Decilos, Jillian

SY 2012-2013, Second Semester


The Impact of “Data Privacy Act of 2012″
AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND COMMUNICATIONS SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER PURPOSES

The real danger is the gradual erosion of individual liberties through automation, integration, and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable. -Anon., U. S. Privacy Study Commission, 1977

I would like to begin my discussion of the said law with the Second Section of RA 10173:

SEC. 2. Declaration of Policy. – It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.

At the outset, the State is tasked to presrve the sanctity of one’s privacy. This section is an encompassing one becais e it sets the very parameter and foundation of the said law. In this connection, the government is incumbent to harmonize and to balance the co-existence of the vital role of information and communication technology and the promotion of human right to privacy.

To better understand what is this law, its scope and application, it is therefor more appropriate to take a closer look with its brief basic information. According to the report made by Genalyn D. Kabiling,a new law that protects the integrity and confidentiality of personal data shared online or other information and communication technology (ICT) systems has been signed by President Benigno S. Aquino III.

Republic Act No. 10173 or the Data Privacy Act of 2012 also established the National Privacy Commission to ensure the protection of digital information in the government and the private sector

The law, a priority measure of President Aquino, requires both the public and private institutions to comply with international data security standards while providing safeguards to protect press freedom.

The act is based on standards set by the European Parliament, and aligns with the Asia Pacific Economic Cooperation (APEC) Information Privacy Framework. This brings the Philippines to international standards of privacy protection which is a huge piece of the puzzle that the country needs to raise investor confidence. Senator Edgardo Angara and House ICT Committee chairman Rep. Sigfrido Tiñga, who co-chair the Congressional Commission on Science and Technology and Engineering, were the primary proponents of the Data Privacy Act in Congress.(http://alinrose.wordpress.com/2012/10/16/advantages-and-disadvantages-of-ra-10173-and-ra10175/)

Excluded in the scope of RA 10173 are “personal information processed for journalistic, artistic, literary or research purposes.” Other exclusions cover information about government officials and other civil servants as well as information necessary for banks as part of anti-money laundering efforts.

The new law also provides protection to journalists and their sources, citing that they will not be compelled to reveal the source of their news report.

The National Privacy Commission will be led by a commissioner with two deputy commissioners to monitor and ensure compliance of the country with international standards set for data protection. The new body will be supported by a secretariat and will be allotted P20 million to fulfill its functions.

Under RA 10173, the disclosure of personal information shall be allowed subject to certain requirements, including consent of data subject and stating the legitimate purposes.

It also provided the rights of the data subject, including the scope and purpose of the information processing.

The data collectors, on the other hand, must implement reasonable and appropriate measures for the protection of personal data taken from subjects.

Unauthorized processing of personal data shall be imprisoned from one year to three years and a fine of not less than P500,000 but not more than P2 million. The P2-million penalty will be slapped against persons who get personal data without consent.

For persons who illegally release sensitive information, they will be penalized by imprisonment from three years to six years and a fine of not less than P500,000 but not more than P4 million.

As an individual, protection and preservation of my privacy is of great importance. Hence, the birth of the abovementioned law serves as a relief and guard against possible intrusion and evasion of my privacy.

Ordinary Filipinos, especially those who are computer illiterate, those with no access to, or seldom use the computer or any device that have the capabilities to store and transfer sensitive personal information may be prosecuted in courts of the Philippines due to improper handling of information or negligence. [1]

The following are the advantages that we can derive from the law:

(1) Safeguards to protect its computer network against accidental, unlawful or unauthorized usage or interference with or hindering of their functioning or availability;

(2) A security policy with respect to the processing of personal information;

(3) A process for identifying and accessing reasonably foreseeable vulnerabilities in its computer networks, and for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach; and

(4) Regular monitoring for security breaches and a process for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach. [2]

R.A no. 10173 helps to prevent the theft of intellectual property and the privacy of each individuals.

