Slide 1: The importance of Data Privacy Act of 2012 Philippines, or those who maintain an office, branch or

agency in the Philippines subject to the immediately

Presented by: Rizzi, Clifford Chazz L.
succeeding paragraph: Provided, That the requirements of
BSIT 611 Section 5 are complied with.

Slide 2: What is Data Privacy Act of 2012?

RA 10173 or Data Privacy Act of Slide 4: Basically, the National Privacy Commission are
2012 is AN ACT PROTECTING responsible for the administration and implementation of RA
INDIVIDUAL PERSONAL 10173. They are the one to monitor and ensure the
INFORMATION IN compliance of the country with international standards set
INFORMATION AND for data protection.
COMMUNICATIONS SYSTEMS
IN THE GOVERNMENT AND
THE PRIVATE SECTOR, The Department of Information and
CREATING FOR THIS PURPOSE Communications Technology
A NATIONAL PRIVACY COMMISSION, AND FOR
Appointed
OTHER PURPOSES
The National Privacy Commission

Slide 3: Who is it for?

Republic Act No. 10173, otherwise known as the Data
Privacy Act is a law that seeks to protect all forms of Slide 5: Why is it needed?
information, be it private, personal, or sensitive. It is meant
to cover both natural and juridical persons involved in the The internet use of
processing of personal information. Filipino people have
increased ambiguously
and still continually
increases. Particular use
Scope Sec. 4: This Act applies to the processing of all types
are social media. People
of personal information and to any natural and juridical
are sharing more
person involved in personal information processing
personal information
including those personal information controllers and
everyday. More
processors who, although not found or established in the
so, business sectors, companies, organizations, etc. now rely
Philippines, use equipment that are located in the
on internet. They collect, process, and use personal data in (a) The data subject has given his or her consent, specific to
variety of means. the purpose prior to the processing, or in the case of
privileged information, all parties to the exchange have
That’s why a comprehensive law such as Data Privacy Act given their consent prior to processing;
of 2012 is greatly needed to protect people, give them
personal choice, control, and the right to be left alone. (b) The processing of the same is provided for by existing
laws and regulations: Provided, That such regulatory
enactments guarantee the protection of the sensitive personal
Slide 6: What is Personal Information? information and the privileged information: Provided,
further, That the consent of the data subjects are not required
Under Sec. 3(g) of the Data Privacy Act, “[p]ersonal by law or regulation permitting the processing of the
information refers to any information whether recorded in a sensitive personal information or the privileged information;
material form or not, from which the identity of an
Slide 8:
individual is apparent or can be reasonably and directly
ascertained by the entity holding the information, or when (c) The processing is necessary to protect the life and health
put together with other information would directly and of the data subject or another person, and the data subject is
certainly identify an individual.” not legally or physically able to express his or her consent
prior to the processing;
In other words, personal information is any information
which can be linked to your identity, thus making you (d) The processing is necessary to achieve the lawful and
readily identifiable. noncommercial objectives of public organizations and their
associations: Provided, That such processing is only
confined and related to the bona fide members of these
Slide 7: What is Sensitive Personal Information organizations or their associations: Provided, further, That
the sensitive personal information are not transferred to third
(1) race, ethnic origin, marital status, age, color, and parties: Provided, finally, That consent of the data subject
religious, philosophical or political affiliations; (2) health, was obtained prior to processing;
education, genetic or sexual life of a person, (3) civil,
criminal or administrative proceedings (4) Unique identifiers (e) The processing is necessary for purposes of medical
issued by government agencies peculiar to an individual (5) treatment, is carried out by a medical practitioner or a
Specifically established by law as classified medical treatment institution, and an adequate level of
protection of personal information is ensured; or
Under Sec 13: The processing of sensitive personal
information and privileged information shall be prohibited, (f) The processing concerns such personal information as is
except in the following cases: necessary for the protection of lawful rights and interests of
natural or legal persons in court proceedings, or the Slide 10: The rights of Data subjects
establishment, exercise or defense of legal claims, or when
provided to government or public authority. An individual whose personal, sensitive personal or
privileged information is processed.
Slide 9: What is processing?
 Right to be Informed
Under Sec. 3(j)  Right to Access
of the Data
Privacy Act,  Right to Object
“[p]rocessing  Right to Rectification
refers to any
operation or  Right to Erasure or Blocking
any set of  Right to Damages
operations
performed  Right to Data Portability
upon personal  Right to File A Complaint
information
including, but Slide 11: The Principles of Data Privacy
not limited to,  Transparency - A data subject must be aware of the
the collection, nature, purpose, and extent of the processing of his
recording, or her personal data, including the risks and
organization, storage, updating or modification, retrieval, safeguards involved, the identity of personal
