SY 2012-2013, Second Semester
Republic Act 10173 is also known as “Data Privacy Act of 2012” it was approved last August 15, 2012 by our President Benigno Aquino III.
It is AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND COMMUNICATIONS SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER PURPOSES
The National Privacy Commission will administer and implement the provisions of this Act and to monitor and ensure compliance of the country with International Standard sets for data protection.
It Applies to the processing of all types of personal information and to any natural or juridical person involved in personal information processing including those personal information controllers and processors who, although not found in the Philippines, use equipment that are located in the Philippines or those who maintain an office, branch or agency in the Philippines subject to succeeding paragraph; provided that the requirements of section 5 are complied with.
It requires public and private entities to preserve data they collected. In turn, the law also established the creation of a National Privacy Commission which will ensure that our country complies with international security standards when it comes to data protection.
It is seen that Information Technology (IT) and Business Process Outsourcing (BPO) industry by making it in line with International Standards of Privacy protection will benefit the most.
The rapidly growing business process outsourcing (BPO) sector of the Philippines is set to benefit from the Data Privacy Act or Republic Act 10173 as it aims to protect personal digital data of private and public entities, specifically those that are dealing with offshore businesses.
Advantages and Disadvantages
1. Commission shall refer to the National Privacy Commission created by virtue of this Act.
2. Consent of the data subject refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of the data subject by an agent specifically authorized by the data subject to do so.
3. Data subject refers to an individual whose personal information is processed.
4. Direct marketing refers to communication by whatever means of any advertising or marketing material which is directed to particular individuals.
5. Filing system refers to any act of information relating to natural or juridical persons to the extent that, although the information is not processed by equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular person is readily accessible.
6. Information and Communications System refers to a system for generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents and includes the computer system or other similar device by or which data is recorded, transmitted or stored and any procedure related to the recording, transmission or storage of electronic data, electronic message, or electronic document.
7. Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
8. Personal information controller refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.
Under this Act Section 20 states the Security and privacy of information
SEC. 20. Security of Personal Information.–
(a) The personal information controller must implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing.
(b) The personal information controller shall implement reasonable and appropriate measures to protect personal information against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.
(c) The determination of the appropriate level of security under this section must take into account the nature of the personal information to be protected, the risks represented by the processing, the size of the organization and complexity of its operations, current data privacy best practices and the cost of security implementation. Subject to guidelines as the Commission may issue from time to time, the measures implemented must include:
(1) Safeguards to protect its computer network against accidental, unlawful or unauthorized usage or interference with or hindering of their functioning or availability;
(2) A security policy with respect to the processing of personal information;
(3) A process for identifying and accessing reasonably foreseeable vulnerabilities in its computer networks, and for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach; and
(4) Regular monitoring for security breaches and a process for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach.
(x) The personal information controller must further ensure that third parties processing personal information on its behalf shall implement the security measures required by this provision.
(e) The employees, agents or representatives of a personal information controller who are involved in the processing of personal information shall operate and hold personal information under strict confidentiality if the personal information are not intended for public disclosure. This obligation shall continue even after leaving the public service, transfer to another position or upon termination of employment or contractual relations.
(f) The personal information controller shall promptly notify the Commission and affected data subjects when sensitive personal information or other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the Commission believes (bat such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject. The notification shall at least describe the nature of the breach, the sensitive personal information possibly involved, and the measures taken by the entity to address the breach. Notification may be delayed only to the extent necessary to determine the scope of the breach, to prevent further disclosures, or to restore reasonable integrity to the information and communications system.
(1) In evaluating if notification is unwarranted, the Commission may take into account compliance by the personal information controller with this section and existence of good faith in the acquisition of personal information.
(2) The Commission may exempt a personal information controller from notification where, in its reasonable judgment, such notification would not be in the public interest or in the interests of the affected data subjects.
(3) The Commission may authorize postponement of notification where it may hinder the progress of a criminal investigation related to a serious breach.