In relation to the protection of preserving the intellectual property of each individual, the law provides the procedure, scope, application and penalty for the violators of the said law. It is in this reason why the passage of this law finds its most rightful position in the order of our laws. It is not only an abstraction but takes a concrete form.

On the other hand, The disadvantages of this act is that it minimizes the Information and Communications System generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents and includes the computer system or other similar device by or which data is recorded, transmitted or stored and any procedure related to the recording, transmission or storage of electronic data, electronic message, or electronic document. [3]

The passage of RA 10173 is expected to boost investment in the fast-growing information technology and business process outsourcing (IT-BPO) industries. Hailing its enactment, the Business Processing Association of the Philippines said the new law brings the Philippines to international standards of privacy protection as much of IT-BPO work involves confidential personal and company information of local and foreign clients.

This is one of the primary adavantages of RA 10173. it invites investment in the information technology in the country due to the protection the country may offer to foreign investor as they put large amount of money in the economic stability of the government. In the analysis, there is a twin goal to be achieved in setting forth the law itself, e.g. , investment and protection. The former defines the set of reasons why foreign businessmen would consider the country as one of their options where they can venture business in the archipelago. The latter, on the other hand, suggests the protection of evey employee in the business industries. As the implementation of the law became effective, greater and better results are deemed to be the consequence of the economic boost of the countrt. Another area by which the law set forth its vital role is in the arena of the administration of the government. Section 7 of the law provides the creation of National Privacy Commission. Specifically, the functions of the commission are enumerated therein, to wit:

(a) Ensure compliance of personal information controllers with the provisions of this Act;

(b) Receive complaints, institute investigations, facilitate or enable settlement of complaints through the use of alternative dispute resolution processes, adjudicate, award indemnity on matters affecting any personal information, prepare reports on disposition of complaints and resolution of any investigation it initiates, and, in cases it deems appropriate, publicize any such report: Provided, That in resolving any complaint or investigation (except where amicable settlement is reached by the parties), the Commission shall act as a collegial body. For this purpose, the Commission may be given access to personal information that is subject of any complaint and to collect the information necessary to perform its functions under this Act;

(c) Issue cease and desist orders, impose a temporary or permanent ban on the processing of personal information, upon finding that the processing will be detrimental to national security and public interest;

(d) Compel or petition any entity, government agency or instrumentality to abide by its orders or take action on a matter affecting data privacy;

(e) Monitor the compliance of other government agencies or instrumentalities on their security and technical measures and recommend the necessary action in order to meet minimum standards for protection of personal information pursuant to this Act;

(f) Coordinate with other government agencies and the private sector on efforts to formulate and implement plans and policies to strengthen the protection of personal information in the country;

(g) Publish on a regular basis a guide to all laws relating to data protection;

(h) Publish a compilation of agency system of records and notices, including index and other finding aids;

(i) Recommend to the Department of Justice (DOJ) the prosecution and imposition of penalties specified in Sections 25 to 29 of this Act;

(j) Review, approve, reject or require modification of privacy codes voluntarily adhered to by personal information controllers: Provided, That the privacy codes shall adhere to the underlying data privacy principles embodied in this Act: Provided, further, That such privacy codes may include private dispute resolution mechanisms for complaints against any participating personal information controller. For this purpose, the Commission shall consult with relevant regulatory agencies in the formulation and administration of privacy codes applying the standards set out in this Act, with respect to the persons, entities, business activities and business sectors that said regulatory bodies are authorized to principally regulate pursuant to the law: Provided, finally. That the Commission may review such privacy codes and require changes thereto for purposes of complying with this Act;

(k) Provide assistance on matters relating to privacy or data protection at the request of a national or local agency, a private entity or any person;

(l) Comment on the implication on data privacy of proposed national or local statutes, regulations or procedures, issue advisory opinions and interpret the provisions of this Act and other data privacy laws;

(m) Propose legislation, amendments or modifications to Philippine laws on privacy or data protection as may be necessary;

(n) Ensure proper and effective coordination with data privacy regulators in other countries and private accountability agents, participate in international and regional initiatives for data privacy protection;

(o) Negotiate and contract with other data privacy authorities of other countries for cross-border application and implementation of respective privacy laws;

(p) Assist Philippine companies doing business abroad to respond to foreign privacy or data protection laws and regulations; and

(q) Generally perform such acts as may be necessary to facilitate cross-border enforcement of data privacy protection.