consultation, use, consolidation, blocking, erasure or information controller, his or her rights as a data
destruction of data.” subject, and how these can be exercised. Any
information and communication relating to the
In other words, processing of personal information is any processing of personal data should be easy to access
operation where personal information is involved. Whenever and understand, using clear and plain language.
your information is, among other things, collected, modified,  Legitimate Purpose - The processing of information
or used for some purpose, processing already takes place. shall be compatible with a declared and specified
purpose, which must not be contrary to law, morals,
or public policy.
 The processing of information shall be adequate,
relevant, suitable, necessary, and not excessive in
 relation to a declared and specified purpose. o Personal Information - Imprisonment
Personal data shall be processed only if the purpose ranging from one (1) year to three (3) years
of the processing could not reasonably be fulfilled and A fine of not less than Five hundred
by other means. thousand pesos (Php500,000.00) but not
more than Two million pesos
(Php2,000,000.00)
Slide 12: Consent of Data Subject o Sensitive Personal Information -
Imprisonment ranging from three (3) years
Refers to any freely given, specific, informed indication of to six (6) years and A fine of not less than
will, whereby the data subject agrees to the collection and Five hundred thousand pesos
processing of personal information about and/or relating to (Php500,000.00) but not more than Four
him or her. Consent shall be evidenced by written, electronic million pesos (Php4,000,000.00)
or recorded means. It may also be given on behalf of the data
 Improper Disposal of Personal Information and
subject by an agent specifically authorized by the data
Sensitive Personal Information
subject to do so.
o Personal Information - Imprisonment
Sliide 13: Penalty ranging from six (6) months to two (2) years
and A fine of not less than One hundred
 Unauthorized Processing of Personal Information thousand pesos (Php100,000.00) but not
and Sensitive Personal Information more than Five hundred thousand pesos
o Personal Information - Imprisonment (Php500,000.00)
ranging from one (1) year to three (3) years o Sensitive Personal Information -
AND Fine of not less than Five hundred Imprisonment ranging from one (1) year to
thousand pesos (Php500,000.00) but not three (3) years and A fine of not less than
more than Two million pesos One hundred thousand pesos
(Php2,000,000.00) (Php100,000.00) but not more than One
o Sensitive Personal Information - million pesos PROPERTY
Imprisonment ranging from three (3) years (Php1,000,000.00)
to six (6) years AND Fine of not less than  Processing of Personal Information and Sensitive
Five hundred thousand pesos Personal Information for Unauthorized Purposes
(Php500,000.00) but not more than Four o Personal Information - Imprisonment
million pesos (Php4,000,000.00) ranging from one (1) year and six (6)
 Accessing Personal Information and Sensitive months to five (5) years and A fine of not
Personal Information Due to Negligence less than Five hundred thousand pesos
 (Php500,000.00) but not more than One less than One million pesos
million pesos (Php1,000,000.00) (Php1,000,000.00) but not more than Five
o Sensitive Personal Information - million pesos (Php5,000,000.00).
Imprisonment ranging from two (2) years to
seven (7) years and A fine of not less than
Five hundred thousand pesos Slide 14: Importance
(Php500,000.00) but not more than Two
million pesos PROPERTY  With the phenomenal rise of internet use around the
(Php2,000,000.00) world, and with almost everything today found in
 Unauthorized Access or Intentional Breach the cloud, data protection laws have become
o The penalty of Imprisonment ranging from important tools in protecting the privacy of
one (1) year to three (3) years and a fine of individuals and consumers everywhere. Without
not less than Five hundred thousand pesos these laws, personal information is vulnerable to
(Php500,000.00) but not more than Two misuse, which can not only lead to a breach of
million pesos (Php2,000,000.00). privacy but to cybercrimes like identity theft and
transaction fraud, as well.
 Concealment of Security Breaches Involving
Sensitive Personal Information  The DPA brings the Philippines up-to-date with
o The penalty of Imprisonment of one (1) year international standards on data protection. As one of
the world’s largest users of the internet, the country
and six (6) months to five (5) years and a
needs to ensure that its citizens’ fundamental right to
fine of not less than Five hundred thousand
privacy is protected and preserved.
pesos (Php500,000.00) but not more than
One million pesos (Php1,000,000.00)  By safeguarding the privacy rights of Filipinos, the
DPA paves the way for a sustainable free flow of
 Unauthorized Disclosure
information where consumers feel safe to give out
o Imprisonment ranging from one (1) year to
their personal data, and government and businesses
three (3) years and a fine of not less than
are accountable for the responsible use of the
Five hundred thousand pesos
information they collect.
(Php500,000.00) but not more than One
 Moreover, the Philippines has a fast-growing
million pesos (Php1,000,000.00).
business outsourcing industry where data is
 Combination or Series of Acts
transmitted and processed in large volumes every
o Any combination or series of acts as defined
day. The DPA provides BPO clients – local and
in Sections 25 to 32 shall make the person
international – with the assurance that the data
subject to imprisonment ranging from three
involved in their day-to-day operations are protected
(3) years to six (6) years and a fine of not
and secure.