Regulatory Alerts2024-06-11
M-2024-019: Reminders on the Handling of Personally Identifiable Information (PII) and Other Sensitive Data
The Bangko Sentral ng Pilipinas issued this memorandum to remind all supervised financial institutions of their obligations regarding the responsible handling of Personally Identifiable Information and other sensitive data. The regulator explicitly warns against using Robotic Process Automation and data scraping to collect login credentials or facilitate unauthorized financial transactions, citing significant risks to consumer trust and system integrity. Financial institutions are required to implement robust risk management systems, ensure compliance with the Data Privacy Act and National Privacy Commission guidelines, and maintain adequate safeguards for data processing and outsourcing arrangements.
Share