The financial technology industry is constantly facing waves of change and growth. Emerging technologies such as big data, artificial intelligence, and machine learning could have the potential to drive further innovation and to improve financial inclusion in developing countries like the Philippines.
Data from the World Bank showed that in 2017, only 34.6% of Filipinos have formal and registered bank accounts. By 2023, The Bangko Sentral ng Pilipinas (BSP) aims to increase the percentage to 70%. In a country like the Philippines where the majority of unbanked adults own a mobile phone, Fintech presents the avenue for them to gain access to financial services.
The role of fintech in financial inclusion
In order to provide financial services, fintech companies collect the data of their customers such as name, date of birth, address, gender, nationality, PINs, passwords, social security details, bank account details, and more. Recently, they’ve also begun drawing information from non-traditional sources such as alternative data. These include web browser history, behavior on social media platforms (their posts, interactions, and response to certain issues), and psychological profiles.
Alternative data is rising in popularity because it provides information about an individual that cannot be captured by traditional methods. It helps banks, lenders, and financial institutions determine the creditworthiness of an individual. For instance, if a certain user uses their virtual wallet to pay monthly bills before the due date, it’s a clear indication of their ability to repay loans on time.
However, extensive and aggressive data collection introduces numerous security and privacy issues. For one, it raises questions as to whether people are aware that companies are harvesting their online behavioral data. Fintech companies also become attractive targets for cybercriminals due to their collection of valuable personal information.
This is where the PH Data Privacy Act of 2012 (DPA) comes into play to protect Fintech companies, the businesses they cater to, and the customers of said businesses.
How does the PH Data Privacy Act Affect Fintech Companies?
Despite the rising importance of Fintech, relevant regulatory structures also exist to manage risks and at times, create a patchwork of legal barriers that impose various obligations on firms. These sectorial laws and regulations are applicable across areas such as privacy, cybersecurity, and information security.
The Data Privacy Act of 2012 was passed in the Philippines to safeguard the basic right of individuals to their privacy, while also ensuring the free flow of information.
The DPA fundamentally applies to any organization that collects and uses personal and confidential information. Since Fintech companies handle their customers’ personal information, their activities are covered by the DPA’s provisions. Generally, the law mandates that any Fintech or credit scoring company in the Philippines, as processors and controllers of confidential personal information, should observe their clients’ data privacy rights and adhere to data privacy’s general principles.
In particular, these are the five key areas where Fintech companies are affected by the provisions of the DPA:
- Consent: Fintech companies should obtain a customer’s explicit consent when processing personal information.
- Right to be Forgotten: Individuals have the right to remove or destroy their data, especially if unlawfully obtained and used for unauthorized purposes.
- Notification and Registration of Processes that Require Automated Decision-Making: Fintech companies must notify the National Privacy Commission (NPC) when utilizing automated decision-making processes.
- Appointment of a DPO: Fintech companies must appoint a data protection officer (DPO) to monitor and ensure compliance with the DPA.
- Data Breach Notification: Fintech companies should notify the NPC within 72 hours if a breach has occurred, especially if the breach poses risks of serious harm to clients.
DPA Compliance is a challenge, but it’s a must
Complying with the DPA is certainly a challenge for fintech companies but compliance also provides a competitive advantage for those who oblige. Compliance with the DPA builds trust by showing consumers that their personal data is protected at all times, which also enables companies to win and retain clients. When one looks at it this way, compliance is not only a responsibility or an obligation — it becomes a selling point that can result in increased sales and profit.
How FinScore Complies with the Provisions of DPA in the Philippines
“In FinScore, we ensure that the data of telco subscribers that we use for credit risk assessment is protected,” says Faye Natividad, Data Privacy Officer (DPO) of FinScore. “We continue to build trust with our clients by providing visibility and transparency into how the data is used.”
FinScore is committed to complying with all regulations provided by the Data Privacy Act in the Philippines by ensuring that partner financial institutions (FIs) capture consent from telco subscribers and perform regular consent audits.
Also, telco subscribers have full control of whether they would like their data to be processed by the FI or its partners. FinScore follows an “opt-out process”, shared with all key partners that enable them to opt-out subscribers.
For more information and enquiries about the Data Privacy Act’s impact on fintech companies and FinScore’s compliance with DPA provisions, contact us today.