Manila: The Department of Information and Communications Technology (DICT) has announced that the signing of Executive Order (EO) 119 signifies a significant step for the Philippines in enhancing government data protection while establishing a more predictable environment for investments in the digital infrastructure sector.
According to Philippines News Agency, EO 119, titled "Updating the Government Data Classification, Establishing a Data Residency Framework, and for Other Purposes," modernizes a data classification policy that has been in effect since 1964. This policy was initially introduced during a time when data management was mainly paper-based, under Memorandum Circular No. 78.
The DICT crafted the new framework following extensive consultations with over 50 stakeholders. These consultations included various national government agencies, government security entities, privacy regulators, foreign business chambers, and digital service providers. Additionally, the DICT reviewed 18 formal position papers to refine and tailor the policy effectively.
EO 119 categorizes government data based on its sensitivity, with specific storage and protection requirements. The order mandates that top secret and secret data be stored within Philippine territory, including Philippine embassies and consulates. Confidential data is generally required to remain within the Philippines but may be stored or processed abroad with the necessary approvals and safeguards. Restricted and open access data can be hosted on secure cloud platforms, provided that encryption, cybersecurity measures, and international standards are adhered to.
The order specifically pertains to government data and does not extend to private sector or commercial data. For effective implementation, EO 119 establishes a Joint Oversight Committee for Data Classification. This committee will be co-chaired by the DICT and the National Security Council and include participation from several other governmental bodies such as the DILG, National Intelligence Coordinating Agency, Department of Foreign Affairs, National Privacy Commission, Philippine Statistics Authority, and National Archives of the Philippines.
The committee is tasked with issuing implementing guidelines within 120 days from the EO's effectivity. Government agencies will have a three-year transition period. During the first year, they will focus on data inventories, capacity-building, and initial classifications. The second year will target full compliance for top secret and secret data, while the third year will aim for full compliance with all other data classifications.