These quantifiable functions of the commission are more than enough in order to realize the main purpose of the law. However, the question here is only reserve to the effective implementation of the law otherwise it will remain as an archive and just a piecemeal legislation upn the failure of this commission. On the other hand, with the present administration, rest assured that implementation is one of its considerartion in order to let the government marching and moving.

Benedict Hernandez, Director of the Business Processing Association of the Philippines (BPAP) and President of the Contact Center Association of the Philippines (CCAP), said the local BPO sector must and will abide by the new law’s provisions. It is also predicted to attract more investors as it is set to reinforce protection of private data. [4] IN relation to this, more emplyment and influx of income are the expectations on the part of the working class in the sociert. The labor sector is entitled to the benefit which the law may provide and in reality it is an instrument of bridging the gap betweeen and among the members of social stratification in the country.

The impartiality of the law can be gleaned of with section 16, to wit:

SEC. 16. Rights of the Data Subject. – The data subject is entitled to:

(a) Be informed whether personal information pertaining to him or her shall be, are being or have been processed;

(b) Be furnished the information indicated hereunder before the entry of his or her personal information into the processing system of the personal information controller, or at the next practical opportunity:

(c) Reasonable access to, upon demand, the following:

(1) Contents of his or her personal information that were processed;

(2) Sources from which personal information were obtained;

(3) Names and addresses of recipients of the personal information;

(4) Manner by which such data were processed;

(5) Reasons for the disclosure of the personal information to recipients;

(6) Information on automated processes where the data will or likely to be made as the sole basis for any decision significantly affecting or will affect the data subject;

(7) Date when his or her personal information concerning the data subject were last accessed and modified; and

(8) The designation, or name or identity and address of the personal information controller;

(d) Dispute the inaccuracy or error in the personal information and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal information have been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by recipients thereof: Provided, That the third parties who have previously received such processed personal information shall he informed of its inaccuracy and its rectification upon reasonable request of the data subject;

(e) Suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected. In this case, the personal information controller may notify third parties who have previously received such processed personal information; and

(f) Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.

This section serves as the guidelines on the part of data subject on how to treat and keep the information properly as prescribed by the law.

In order to enjoy the gift and offer of the civilization, we are required to surrender a bit portion of our absolute liberrty and freedom. This is in the name of protection we may reap in a society characterized bu turmoil and challenges. It is therefore, appropriate to signify our immeasurable acceptance and confer our wide latitude understanding of the essence and rationale of RA 10173.


Endnotes

[1] http://psbolfango.wordpress.com/2012/10/19/advantages-and-disadvantages-of-ra-10173-and-ra-10175-on-our-countrys-e-commerce-security-infrastructure/

[2] http://juditonoya.wordpress.com/2012/10/19/advantages-and-disadvantages-of-ra-10173-and-ra-10175-on-our-countrys-e-commerce-security/

[3] http://lainemejos.wordpress.com/2012/10/18/advantages-and-disadvantages-of-ra-10173-and-ra-10175-on-our-countrys-e-commerce-security-infrastructure-especially-on-the-e-entrepreneurs/

[4] http://kristinepetagra.wordpress.com/2012/10/16/advantages-and-disadvantages-of-r-a-10173-data-privacy-act-of-2012-and-r-a-10175-cybercrime-prevenntion-act-of-2012/


The Better View and the Better Law
Anti-cybercrime law version 2.0

The great mystery is not that we should have been thrown down here at random between the profusion of matter and that of the stars; it is that from our very prison we should draw, from our own selves, images powerful enough to deny our nothingness.

