Last end of August 2016, the National Privacy Commission released the implementing rules for the Data Privacy Act of 2012, more than two years after the law was signed by former President Benigno S. Aquino III.
This piece of legislation sounds daunting and very high tech, but do you know that with information now massively digitized, the overwhelming use of computer systems and the intense cyber culture of millions of people globally pose a real and present threat to one’s right against unauthorized use of personal information?
Easy access to personal information
WE access, share and exchange data like there is no tomorrow—from name, residential or business addresses, phone numbers, credit card, past and current employment, places we frequent, and we constantly download and use voluminous documents via the Internet. Companies store and process data about all kinds of records, including that of their employees, contractors,
suppliers and customers, not to mention proprietary and commercially sensitive matters. Very important documents are held by those operating in the health, insurance, banks, retail or marketing, business-process outsourcing and education sectors. Even government agencies are overly deluged with information in their systems, as well.
Privacy protected by the Constitution and laws
The right to privacy is so important. It is firmly rooted in our Constitution and other important laws, such as the Revised Penal Code, Civil Code and other special laws. In our Constitution, this is enshrined in the Bill of Rights, particularly in those sections pertaining to the right of people to be secure in their persons, houses and effects, the inviolability of privacy of communication and correspondence together with the noncompulsion for one to be a witness against himself.
The Revised Penal Code, on the other hand, provides for nonviolation of secrets. The Civil Code respects the dignity, privacy and peace of each individual, while laws that tackle bank secrecy and antiwire- tapping, likewise, ensure aforementioned safeguards.
Global respect for privacy rights
Other countries have their own data-privacy legislation, and we see this phenomenon growing across different jurisdictions given the superhighway traffic of information dissemination.
In order for our country to comply with international standards on data protection, the Philippine Data Privacy Act was passed in 2012 to protect the state’s policy to protect the human right to privacy and of communication while ensuring the free flow of information to promote innovation and growth. Its implementing rules concretize the basic principles of data privacy into three: transparency, legitimate purpose and proportionality.
Consequences when privacy is violated
Penalties for violating the law include fines and/or imprisonment for the following offenses: 1) unauthorized processing of personal information and sensitive information; 2) unauthorized processing per se and those due to negligence; 3) improper disposal of personal and sensitive information; 4) unauthorized access or intentional breach; 5) concealment of security breaches; and 6) unauthorized and malicious disclosures, among others.
Central to this law is the role of the data processor, who should avoid the unauthorized use of personal information. Consent is required prior to the collection and processing of personal data. This is subject to exceptions, such as national emergency, public order and security, or when a public authority fulfills its functions. However, the overriding principle is the fundamental rights and freedoms of the data subject under the Constitution.
There will surely be hurdles in implementing the same. Compliance will be ultimately connected to how the principles of transparency, legitimacy and proportionality are practiced and interpreted. Different facts would entail a different take. The Data Privacy Commission, the courts and the legislators’ interphase and actions shall be most critical in terms of making the goals of this law reachable and realizable.
The challenge starts now.