Cybercrimes and Data Privacy Act

Column box-Dennis Gorecho-Kuwentong Kulê

The cyberspace is a boon to the need of the current generation for greater information and facility of communication.

It is a system that accommodates millions and billions of simultaneous and ongoing individual accesses to and uses of the Internet.

But all is not well with the system since it could not filter out a number of persons of ill will who would want to use cyberspace technology for mischiefs and crimes.

The Supreme Court noted in the case of Disini  v.  Secretary of Justice  (GR 203335 February 11, 2014) that there are also those ill-motivated who can use the cyberspace, like vandals, to wreak or cause havoc by sending electronic viruses or virtual dynamites that destroy those computer systems, networks, programs, and memories.

Cybercrime is criminal activity that either targets or uses a computer, a computer network or a networked device.

Cybercriminals or hackers who want to make money commit most of the cybercrime. However, occasionally, cybercrime aims to damage computers or networks for reasons other than profit. These could be political or personal.

Episode 15 of Extraordinary Attorney Woo series of Netflix involved a case of spear phishing wherein the personal data of around 80 percent of Korean citizens have been stolen from Raon, an online shopping site’s database.

Raon’s computer system was targeted by the malware attack undetectable by anti-malware software because of its format being in a .doc file.

The company is facing a 300 billion won surcharge due to their failure to safeguard the personal data of customers.   

The culprit later turned out to be the son of the Chief Executive Officer (CEO) of Taesan law office, which is the rival of Attorney-Woo’s Handaba law firm.

This episode essentially is the scenario used during the workshop of the recent conference organized by the National Association of Data Protection Officers of the Philippines (NADPOP).

“As the world emerges from the pandemic, the incidence of data breaches and cybercrimes will continue to increase as most businesses and individuals were forced to go online,” Sam Jacoba, NADPOP Founding President, said as he called on the public and private sectors to work together to uplift the Data Protection profession in the Philippines.

Republic Act 10173 or the Data Privacy Act was passed  in 2012 that aimed to “(1) protect the privacy of individuals while ensuring free flow of information to promote innovation and growth; (2) regulate the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of personal data.

The act states that the collection of personal data “must be a declared, specified, and legitimate purpose” and further provides that consent is required prior to the collection of all personal data.

The law requires a data breach notification within 72 hours upon knowledge of the breach or reasonable belief that it has occurred to the National Privacy Commission  and the data subject.

The notification is generally required when the breach involves sensitive personal information or any other information that may be used to enable identity fraud; this information has been acquired by an unauthorized person; and the acquisition is likely to give rise to a real risk of serious harm to the affected data subject.

The law provides for criminal sanctions for violations of its provisions composed of fines ranging from P100,000 to P5,000,000 (about $2,400 to $123,450) and/or imprisonment ranging from 6 months up to 7 years.

Separate counts exist for unauthorized processing, processing for unauthorized purposes, negligent access, improper disposal, unauthorized access or intentional breach, concealment of breach involving sensitive personal information, unauthorized disclosure, and malicious disclosure.

Individuals or “any aggrieved party” may also file civil actions for restitution in court based on the general provisions of the Civil Code (in particular, parties may invoke “abuse of rights” provisions, meddling in privacy and/or quasi-delicts provisions).

The NPC has recently set a ceiling of P5 million on fines imposed on data privacy violators.

Specifically, an administrative fine may be imposed based on the annual gross income of entities like the personal information controllers or personal information processors  within the range of 0.25 percent to 3 percent for grave violations and 0.25 percent to 2 percent for major violations.

Atty. Dennis R. Gorecho heads the seafarers’ division of the Sapalo Velez Bundang Bulilan law offices. For comments, e-mail info@sapalovelez.com, or call 0917-5025808 or 0908-8665786.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Article

PNP, South Korea collaborate for crime prevention

Next Article

‘Gaslighting’ chosen as word of the year

Related Posts

Read more

ROI and COI: A tale of two metrics

MOST of us are familiar with the term “return on investment,” or ROI, a metric that helps us understand the profitability of an investment. ROI is the ratio of net income (over a period) to investment (costs of investing a resource at a certain point in time). A high ROI means the investment has made significant gains compared to its cost.

Column box-Al Mendoza-Full Tank
Read more

TMP’s different brand of CSR

THIS is a different kind of corporate social responsibility (CSR). With Toyota Motor Philippines (TMP) becoming a chief partner of the FIBA (World Basketball Federation), Toyota will play a hugely significant role in the country’s hosting of the World Cup in August-September that features the Top 16 basketball powers in the world.

Read more

How to kill PHL’s coconut industry

For the longest time, Federation of Philippine Industries Chairman Dr. Jesus L. Arranza has been fighting smuggling and other illicit trade that threaten local industries. Recently, he sent a letter to President Marcos expressing grave concern over the alleged illegal use of imported palm olein, which threatens the country’s coconut industry.