Commission was committed to strengthening privacy measures to protect consumer information and uphold the integrity of the insurance industry.
Under the agreement, the IC and NPC will collaborate on creating specific guidelines for the implementation of PETs across the insurance sector. These guidelines will be crafted to align with the requirements of the DPA and other relevant regulations.
The two agencies will also work closely with stakeholders to ensure that the guidelines address the specific operational needs of the insurance, pre-need, and HMO industries.
NPC commissioner John Henry D. Naga described the partnership as a step toward improving data privacy standards.
“Through this agreement, the NPC and the Insurance Commission will take further steps in developing relevant policies and standards to strengthen privacy-preserving practices, such as the adoption of privacy enhancing technologies (PETs) in the insurance industry in the Philippines – another breakthrough in our pursuit of strengthening the country’s culture of privacy,” he said.
The MOA includes provisions for monitoring compliance with privacy guidelines through joint audits and periodic reporting.
To further support the industry, the IC and NPC will offer training programs designed to help insurance companies adopt PETs effectively and remain compliant with data protection laws.
The Philippine insurance industry’s focus on enhancing data privacy brought to light a significant rise in cyberattacks that businesses faced last year.
According to cybersecurity firm Fortinet’s report, the surge was attributed to the increasing availability of ransomware tools to cybercriminals. The survey found that 60% of businesses in the country encountered a sharp rise in cyberthreats in 2023.
Rashish Pandey, Fortinet’s vice president for marketing and communications for Asia, Australia, and New Zealand, noted that ransomware has evolved into a lucrative and organized enterprise.
Industries such as manufacturing, hospitality, retail, healthcare, and telecommunications were heavily targeted. These sectors are particularly vulnerable because operational disruptions can result in significant financial losses or critical service interruptions. In healthcare, the stakes are even higher, as ransomware attacks could directly impact patient care and safety.
In one notable case last year, the Philippine Health Insurance Corporation (PhilHealth) reported a data breach that exposed employee information, drawing attention to the country’s growing cybersecurity challenges.
