Opinion > Columns
Transparency by design

THERE is such a thing as 'privacy by design' (PBD) in the National Privacy Commission (NPC) Advisory 2017-01, concerning the designation of data protection officers (DPO). It defines PBD as 'an approach to the development and implementation of projects, programs and processes that integrates into the latter's design or structure safeguards that are necessary to protect and promote privacy such as appropriate organizational, technical and policy measures.' It simply means that the design of the privacy measures to protect the personal information under the custody of a government agency or private company should be first planned thoroughly before embedding it in its related data processing system. Unfortunately, the privacy measures and organizational policies and procedures in place at the time when the Commission on Elections (Comelec) was hacked a few weeks before the 2016 national and local elections (NLE) failed. Hence, the NPC filed a case against the agency for violating Republic Act 10173 or the Data Privacy Act of 2012 — Comelec had failed to designate a DPO in their office and did not report the hacking incident within 72 hours! Anyhow, our topic today is not about the alleged second Comelec hacking incident this month as this was already discussed last week. The topic instead is in parallel with the term PBD, and it is called 'transparency by design' (TBD) in our Automated Election System (AES) Law or RA 9369.

What is TBD? In the research conducted by Janssen et al. (2017) titled 'Transparency-by-design as a foundation for open government,' the findings revealed that: 'To successfully achieve open government, fundamental changes in practice and new research on governments as open systems are needed. In particular, the creation of 'transparency-by-design' is a key aspect in which transparency is a key system development requirement, and the systems ensure that data are disclosed to the public for creating transparency. Although transparency-by-design is an intuitive concept, more research is needed in what constitutes information and communication technology-mediated transparency (ICT) and how it can be realized.' To support their theory re transparent ICT, Cappelli (2009) argues, 'for both public and private contexts, transparency establishes a set of aspects that suggest the existence of policies, procedures and technologies to provide not only access, but also use, quality, understanding and auditability of processes and information...' Cappelli further argues that transparency is operationalized through traceability, which he defined as 'the quality of following, discover[ing], or ascertain[ing] the course of development of something...to satisfice the characteristic of auditability.' The operationalization of system transparency, therefore, must start at the design phase — 'transparency by design.' Such a concept is similar to 'privacy by design' wherein the take-off point starts with the system development — the design phase of any project undertaking.