CPA services needed in data privacy
- Wilma Miranda
- 10 hours ago
- 2 min read
LAST Dec. 5, 2025, our firm, Inventor, Miranda & Associates, in cooperation with the Picpa Publication & Media Relations Committee and Picpa Negros Occidental Chapter, held a webinar on the role of certified public accountant (CPAs) in privacy compliance. Our resource speaker, Severino “Dino” Landingin, is a data privacy expert with over 20 years of professional experience and a New York-based senior practice advisor at RSC Management Group. Acpapp President Faustino “Jun” Ravalo was the reactor.
There is a misconception, especially among small practitioners, that data privacy applies only to large corporations. That is not true. In fact, there are huge opportunities out there for CPAs in big, medium and small firms, especially abroad. With technology, we do not even have to leave our country and can provide it remotely.
There is a lack of training, however, especially among small- or medium-sized firms on providing such services. CPAs must help ensure privacy compliance within their clients or potential clients’ organizations and see practical approaches aligned with data protection laws and regulatory standards. To be able to do this, one must be trained. Every company should also have trained staff and officers to protect the data and information of their organizations.
Landingin is willing to provide a free work session to those who are interested in building a privacy program in their companies or improving an existing one, including an assessment of their current state. He can also recommend a privacy implementation road map. This is not only within the Philippines, but even outside the country.
Filipino CPAs should be updated on privacy regulations as these are constantly evolving and increasing in complexity. Currently, an estimated 150 countries have privacy laws with GDPR-like provisions. The Philippines, in particular, has Data Privacy Act. GDPR stands for General Data Protection Regulation, a law in Europe that oversees the collection, processing and protection of personal data.
CPAs have inherent skills, including in audit methodology, internal controls testing and regulatory compliance that are highly valuable and effective in managing privacy risks. These experiences and skills can be applied in services to clients through privacy impact assessment, independent attestation (e.g., SOC 2, or System and Organization Controls 2), third-party risk management, regulatory change management, reriodic risk assessment and privacy internal audit. These are the areas where CPAs in public practice can be effective.
The opportunities and the roles that CPAs can assume are endless. With the evolving technology, there has been also a rise in cyber thefts. Therefore, there is an increasing need to protect data and personal information. Data privacy protection is not only another set of services that CPAs can provide but also a mission to help protect companies from those who abuse the use of technology to access sensitive information.
-------------------------------------------------------------------------------------------------------------------------
Wilma Miranda is the Acpapp liason director for media relations, managing partner of Inventor, Miranda & Associates CPAs, member of the board of directors and former head of business development of KPS Outsourcing Inc.
Comments