Aquino signs Data Privacy law

It seeks to make the Philippines compliant with international data security standards to attract investors in the BPO industry

MANILA, Philippines – President Benigno Aquino III has signed into law a measure that penalizes unauthorized disclosure of personal information collected by the government and the private sector.

Republic Act 10173, or the Data Privacy Act of 2012, seeks to make the Philippines compliant with international data security standards to attract investors in the Information Technology and Business Process Outsourcing (IT-BPO) industry. It was signed on August 15.

The BPO has been pushing for this law amid concerns about the confidentiality of their data.

“This Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines,” reads Section 4 of the new law.

Personal information is defined as “information – whether recorded in a material form or not – from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.”

The long title of the bill is: “An Act protecting individual personal informatino in Information and Communications Systems in the Government and the Private Sector, Creating for this purpose a national privacy commission, and for other purposes.”

Penalties for unauthorized use of personal and sensitive information could result in up to 6 years imprisonment and P4-million in fine. If the offender is a government employee, he or she could be barred from occupying government positions.

Make the web safe

The bill’s proponent, Sen Edgardo Angara, said it will make sure the Web remains safe. “By establishing such a policy framework, we actually protect Internet freedoms while making sure the Web remains safe. In this way, we reduce the risk for true harm to be inflicted and heighten the opportunity for our digital space to be a truly productive and collaborative venue,” according to a March 20 of Senate Edgardo Angara, issued after the Senate passed the measure.

The measure was patterned from the European Parliament and Council’s Directive 95/46/EC and Asia Pacific Economic Cooperation’s (APEC) Information Privacy Framework standard, Angara said.

The new law creates the National Privacy Commission under the Department of Information and Communications Technology (DICT). “Generally, the commission will be mandated to enforce policies that balance the right of the private person to privacy with the need to speed up the utilization of the Internet,” Angara said in March 20, after the Senate passed the bill on 3rd and final reading.

The media previously opposed the measure because of concerns it will also sanction journalists who divulge confidential information.

Angara addressed this by adding provisions that personal information processed for journalistic purposes are not within the scope of the bill. The measure also upholds Republic Act 53, which exempts the publisher, editor, or reporter of any publication from revealing the source of published news or information obtained in confidence.

Section 5 of the law reads:Nothing in this Act shall be construed as to have amended or repealed the provisions of Republic Act No. 53, which affords the publishers, editors or duly accredited reporters of any newspaper, magazine or periodical of general circulation protection from being compelled to reveal the source of any news report or information appearing in said publication which was related in any confidence to such publisher, editor, or reporter.”  –