Republic
Act No. 10173 is an act protecting individual personal information and
communications systems in the government and the private sector, creating for
this purpose a national privacy commission and for other purposes.
Section
2 provides that it is the policy of the State to protect the fundamental human
right of privacy, of communication while ensuring free flow of information to
promote innovation and growth. Why? Communication is one of the basic things we
do every minute, every hour. It is a means of relating to other persons in
order to perform an act or achieve something.
In communicating, there are a number of issues or topics being tackled
and most of the time preferred to be only between two people or two parties
because of the confidentiality and security purposes. Privacy is further guarded through our
constitution because the foundation of which would lead to positive results
such as innovation and growth not only individually but also for the whole
nation.
Privacy is an
important, but the illusive concept in law. The most significant aspects of the
law are: the procedures to be followed in the collection, processing and
handling of personal information; the rights of data subjects; and the creation
of a National Privacy Commission.
In
our today’s world in information technology, privacy on personal information
has become misleading since with the right connections and good price, those
information may be given or accessed without proper consent and justification.
The said act would
greatly affect us in so many ways since nowadays, personal information are
given in creating emails or social networks which if it falls in the wrong
hands would lead to one’s destruction of his reputation. However, the act provides limitations into
the details of obtaining such personal information and how one could ensure his
protection and privacy.
SEC. 11. General
Data Privacy Principles. – The processing of personal information shall be
allowed, subject to compliance with the requirements of this Act and other laws
allowing disclosure of information to the public and adherence to the
principles of transparency, legitimate purpose and proportionality.
Personal
information must, be:
(a) Collected for
specified and legitimate purposes determined and declared before, or as soon as
reasonably practicable after collection, and later processed in a way
compatible with such declared, specified and legitimate purposes only
(b) Processed
fairly and lawfully;
(c) Accurate,
relevant and, where necessary for purposes for which it is to be used the
processing of personal information, kept up to date; inaccurate or incomplete
data must be rectified, supplemented, destroyed or their further processing
restricted;
(d) Adequate and
not excessive in relation to the purposes for which they are collected and
processed;
(e) Retained only
for as long as necessary for the fulfillment of the purposes for which the data
was obtained or for the establishment, exercise or defense of legal claims, or
for legitimate business purposes, or as provided by law; and
(f) Kept in a form
which permits identification of data subjects for no longer than is necessary
for the purposes for which the data were collected and processed: Provided,
That personal information collected for other purposes may lie processed
for historical, statistical or scientific purposes, and in cases laid down in
law may be stored for longer periods: Provided, further, That adequate
safeguards are guaranteed by said laws authorizing their processing.
The personal
information controller must ensure implementation of personal information
processing principles set out herein.
This section shows
that the act sets its boundaries by ascertaining the purposes, specifications
and periods to avoid any abuse of access and authority over one’s information.
This should be guarded at all times so that one could really maximize the
advantages of this act and still performing its role for the development of
information technology system otherwise it may curtail one’s growth.
Moreover, there
has been a number of advantages which the new act should impact both the
government and the private sector. The
new Data Privacy law is expected to strengthen the country's booming
Information Technology-Business Process Outsourcing (IT-BPO) industry, as it
makes Philippine legislation in line with international data privacy standards.
The measure will allow the industry to expand in other segments such as
healthcare and HR outsourcing.
The country’s
IT-BPO industry generated $11 billion in revenues in 2011 and employed
approximately 640,000 direct employees. Probably, with the data security
provisions in the recently signed Data Privacy Act will have a significant
impact on the country’s outsourcing industry, which in turn helps more
potential clients and partners. It puts in place measures to protect and
preserve the integrity, security and confidentiality of personal data collected
by government and private entities in their operations.
From a technical
perspective it will encourage companies in our sector to strengthen existing
security protocols and further deter any attempts at data theft. More likely, this is the best practice in the
IT-BPO industry that will ensure that the Philippines remains competitive and in
fact leads breakthrough initiatives for the industry.
Another advantage would be that the new law penalizes the unauthorized
disclosure of personal information. It protects journalists and publishers, as
they will not be compelled to reveal the source of a news report.
It provides for the creation of a National Privacy Commission that will
monitor and ensure compliance of the country with international standards for
data protection. The commission will implement the law, receive complaints,
issue cease-and-desist orders, compel entities to abide by its orders and
monitor compliance, and enforce policies that balance the right of the private
person to privacy.
The passage of RA 10173 is expected to boost investment in the fast-growing
information technology and business process outsourcing (IT-BPO) industries.
Hailing its enactment, the Business Processing Association of the Philippines
said the new law brings the Philippines to international standards of privacy
protection as much of IT-BPO work involves confidential personal and company
information of local and foreign clients.
Also,
The Data Privacy Act provides penalties against those in government who release
information of a personal nature. Unauthorized
processing of personal data shall be imprisoned for one year to three years and
a fine of not less than P 500,000 but not more than P 2 million. The P2 million
penalties will be slapped against persons who get personal data without
consent.
On the
other hand, the Data Privacy Act, Teodoro said, has an impact on the media. If
a journalist writes about the private life of a politician even if the details
have something to do with the performance of his or her duties, the journalist
could be penalized. Teorodo feared that the law might be used against
journalists covering the upcoming elections. Teodoro said the passage of these laws “may
open the floodgates to other forms of restrictions to press freedom and other
civil liberties.”
Lastly, regards to public interest, earlier there had been concerns that
the measure will go against the right of the public to information and privacy.
But Angara said the framers of the Data Privacy Act had gone to great lengths
to ensure that will not happen. “We refined the measure further so that it
cannot be used to curtail the flow of information that may be of public
interest, without infringing on an individual’s right to privacy,” Angara said.
“No less than our Constitution upholds press freedom and the media’s
function of responsible reporting,” Angara said as he dispelled the impression
that the measure will threaten the freedom of the media in the country.
The Data Privacy Act, however is just one of three-inter-related measures
proposed by the Senate Commmission on Science and Technology (COMSTE) to usher
in an IT revolution in the country.
Truly, there may
be different perspectives on this act but I think it is yet to be identified
and proven the effect of this act because it is too early to determine its true
advantages and disadvantages since it just have been approved. The burden lies with the application and
implementation where it would be more of the government’s responsibility of
disseminating and explaining the real purpose and intent of such act in order
to really affect growth and promote innovation for the purpose of nation
building.
Hence, the
question remains how does this act truly impact my situation as of this time? I
would say that this act would be an advantage on my part. Communication is a big part of my job and
privacy, security and integrity is often required. My responsibility in my work concerns with
the operations and it would be beneficial on my part to fully understand and
analyze the data or information especially the requirements of my work
especially with the procedures to be followed in the collection, processing and
handling of personal information. Also,
to be aware of the limitations the government or any of its officer in
requiring the giving of personal information and to strengthen tone of the
fundamental policies of the state specifically with right of privacy and
communication.
Sources:
New data privacy law to boost IT-BPO industry; http://breaking-newztrends.blogspot.com/2012/08/new-data-privacy-law-to-boost-it-bpo.html
Data privacy act
to strengthen security protocols; http://agora.ph/recent.php?id=771
http://gulfnews.com/news/world/philippines/aquino-signs-law-protecting-confidentiality-of-private-information-1.1065440