Andre Malraux, Man’s Fate (1933)

It seems it was only yesterday when the world is almost perfect to live in. However, radical changes take place, hence, that day became only part of history. History is predicated by the so-called civilization. As I put my notions and thoughts in this paper, I was trapped by the occurrences of yesteryears when the world is quite different from the world of today.

Civilization is the central concept which plays an important role to better understand the events of today, mysteries of yesterday and the hopes of tomorrow.

Society and positive laws determined the occurrence, sequence and flow of the new era in the modern world. Perhaps, advances and breakthrough in all aspects of life are the byproduct of wisdom, intellect and creativity of men in their endless quest of what lies beyond the present knowledge of the society. Consequently, it transcends boundaries in terms of time, premises and even jurisdiction. Instead of drawing lines which divide morality and immorality, good and evil, men tend to cross that same line. Ergo, we are now in the world wrapped by challenges, trials and tribulations primarily because of the manner, mode and method we apply the blessings, purpose, comfort and convenience of the highest form of our intellect.

Up to about the year 1860, man’s history had been conveniently divided into three distinct epochs: ancient, medieval and modern. After 1860, however, a new expression came into general use to describe the cultures of the distant past. Pre-history was the name given to that period of man’s history before written documents appeared. We can now study man’s pre-history through the field of archeology. Archaeological remains can illuminate how and where early cultures lived, stored food and produced tools. We can learn of their religious practices, political organization and what type of relationships may have existed between man and woman, husband and wife, parent and child. Human artifacts uncovered by archeologists also reveal the existence of kings, plagues, famine, good harvests, wars and class structure. [1]

In the present time, advances and breakthrough play not only an important role in the society. Significantly, it performs and occupies a position and place in the order of things not necessarily for its existence. Traditional and conventional crimes are, in the same manner, project advancement not only in its nature and character but as well as the techniques and strategies it is committed. And that is the core of this paper of mine, the idea and ideals I wish to share in articulating my reflections in order to explain the occurrence of today.

The Digital world has become fused to our lives. And even though there is still the great digital divide: only about 35% of the Philippine is on-line (We still have to work on closing this divide): the Internet and the Web has become an important part of Philippine Society. First, because the Internet has become the information highway of economic growth. Second, because Internet Communication Technology and Computers have become a critical part of our daily lives. And third, for all its imperfection cyberspace is a forum for ideas and a bastion of freedom … a fortress of Democracy. [2]

The Cybercrime Prevention Act of 2012 is the first law in the Philippines which specifically criminalizes computer crime, which prior to the passage of the law had no strong legal precedent in Philippine jurisprudence. While laws such as the Electronic Commerce Act of 2000 (Republic Act No. 8792) [3] regulated certain computer-related activities, these laws did not provide a legal basis for criminalizing crimes committed on a computer in general: for example, Onel de Guzman, the computer programmer charged with purportedly writing the ILOVEYOU computer worm, was ultimately not prosecuted by Philippine authorities due to a lack of legal basis for him to be charged under existing Philippine laws at the time of his arrest. [4]

Although several cybercrime-related bills were filed in the 14th and 15th Congress, the Cybercrime Prevention Act in its current form is the product of House Bill No. 5808, authored by Representative Susan Yap-Sulit of the second district of Tarlac and 36 other co-authors, and Senate Bill No. 2976, proposed by Senator Edgardo Angara. Both bills were passed by their respective chambers within one day of each other on June 5 and 4, 2012, respectively, shortly after the impeachment of Renato Corona, and the final version of the Act was later signed into law by President Benigno Aquino III on September 12, 2012.

The new Act received mixed reactions from several sectors upon its enactment, particularly with how its provisions could potentially affect freedom of expression, freedom of speech and data security in the Philippines.

