SY 2012-2013, Second Semester
Ideally, I should be able to say that gone are the days when filing cabinets ate up space in offices because almost every transaction is expected to be electronically done already. (I plan to write about my experience at the COMELEC office recently. They said it will take 3 years to input all data into the system. But that’s for another blog entry.) It’s quite funny and people (specially the younger generation) are quick to judge or label your process as “old school” or “Jurassic” when you make them to fill out registration forms using pens and papers. Now, it is not very impressive anymore and is actually deemed “normal” if the process entails you being in front of a computer to input your data, pose to have your digital picture taken and sign with a digital pen. You wait a few seconds for your ID to be printed and voila! DIGITAL. No more pasting your 1 x 1 ID picture and having it laminated.
I have also attended a youth event where they asked the participants to line up and registered in this row of laptops before them. No more pen and paper for you.
Other than the process being quick, inputting your details and having them backed up AND SECURED in another storage device is one way of sparing everybody from the hassle of retrieving your data when some natural calamity like fire or floods surprise us.
Another reason why I love how things are turning digital is how it saves everybody’s time and effort. For example, I’d love to see somebody come up with an online pre-registration for enrollment. There will be some scheme on how to secure your slot for a class, then the payment will be through an online transaction too. Imagine, we won’t have to wait for hours to get our applications for a class get approved! What a bliss it will be, right?
The list of the benefits for having things digitized is endless. However, with that improvement come issues that threaten our security as individuals. Even the big companies are not spared from such dilemma. We hear of stories of security breaches, when unauthorized personnel gain access to personal information from systems that are suppose to be secure. We hear of people’s identity exposed which brings about threats to their security. Spell death threats, or worse, killings. People often get killed for the things they say or show.
I am not attempting to give an exhaustive discussion on the implications of Republic Act 10173, otherwise known as the “Data Privacy Act of 2012”, but I am wishing to discuss how it affects a mere mortal netizen like me.
Going through the provisions makes me want to give kudos to the Congress for the effort of keeping in step with the dynamics of society. As previously mentioned, almost everything is digital now. It is quite difficult to cope with the speed and complications of how technology has made our world smaller. “Easy access” has benefits, but it offers some dangers too. Yes, the law is not perfect, we can see some loopholes and lots of room for improvement, but at least, we have something to start with.
I also like the idea of how the law mandates the interplay and teamwork of the different government agencies and their geniuses so that the intent of protection of the netizens will be achieved. In the law, we will see that the created Commission welcomes or even asks for help because I think the implications of providing details electronically are too broad for them to address one by one.
I’m not so sure though if all entities, especially in the government are aware of the details of this law and how to go about it. I’m not even sure if the personnel who deal with data are aware of the care and protection they must give so identities of their clients would not be prejudiced. Well, they have the problem of inputting to address first.
The law discusses also of the right of a person to be informed of the purpose and the length of time that your details will be retained in the entity that will process your data. I do not see any prompt informing me of this right. Is there anybody who tells people this? What I often see is them informing me that my data will be kept confidential, but nobody really tells me for how long they are going to keep it.
I’ve had the privilege of working in a company that takes data privacy VERY seriously. It ensures that all employees are well aware and exercising the things we learn from the modules on protecting personal information. Our policies on passwords are so strictly implemented so that nobody can access the computers issued to us. Our printers have a separate room which only employees have access. We have a lot of shredders in the office so that data or information on paper could not be retrieved after its use.
I’d like to quote the rights protected under this Act. Section 16 provides:
SEC. 16. Rights of the Data Subject. – The data subject is entitled to:
(a) Be informed whether personal information pertaining to him or her shall be, are being or have been processed;
(b) Be furnished the information indicated hereunder before the entry of his or her personal information into the processing system of the personal information controller, or at the next practical opportunity:
(1) Description of the personal information to be entered into the system;
(2) Purposes for which they are being or are to be processed;
(3) Scope and method of the personal information processing;
(4) The recipients or classes of recipients to whom they are or may be disclosed;
(5) Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized;
(6) The identity and contact details of the personal information controller or its representative;
(7) The period for which the information will be stored; and
(8) The existence of their rights, i.e., to access, correction, as well as the right to lodge a complaint before the Commission.
