December 2, 2022

The city government has to be cautious in handling private information it gathers from the public especially now that residents are required to register in the Baguio in my Pocket (BIMP) app when transacting at City Hall, an official of the National Privacy Commission (NPC) said.
In a Zoom conference with the city council on Feb. 1, lawyer Ana Carmela Reblora of the NPC said that while there is no exact list detailing what information may only be obtained from individuals registering on certain platforms, she said entities collecting data should follow the NPC’s principles of data collection: legitimacy, proportionality, and transparency.
In the case of the BIMP, she said City Hall should follow the principle on proportionality – meaning only vital information necessary for the purpose by which registration is mandated should be obtained.
In the BIMP, other information being asked are ethnicity, name of parents, religion, tenureship, blood type, date of birth of parents, apart from name, address, date of birth, and contact number of the registrant.
Reblora said prior to data collection, the collecting entity should first conform with the five pillars of data privacy compliance: appointment of a data protection officer; conduct of privacy impact assessment to assess capabilities, threats and risks; prepare a privacy management program; implement data privacy governance to carry out identified security measures; and prepare protocols on data breach.
In the case of City Hall, Councilor Betty Lourdes Tabanda, chair of the committee on laws, said the committee will review the process being implemented by Information Technology Business Solutions (ITBS), the company implementing the BIMP.
The committee will also recommend the appointment of a data protection officer.
She also said the committee will reiterate an earlier resolution of the city council asking ITBS that only primary information such as name, address, and cellphone number should be obtained from registrants.
Tabanda said ITBS continues to use the old registration format despite the council resolution.
The city council is conducting an inquiry into the mandatory online registration system implemented by the City Mayor’s Office at City Hall after several citizens have complained too much information being asked from them.
Reblora said there should be a law or ordinance allowing certain entities to obtain information from individuals. She said the law or ordinance should be anchored on the Data Privacy Act, which spells out how data will be processed, stored, and explains why it is collecting certain information from individuals.
She added, the Data Privacy Act of 2012 mandates local government units, organizations, government-owned and controlled corporations, business enterprises or any entity collecting data to have a data protection officer, duly registered with the NPC.
Meanwhile, the city council passed a resolution requesting the executive department to consider making the BIMP registration optional.
Councilor Arthur Allad-iw, main author of the resolution, said the abrupt implementation of the mandatory BIMP registration at the City Hall is disadvantageous to a number of people.
Allad-iw said inconveniences such as nonfamiliarity to technology and long queues at the registration area have prevented some people from entering the City Hall resulting in non-completion of or delayed transactions.
While recognizing the “noble” purpose of the program, Allad-iw said residents who intend to enter City Hall should not be compelled to go through the registration process so as not to disrupt their transactions.
“The BIMP should be a continuing program of the city where residents are well-informed of its benefits so that people are encouraged to register,” Allad-iw said. – Rimaliza A. Opiña with reports from Jordan Habbiling