How it will affect me? First Data Privacy It is an effort to empower people to protect their privacy and control their digital footprint and escalate the protection of privacy and data as everyone’s priority. Personal Information is defined as “any information whether recorded in material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information.”
It includes facts and figures about a person’s race, ethnic origin, marital status, age, color and religious, philosophical and political affiliations. Or practically his life story.
Since my phone is an iphone4 I become addicted to social networking sites, so I simultaneously open my social network Facebook, Twitter, Skype, Foursquare and Email to check on recent happenings in people’s lives as well as new posts on my own wall. It is essential that personal information systems are secured and protected.
However there is an issue or problem regarding this privacy, those are the hackers of the web site. Hackers is a term used in computing for several types of person, someone who accesses a computer system by circumventing its security system. Website Hacking is now common. It is simply trying to break into a site unauthorized. The files of website are stored on a computer. The computer, called a “server” or “web server”, is not too much different from your home PC, except that its configuration is specialized for making files available to the world wide web, so it has a lot of hard drive capacity and a very high speed internet connection. It probably doesn’t have its own monitor or keyboard because everyone who communicates with it does so through its internet connection. With everybody connecting to our site through the internet, it might seem like just an accident if one of our files gets changed once in a while in all the commotion, but it’s not.
Our website and server have several security systems that determine what kind of access each person has. I’am the owner of my web site, so I have passwords that give me read, write access to my site. I can view my files (read) and I can also change them (write). Everybody else only has read access. They can view your files, but they are never supposed to be able to change them, delete them, or add new ones.
A hack occurs when somebody gets through these security systems and obtains write access to your service. Once they obtain that, they can change, add, or delete files however they want.
But how to prevent our website from being hacked? The first thing you need to do is to maintain a strong security on the computer that you use in managing your website because someone who is successful in infecting your computer can use it to get into your website. Keep all your internet-related softwares up to date with the latest security patches. Use adequate security settings in your web browser. Use strong passwords, about 8 to 20 characters. Don’t give your passwords to anyone.If you give your password to anyone for some reasons, change it after they are done with their work.
The disadvantage of RA 10173 poses an equally on penaltiesnot only for a long time, but also for those who are newbies in using internet. Those who have capabilities to store and transfer sensitive personal information may be prosecuted in courts of the Philippines due to improper handling of information or negligence. Which states under Section 26:
SEC. 26.Accessing Personal Information and Sensitive Personal Information Due to Negligence.–
(a) Accessing personal information due to negligence shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.
(b) Accessing sensitive personal information due to negligence shall be penalized by imprisonment ranging from three (3) years to six (6) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Four million pesos (Php4,000,000.00) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.
The Internet provides the access to resources, so it’s incumbent upon the people who control those resources to make sure that the economic engine stays intact.
The Internet (or internet) is a global system of interconnected computer networks that use the standardInternet protocol suite (TCP/IP) to serve billions of users worldwide. It is a network of networks that consists of millions of private, public, academic, business, and government networks, of local to global scope, that are linked by a broad array of electronic, wireless and optical networking technologies. The Internet carries an extensive range of information resources and services, such as the inter-linked hypertext documents of theWorld Wide Web (WWW) and the infrastructure to support email.
Senate Bill 3327 in relation to Republic Act 10173
First we need to identify what is Senate Bill 3327 all about and Republic Act 10173. Senate Bill 3327 is also known as Magna Carta for Philippine Internet Freedom (MCPIF), which aims to protect the rights and freedoms of Filipino citizens, while acting on cybercrimes. It was introduced by Senator Miriam Defensor Santiago. The objective of Senator Santiago is to change or replace Republic act 10175. WhereinRepublic Act (RA 10175) was approved by PNOY last September 12, 2012. It is an act defining cyber crime, providing for prevention, investigation, suppression and the imposition of penalties therefor and for other purposes. RA 10175 targets your rights, not cybercrimes. While the Cybercrime Law refers to several online offenses, the inclusion of online libel and other contentious provisions, free speech, privacy, and right to due process essentially targets the civil rights of Internet users.Under this law, politicians can easily file charges against ‘hostile and combative’ critics and witnesses by claiming that virtual protesters have threatened their life and property.
