Republic Act No. 10173 is an act protecting individual personal information and communications systems in the government and the private sector, creating for this purpose a national privacy commission and for other purposes.

Section 2 provides that it is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. Why? Communication is one of the basic things we do every minute, every hour. It is a means of relating to other persons in order to perform an act or achieve something. In communicating, there are a number of issues or topics being tackled and most of the time preferred to be only between two people or two parties because of the confidentiality and security purposes. Privacy is further guarded through our constitution because the foundation of which would lead to positive results such as innovation and growth not only individually but also for the whole nation.

Privacy is an important, but the illusive concept in law. The most significant aspects of the law are: the procedures to be followed in the collection, processing and handling of personal information; the rights of data subjects; and the creation of a National Privacy Commission.

In our today’s world in information technology, privacy on personal information has become misleading since with the right connections and good price, those information may be given or accessed without proper consent and justification.

The said act would greatly affect us in so many ways since nowadays, personal information are given in creating emails or social networks which if it falls in the wrong hands would lead to one’s destruction of his reputation. However, the act provides limitations into the details of obtaining such personal information and how one could ensure his protection and privacy.

SEC. 11. General Data Privacy Principles. – The processing of personal information shall be allowed, subject to compliance with the requirements of this Act and other laws allowing disclosure of information to the public and adherence to the principles of transparency, legitimate purpose and proportionality.

Personal information must, be:

(a) Collected for specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection, and later processed in a way compatible with such declared, specified and legitimate purposes only

(b) Processed fairly and lawfully;

(c) Accurate, relevant and, where necessary for purposes for which it is to be used the processing of personal information, kept up to date; inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted;

(d) Adequate and not excessive in relation to the purposes for which they are collected and processed;

(e) Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law; and

(f) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed: Provided, That personal information collected for other purposes may lie processed for historical, statistical or scientific purposes, and in cases laid down in law may be stored for longer periods: Provided, further, That adequate safeguards are guaranteed by said laws authorizing their processing.

The personal information controller must ensure implementation of personal information processing principles set out herein.

This section shows that the act sets its boundaries by ascertaining the purposes, specifications and periods to avoid any abuse of access and authority over one’s information. This should be guarded at all times so that one could really maximize the advantages of this act and still performing its role for the development of information technology system otherwise it may curtail one’s growth.

Moreover, there has been a number of advantages which the new act should impact both the government and the private sector. The new Data Privacy law is expected to strengthen the country's booming Information Technology-Business Process Outsourcing (IT-BPO) industry, as it makes Philippine legislation in line with international data privacy standards. The measure will allow the industry to expand in other segments such as healthcare and HR outsourcing.

The country’s IT-BPO industry generated $11 billion in revenues in 2011 and employed approximately 640,000 direct employees. Probably, with the data security provisions in the recently signed Data Privacy Act will have a significant impact on the country’s outsourcing industry, which in turn helps more potential clients and partners. It puts in place measures to protect and preserve the integrity, security and confidentiality of personal data collected by government and private entities in their operations.

From a technical perspective it will encourage companies in our sector to strengthen existing security protocols and further deter any attempts at data theft. More likely, this is the best practice in the IT-BPO industry that will ensure that the Philippines remains competitive and in fact leads breakthrough initiatives for the industry.

Another advantage would be that the new law penalizes the unauthorized disclosure of personal information. It protects journalists and publishers, as they will not be compelled to reveal the source of a news report.

It provides for the creation of a National Privacy Commission that will monitor and ensure compliance of the country with international standards for data protection. The commission will implement the law, receive complaints, issue cease-and-desist orders, compel entities to abide by its orders and monitor compliance, and enforce policies that balance the right of the private person to privacy.

The passage of RA 10173 is expected to boost investment in the fast-growing information technology and business process outsourcing (IT-BPO) industries. Hailing its enactment, the Business Processing Association of the Philippines said the new law brings the Philippines to international standards of privacy protection as much of IT-BPO work involves confidential personal and company information of local and foreign clients.

Also, The Data Privacy Act provides penalties against those in government who release information of a personal nature. Unauthorized processing of personal data shall be imprisoned for one year to three years and a fine of not less than P 500,000 but not more than P 2 million. The P2 million penalties will be slapped against persons who get personal data without consent.

On the other hand, the Data Privacy Act, Teodoro said, has an impact on the media. If a journalist writes about the private life of a politician even if the details have something to do with the performance of his or her duties, the journalist could be penalized. Teorodo feared that the law might be used against journalists covering the upcoming elections. Teodoro said the passage of these laws “may open the floodgates to other forms of restrictions to press freedom and other civil liberties.”

Lastly, regards to public interest, earlier there had been concerns that the measure will go against the right of the public to information and privacy. But Angara said the framers of the Data Privacy Act had gone to great lengths to ensure that will not happen. “We refined the measure further so that it cannot be used to curtail the flow of information that may be of public interest, without infringing on an individual’s right to privacy,” Angara said.

“No less than our Constitution upholds press freedom and the media’s function of responsible reporting,” Angara said as he dispelled the impression that the measure will threaten the freedom of the media in the country.

The Data Privacy Act, however is just one of three-inter-related measures proposed by the Senate Commmission on Science and Technology (COMSTE) to usher in an IT revolution in the country.

Truly, there may be different perspectives on this act but I think it is yet to be identified and proven the effect of this act because it is too early to determine its true advantages and disadvantages since it just have been approved. The burden lies with the application and implementation where it would be more of the government’s responsibility of disseminating and explaining the real purpose and intent of such act in order to really affect growth and promote innovation for the purpose of nation building.

Hence, the question remains how does this act truly impact my situation as of this time? I would say that this act would be an advantage on my part. Communication is a big part of my job and privacy, security and integrity is often required. My responsibility in my work concerns with the operations and it would be beneficial on my part to fully understand and analyze the data or information especially the requirements of my work especially with the procedures to be followed in the collection, processing and handling of personal information. Also, to be aware of the limitations the government or any of its officer in requiring the giving of personal information and to strengthen tone of the fundamental policies of the state specifically with right of privacy and communication.

Sources:

http://business.inquirer.net/tag/republic-act-10173

New data privacy law to boost IT-BPO industry; http://breaking-newztrends.blogspot.com/2012/08/new-data-privacy-law-to-boost-it-bpo.html

http://www.mb.com.ph/articles/371471/data-privacy-act-2012