Articles Data Privacy

DILG Released a Draft Circular Requiring CCTV Systems in Business Establishments for Issuance of Business Permits

by

The Department of Interior and Local Government (DILG) released on Nov. 15, 2021 a Draft Memorandum Circular (MC) seeking to amend DILG Memorandum Circular No. 2014-119 which directs cities and capital towns to require the installation of Closed Circuit Televisions (CCTV) in certain business establishments to support the maintenance of peace and order and public safety.

 

Citing Local Government Units’ (LGU) power under the General Welfare Clause in the Local Government Code of 1991 with regard to maintenance of peace and order and the preservation of the comfort and convenience of their respective inhabitants, as well as the requirement that banks install CCTV systems, the DILG issued the Draft MC with the purpose of reviewing and revisiting the existing rules and regulations regarding the CCTV systems and the data it collects to make sure those are consistent with the progress in technology and to address the growing privacy concerns through the years. The Draft MC also seeks to encourage Local Sanggunians to enact an ordinance for the prescription of CCTV Systems as a requirement for the issuance of business permits, and to encourage City/Municipal Peace and Order Council Chairpersons to prioritize the inclusion of Programs, Projects, and Activities (PPAs) in relation to the guidelines prescribed by the Draft MC in their Peace and Order and Public Safety Plans.

 

Under the Draft MC, Cities and Capital towns are encouraged to enact an ordinance prescribing the installation of CCTV Systems as a requirement to the issuance of Business Permits to establishments that cater to a large number of customers or conduct transactions and operations which carry risks of being targeted by criminal activity and are prone to accidents, natural disasters, and other unforeseen incidents. These establishments include:

  • Financial establishments such as Banks, pawnshops, money lenders, money remittance services, money changers, and others with similar transactions.

  • Business establishments that are part of a national chain or have several branches in other parts of the country such as restaurants/fast-food chains, convenience stores, grocery stores, drug stores, etc.

  • Shopping malls, shopping centers, supermarkets, wet markets or palengke, and other similar establishments.

  • Hospitals, laboratories, clinics, and other medical facilities.

  • Theaters, movie houses, Perya, arcades, internet cafes, and other places of entertainment that draw in a considerable number of customers.

  • Airports, ports, public transportation terminals, parking lots, and other similar establishments that cater to a large number of vehicles.

  • Car dealerships, gasoline/fuel stations, vehicle maintenance/service stations.

  • Other business establishments that may be deemed necessary by the LGU considering the factors mentioned above.


Further, the Draft MC states that ordinances must also contain the following provisions on privacy: 

  • Establishments covered shall strictly comply with the National Privacy Commission’s guidelines on the use of CCTV Systems, as detailed in NPC Advisory no. 2020-04.

  • Video footage obtained through the CCTV Systems shall be retained for a maximum period of three (3) weeks in order to allow investigating authorities to properly retrieve and prepare back-ups of the data relevant to any incidents that occur. Upon exceeding the prescribed period, video footage shall be permanently deleted from the system and all existing forms of back-up.


In connection with the abovementioned 3 week retention period, the Cybercrime Prevention Act of 2012 mandates that the “integrity of traffic data and subscriber information shall be kept, retained and preserved by a service provider for a minimum period of six (6) months from the date of the transaction. Content data shall be similarly preserved for six (6) months from the date of receipt of the order from law enforcement authorities requiring its preservation.” As further provided in the law, a service provider “refers to (1) Any public or private entity that provides to users of its service the ability to communicate by means of a computer system; and (2) Any other entity that processes or stores computer data on behalf of such communication service or users of such service.” Communication under said law is defined as “the transmission of information through ICT [information and communications technology]  media, including voice, video and other forms of data.” 


Based on the aforementioned provisions, the establishments under the Draft MC which provides to users of its service the ability to transmit information through ICT media by means of a computer system, and such establishments which stores computer data on behalf of such service which transmits information through ICT media or users of such communication service are deemed to be under the provision of the Cybercrime Prevention Act and must comply with the 6 month retention period instead and not with the provisions in the Draft MC. 


The Draft MC also provides that ordinances are further subjected to the following requirements:

  • Provide for appropriate actions/sanctions for non-compliance;

  • Should not specify any particular brand/model, manufacturer, supplier, or distributor, except for the minimum specifications provided herein;

  • In case that existing CCTV systems installed by covered do not meet the specifications contained in the Ordinances enacted or updated in compliance with this MC, the establishments should be allowed a 3-year depreciation period of their previously purchased equipment before being required to install the equipment with the recommended specifications.


For further details, the Draft MC can be accessed here.

 

-32

Post a Comment