Any information supplied or declaration made to the data subject on these matters shall not be amended without prior notification of data subject: Provided, That the notification under subsection (b) shall not apply should the personal information be needed pursuant to asubpoena or when the collection and processing are for obvious purposes, including when it is necessary for the performance of or in relation to a contract or service or when necessary or desirable in the context of an employer-employee relationship, between the collector and the data subject, or when the information is being collected and processed as a result of legal obligation;
(c) Reasonable access to, upon demand, the following:
(1) Contents of his or her personal information that were processed;
(2) Sources from which personal information were obtained;
(3) Names and addresses of recipients of the personal information;
(4) Manner by which such data were processed;
(5) Reasons for the disclosure of the personal information to recipients;
(6) Information on automated processes where the data will or likely to be made as the sole basis for any decision significantly affecting or will affect the data subject;
(7) Date when his or her personal information concerning the data subject were last accessed and modified; and
(8) The designation, or name or identity and address of the personal information controller;
(d) Dispute the inaccuracy or error in the personal information and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal information have been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by recipients thereof: Provided, That the third parties who have previously received such processed personal information shall he informed of its inaccuracy and its rectification upon reasonable request of the data subject;
(e) Suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected. In this case, the personal information controller may notify third parties who have previously received such processed personal information; and
(f) Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.
x x x
I suggest that you please take your time to review and discuss this among friends so that you can know how to address an incident that might arise. Thank goodness for my genius friends, I can ask them to help out in case some epistaxis occurs.
This entry will not be a comprehensive discussion on Senator Miriam Defensor-Santiago’s Magna Carta for Philippine Internet Freedom (MCPIF). This would rather be an insight of a person that you can consider a mere mortal when it comes to technical terms on technology.
The senator felt the need to formulate a bill that would fill up the gaps that Republic Act 10175 had. If you may recall, its passage into law caused a lot of commotion over cyberspace. A lot of netizens participated in the heated discussions over the law’s effects and restrictions. The Supreme Court’s temporary restraining order on RA 10175’s implementation is about to be lifted this January and oral arguments are to be started promptly.
You are about to read the things I like and observe about the proposed bill.
The bill makes me appreciate that the State remains true to the Constitution’s mandate of pursuing policies that promote the internet as it recognizes in Section 2(4) that through technology in devices, we can create art, beauty and culture. I am proud that our laws are dynamic, there being effort to ride the tides of times and even technology, something so volatile, unpredictable. Nobody knows where it will lead us. I am also amazed that though we are looking at introducing changes on how we do things, it has not escaped the minds of our legislators to establish safeguards because this new thing about technology might actually be abused by some or a lot of people.
I understand that we really have to exert efforts on ironing out the provisions because it is undeniable, the internet has paved the way for participative governance. A lot of people, especially the young people are involved with what is happening around them because of Twitter. It has become very easy for heated but interesting insights come to the fore. It’s amazing how fresh ideas of young people are.
We have seen how swift help has come by especially in times of natural calamities or emergencies because everybody has maximized the connection we can have on cyberspace.
Knowing that people might be watching and have devices that could actually capture on picture or video anything good or bad, especially the bad, there has been something like a prompt at the back of everybody’s head that I better behave or else, I’d be famous in the net in a really bad way and there’s no taking it back once it spreads! So we police each other somehow.
I went over the terms and observe that it’s quite difficult to differentiate between some of them. Example, cyberspace and cyber environment? Among cyber attack, cyber warfare, cyber terrorism, and cyber crime? How about cyber defense and cyber security? And I snickered a bit when I read, “Section 31.1 Data processing equipment -Equipment used to process data” and “31.3 Storage equipment -Equipment used to store data” Really? Can’t we come up with a definition that does not use the same terms?
I like the idea of network neutrality (Chapter 3, Section 5). No favoritism. No one can restrict nor favor one class of data over another, subject to certain exceptions. It encourages free flow of ideas, encourages participation especially of the young ones. Now we care, because we have been given (consciously or otherwise) a chance to care, a power to speak up, a “microphone” so everybody can hear what we have to say.
I like the idea of parents having accountability in Section 12 (4 & 5). It forces them to keep watch over the sites that their minor kids are surfing. But I think it’ll be quite difficult for the parents to comply, considering the busyness in some other things like businesses and jobs and what have you.
I like the idea of interplay and cooperation among government agencies relevant to the implementation, but I hope the government agencies formed will not be a source of corruption because the purpose of the bill is noble. All of us Filipinos will benefit if funds are properly allocated and disbursed. A lot of doors will open if we have a decent information and communications technology. The world will get smaller, life will be easier. For all of us.
“Citing a 2012 report by the Department of Science and Technology, the business process outsourcing industry, the information technology outsourcing industry and other outsourcing industries, also known as knowledge worker industries strongly dependent on fast and reliable ICT and Internet networks, have contributed $11 billion in export revenues, or an estimated 5.4 percent contribution to the country’s gross domestic product in 2011.” (By Marvin SY, http://www.philstar.com/headlines/2012/12/01/877657/miriam-files-cyber-bill-ver-20, accessed January 11, 2013)
I hope the government will really exert efforts in finding the best tech guys for the job. I’m not saying that they didn’t, but I cringe at the idea that the cyber criminals are snickering over how inexperienced the law enforcers are when it comes to catching them and over how flimsy the security features of our ICT are. Please find the best! That’s where our money should go!
So, as imperfect as it may be, the laws our legislators come up with bring us closer to hopefully a better society. A wiser one. More responsible. Unselfish. More vibrant.
It would not hurt to read through it:
SB 3327 http://www.senate.gov.ph/lisdata/1446312119!.pdf