The objective or purpose of Senator Miriam Defensor Santiago is that her provision is particularly about libel which is against Republic Act 10175. In her interview she said tha instead of criminal act, it is just a civil liability which she states that:
“Internet libel is a public and malicious expression tending to cause the dishonor, discredit, or contempy of a natural or juridical person, or to blacken the memory of one who is dead, made on the Internet or on public networks.”
It is also stated in her Senate Bill 3327 that the protest against the Government will not fall or will not cover by the Internet libel.
And The Anti-Cybercrime Law violates the right to privacy and the Constitutional guarantee against illegal search and seizure through allowing the warrantless real-time collection of traffic data,” The MCPIF- Magna Carta for Philippine Internet Freedom ensures due process by providing strict guidelines for any collection of any data, including the securing of warrants, obligating notification, and limiting seizure to data and excluding physical property,” The government will also no longer be allowed to block website on its own. She will require a court order before authorities can takedown or censor Internet sites under the MCPIF. “The dangerous ‘takedown’ clause of RA 10175, where the government may have a website or network blocked or restricted without due process of law, is absent in the MCPIF,” And this bill specifically provides for court proceedings in cases where websites or networks are to be taken down, and prohibits censorship of content without a court order.
However Republic Act 10173 which is also known as “Data Privacy Act of 2012” it was approved last August 15, 2012 by our President Benigno Aquino III. It is an act protecting individual personal information in information and communications systems in the Government and the private sector, creation for this purpose a national privacy commission, and for other puposes. Data Privacy is an effort to empower people to protect their privacy and control their digital footprint and escalate the protection of privacy and data as everyone’s priority. Personal Information is defined as “any information whether recorded in material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information.”
This Republic Act 10173 have an advantages such asConsent of the data subject refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of the data subject by an agent specifically authorized by the data subject to do so. Data subject refers to an individual whose personal information is processed. Direct marketing refers to communication by whatever means of any advertising or marketing material which is directed to particular individuals. Filing system refers to any act of information relating to natural or juridical persons to the extent that, although the information is not processed by equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular person is readily accessible.
Senate Bill 3327 it helps us in terms of protection of an internet as an open network. Which it is within its jurisdiction. In this Bill you also have the right to freedom of speech and expression on the Internet. Such as it helps to protect the right of the people to petition the government via the Internet, protect the right of any person to publish material or upload information to internet.
This bill also promote the Right to privacy of data. Subject to conditions provided in the Data Privacy Act of 2012, no person shall access the private data of another person. When it comes to security of your data, No third party shall be granted to access to the private data or networks of a person by an Internet service provider, telecommunications entity, or such person providing Internet or data services if the person has not been properly notified that a request for access to the private data or networks of the person has been made. A person shall not be deemed to have been properly notified unless the person has acknowledged the notification of the request for access and has agreed to grant or refuse access, or unless an order compelling the person to grant the third party access to the private data or networks shall be issued by a competent court having jurisdiction over the residence of the person, following due notice and hearing. The primary duty of this bill related to the promotion of Internet Freedom The State shall uphold constitutional rights, privileges, guarantees, and obligations in the development and implementation of policies related to the Internet and information and communication technology.
However the other objective of Senator Miriam Defensor Santiago is to recognize that child pornography, child abuse and human trafficking can be committed through the Internet, as much as hacking, piracy and copyright infringement. We must define these evils in order for us to crush them. As stated in Section 5 of the Special Protection of Children Against Abuse. There is a penalty to the one who violates whether male or female, who for money, profit, or any other consideration or due to the coercion or influence of any adult, syndicate or group, indulge in sexual intercourse or lascivious conduct are deemed to be children exploited in prostitution and other sexual abuse. The penalty of reclusion temporal to reclusion perpetua.