IP Views
Data Privacy Bill Approved by the Senate Last 20 March 2012, the Senate approved on third and final reading Senate Bill No. 2965 or the “Data Privacy Act of 2011.” The Bill, based in the main on the Directive 95/46/EC of the European Parliament and Council and the Asia-Pacific Economic Cooperation (APEC) Privacy Framework, mandates public and private entities to protect and preserve the integrity, security and confidentiality of personal data collected in its operations. It is hoped that the bill will drive further growth in the information and communication technology (ICT) and business process outsourcing (BPO) industries, as well as provide a policy framework to balance freedom and protection of privacy in the Internet. Under the general data privacy principles of Senate Bill No. 2965, personal information must be: (i) collected for specified and legitimate purposes determined and
declared before, or as soon as reasonably practicable, and later
processed in a way compatible with such declared, specified and
legitimate purpose only; The processing of personal information is permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists: (i) The data subject has given his or her express or implied consent;
Under Senate Bill No. 2965, several acts are made punishable by imprisonment and fines, such as: (i) processing of personal information and sensitive personal
information without the consent of the data subject or without being
authorized under the Data Privacy Act or existing laws, The Bill also mandates the establishment of a National Privacy Commission which will implement and enforce the regulations of the bill. The commission will be attached to the Office of the President and run by a commissioner with two deputies. Prior to Senate Bill No. 2965 and its counter-part house bill, House Bill No. 4115, there was no data protection law in the country, though the right to privacy is considered a basic right recognized in the Constitution, particularly in Sections 1, 2, 3 and 7, Article III (Bill of Rights). It is also recognized in specific portions of the Philippine Civil Code, such as Articles 26 and 32(11). There are other laws and regulations that evince privacy in specific sectors and instances. Bank records are protected by The Bank Secrecy Act (Republic Act No.7653) and the Secrecy of Bank Deposits Act (Republic Act No. 1405). Under the Electronic Commerce Act of 2000 (Republic Act No. 8792), only individuals with legal right of possession shall be granted access to electronic files or electronic keys. The said law also imposes an obligation of confidentiality on persons receiving electronic data, keys, messages, or other information not to convey it to any other person. The Anti-Wire Tapping Act (Republic Act No. 4200) requires that all parties to a communication must give permission for a recorded wiretap or intercept and makes it illegal to knowingly possess any recording made in prohibition of this law, unless it is evidence for a trial, civil or criminal. Furthermore, the Rape Victim Assistance and Protection Act of 1998 (Republic Act No. 8505) provides mandates that the right to privacy of the offended party and the accused be recognized. Even the Supreme Court has been made to balance the right to privacy as against other interests in cases such as Ople vs. Torres, G.R. No. 127685, 23 July 1998; Social Justice Society v. Dangerous Drugs Board and Philippine Drug Enforcement Agency, G.R. Nos. 157870, 158633 and 161658, 3 November 2008. There are also some regulations issued in pursuit of data privacy. The Philippine Department of Trade and Industry (DTI), pursuant to its mandate under Republic Act No. 8792, or the E-Commerce Law, issued Department Administrative Order No. 08, series of 2006, prescribing Guidelines for the Protection of Personal Data in Information and Communication System in the Private Sector (DTI DAO 08). Further to DTI DAO 08, the National Telecommunications Commission of the Philippine Department of Transportation and Communications (DOTC-NTC) has issued Memorandum Circular No. 05-06-2007 or the Consumer Protection Guidelines. These regulations were issued precisely to allay concerns over the security of personal data handled by employees in the ICT and BPO industries. House Bill No. 4115 and Senate Bill No. 2965 echo with some modifications the guidelines set forth in these regulations and provide the definitive legal framework for data privacy. |
|
||||||||||||||||
Copyright 2012 | All Rights Reserved | Bengzon, Negre, Untalan: Intellectual Property Attorneys | By MyGuaranteedSEO.com |