Senate Bill No. 2965 also known as “The
Data Protection Act” recognizes the vital role of information and
communications technology in nation building and its inherent obligation to
ensure that personal information in information and communication systems in
the government and in the private sector are secured and protected. In doing
so, the said Act will create a National Privacy Commission to administer and
implement the provisions of The Data Protection Act.
As defined in
this Senate Bill, “personal information” shall refer to any information
whether recorded in a
material form or not,
from which the identity of an
individual is apparent
or can be reasonably
and ascertained by the
entity holding the information, or when put together with other
information would identify an individual.
Accordingly,
prior to processing of “personal information”, individual or entity should
first comply with the requirements of this Senate Bill and other laws before
allowing disclosure of information to the public. As mentioned in the said
Bill, this is to adhere to the principles of transparency, legitimate purpose
and proportionality. Some of the requirements set by the Data Protection Act before
“personal information” can be disclosed to the public are as follows:
·
There
must be a purpose;
·
Processing
must be lawful;
·
Personal
Information should be accurate, and relevant;
·
Adequate
and not excessive in relation to its purpose;
·
Retained
only for a specified length of time; etc.
·
Kept in
a form which
permits identification of
data subjects for
no longer than is
necessary for the
purposes for which
the data were
collected and processed: Provided, further, That
adequate safeguards are guaranteed
by said laws authorizing their processing.
In Section 31 of this Data Protection Act,
a fine and imprisonment is imposed in case of breach of confidentiality: “The penalty of imprisonment
ranging from two (2) years and four (4) months to five (5) years and a fine not
less than Five Hundred Thousand Pesos (Php 500,000.00) but not more than Two
Million Pesos (Php 2,000,000,000.00) shall be imposed in case of a breach of
confidentiality where such breach has resulted in the information being published
or reported by media. In this case, the responsible reporter, writer,
president, publisher, manager and editor-in-chief shall be liable under this
Act.”
By criminalizing the mere processing,
publishing and reporting by the media of “personal information” as a violation
of “BREACH of CONFIDENTIALITY” as provided for in Section 31 of this Senate
Bill, do we therefore disregard the need for the transparency and
accountability of the public officials?
Perhaps, we need to further evaluate the
true purpose of this Data Protection Bill and the people being catered by this
act. Will the Data Protection Bill protect the interest of the country as a
whole by encouraging more foreign investments? Or will this act merely protects
the interest of the few?
To answer the question if this law will only protect the interest of the few, I think that this law adheres to the international movement towards data safeguarding. Given the stringent standards, foreign investors will definitely gain interest in conducting business in the country, however, if will be implemented arbitrarily, would restrict rather than improve business operations of those in the business of data processing.
ReplyDeleteWith the effectivity of RA 10173: Data Privacy Act of 2013, this issue now becomes moot and academic.
DeleteData Privacy Act of 2011 pertains to establishing fair practices and regulating the collection or gathering and the use of personal details or information stored in the computer systems of both the government and private sector. These entities are mandated to protect the integrity, security and confidentiality of such personal records.
ReplyDeletedata protection