The local business process outsourcing industry has received the new law well, citing an increase in the confidence of investors due to measures for the protection of electronic devices and online data. [5] Media organizations and legal institutions though have criticized the Act for extending the definition of libel as defined in the Revised Penal Code of the Philippines, which has been criticized by international organizations as being outdated:[6] the United Nations for one has remarked that the current definition of libel as defined in the Revised Penal Code is inconsistent with the International Covenant on Civil and Political Rights, and therefore violates the respect of freedom of expression. [7]

Senator Edgardo Angara, the main proponent of the Act, defended the law by saying that it is a legal framework to protect freedoms such as the freedom of expression. He asked the Act’s critics to wait for the bill’s implementing rules and regulations to see if the issues were addressed. [8] He also added that the new law is unlike the controversial Stop Online Piracy Act and PROTECT IP Act. [9] However, Senator Teofisto Guingona III criticized the bill, calling it a prior restraint to the freedom of speech and freedom of expression. [10]

The Electronic Frontier Foundation has also expressed concern about the Act, [11] supporting local media and journalist groups which are opposed to it.

In response to quantifiable issues controversies thrown to the said law, lawmakers are proposing a new and improved version of the anti-cybercrime law.

Sen Miriam Defensor Santiago urged the Senate to pass a bill she filed on November 12, calling it the “anti-cybercrime law version 2.0.”

In a statement on Friday, November 30, Santiago said the Magna Carta for Philippine Internet Freedom will define and penalize cybercrimes while protecting rights and freedoms.

“The [Magna Carta] does not suffer from overbreadth and vagueness in its provisions on libel, unlike the law it tries to replace. In fact, it treats libel as a civil liability rather than a criminal act, which is a step forward in the move to decriminalize libel,” Santiago said.

The senator was referring to the Cybercrime Prevention Act of 2012 or Republic Act 10175, which various sectors criticized for allegedly violating freedom of expression and giving the government too much power over Internet users. Rappler was among the groups who stood against the law.

In October, the Supreme Court stopped the implementation of the law by issuing a 120-day temporary restraining order. Oral arguments are scheduled in January

Lawmakers and President Benigno Aquino III drew flak for approving and enacting the law despite its questionable provisions. Based on Senate records, Santiago did not take part in the Senate vote on the bill.

Santiago’s bill is the latest among efforts of lawmakers to correct the law. Other senators and congressmen have filed bills amending provisions in the Act. [12]

According to the lady senator, “While it is important to crackdown on criminal activities on the Internet, protecting constitutional rights like free expression, privacy, and due process should hold a higher place in crafting laws,”

She highlighted at least four (4) areas of improvements and modification in the existing law, to wit:

1. On the real-time collection of traffic data

Santiago said her bill addresses criticism of the provision allowing state agents to collect real-time traffic data, which she said violates the right to privacy.

“In contrast, the [Magna Carta] ensures due process by providing strict guidelines for any collection of any data, including the securing of warrants, obligating notification, and limiting seizure to data and excluding physical property.”

Privacy has been the priceless property or assets in the lifetime of everyone. This constitutes a sacred right against the intrusion of either private individual and more importantly, the government. “Let him alone”, as they said, that’s the essence of privacy. Now, with the passage of the law, it is noteworthy and it should receive high premium that the same degree of privacy is bestowed upon the citizen in exchange of the combat and crusade against cybecrime.

2. On the so-called ‘takedown clause’

Santiago said her bill does not have the so-called “takedown clause,” which allows government to block or restrict access to a website or network even without a court order.

Santiago said the “takedown clause” is dangerous. The Justice Department though has said the phrase is a misnomer, because blocking or restricting of the data will not be done arbitrarily.

3. On double jeopardy

The senator said the Magna Carta prohibits double jeopardy, unlike the Cybercrime Prevention Act.

She said under the Act, people can be prosecuted for violations against it, and for those under the Revised Penal Code and special laws even though the offenses are from a single act.

Santiago said the other improvements in the Magna Carta are:

·Clarifying the mandate and organization of the Department of Information and Communications Technology

·Amendments to the AFP Modernization Act to ensure the country has weapons and defenses against cyberattacks

·Mandating the police and the National Bureau of Investigation to combat cyberterrorism.

With these improvements, I believe that free expression, privacy and due process are well preserved and therefore, these fundamentals remain untouched in the midst of this controversial law.

The proposed bill of the lady senator protects the right of the citizens against illegal searches and seizures by providing guidelines for any collection of any data, including the securing of warrants, obligating notification and limiting seizure to data and excluding physical property. In addition, R.A. 10175 violate the right to privacy and the Constitutional guarantee against search and seizure through allowing the warrantless real – time collection of data.

Moreover, the proposed bill provides for court proceedings in cases where websites or networks are to be taken down, and prohibits censorship of content without a court order.

Finally, she seeks to clarify the mandate and organization of the proposed Committee of Information and Communications Technology to avoid confusion in the future.

Above all, use and abuse of the discovery and inventions of men is of a crucial and important issue to decide and discuss. Machines, technology and information are useful tool to communicate and understand the world we live today. No matter how useful they may be lies within the creative but sound judgment of everyone. It is but our moral obligation and responsibility to impose safeguards as to the means they are enjoyed, the manner they are to be used and the mode they are to be disposed.

In the world of ours, it is but an imperative command not to pawn the intelligence we may enjoy but to pass the joy and passion of learning to the next generation who will inherit this same and small world.

Today, groups of people live and work together in communities throughout the world. But if we could travel far back in time we would see a very different way of life. Many thousands of years ago, people moved from place to place to find food. They stayed in small family groups, finding or building simple shelters so they could move easily. There were no cities, towns, or even villages. During this time, there were no civilization [13]

This is how it begins – simple life to a complex lives. I wish to turn back the hands of time. I dream of being born in a particular period time. And I believe, I can travel in a world where crime never exist at all in any form.


Endnotes

[1] http://www.historyguide.org/ancient/lecture1b.html

[2] http://baratillo.net/2012/11/why-support-the-magna-carta-for-philippine-internet-freedom/

[3] Electronic Commerce Act of 2000 (Republic Act No. 8792)

[4] Arnold, Wayne (22 August 2000). “Technology; Philippines to Drop Charges on E-Mail Virus”. The New York Times. Retrieved 3 October 2012.

[5] Agcaoili, Lawrence (20 September 2012). “IT-BPO industry welcomes passage of Cybercrime Prevention Act”. The Philippine Star. Retrieved 24 September 2012.

[6] Panela, Shaira (19 September 2012). “Cybercrime Act extends reach of ‘draconian’, outdated libel laws”. GMA News and Public Affairs. Retrieved 24 September 2012.

[7] Tiongson, Frank Lloyd (30 January 2012). “Libel law violates freedom of expression – UN rights panel”. The Manila Times. Retrieved 24 September 2012.

[8] Sy, Marvin (23 September 2012). “‘Give Cybercrime Prevention Act a chance’”. The Philippine Star. Retrieved 24 September 2012.

[9] Angara, Edgardo. “Protecting our Cyberspace – The Cybercrime Prevention Act of 2012″. EdAngara.com. Retrieved 24 September 2012.

[10] Mendes, Christina (22 September 2012). “Guingona criticizes Cybercrime Prevention Act”. The Philippine Star. Retrieved 25 September 2012.

[11] “Philippines’ New Cybercrime Prevention Act Troubling for Free Expression”. Electronic Frontier Foundation. Retrieved 1 October 2012.

[12] http://www.rappler.com/nation/17045-miriam-proposes-new-anti-cybercrime-law

[13] http://www.studyzone.org/testprep/ss5/b/comcivl.cfm

Advertisements
1 comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: