Detailed: The Data Privacy Act (RA 10173)

September 30, 2021
Data Privacy

Information and communication technology (ICT) is critical to the country’s development and nation-building. In the information age, whomever has the most information has the most power. From a macroeconomic standpoint, the free flow of information is undeniably important for any nation’s progress and the success of any firm. With the power that comes with knowledge.

As a result, it is in the public interest for the government to set the parameters within which such authority would be exercised, while also preserving the free flow of information necessary for innovation and growth.

Every day, 2.5 quintillion bytes of data are generated. Digital data has become an integral part of our daily lives, as well as our personalities and identities. Given this, there is a pressing need to adapt the way businesses handle data and procedures in order to secure the security of personal information.

Because every company handles some sort of personal data, from employees to clients to end-user data, every company is now accountable for maintaining the confidentiality, integrity, and availability of data for permitted use.

It is vital to emphasize, however, that the legislation only protects information that is considered private by its very name. Information that was publicly available or accessible prior to the law’s passage is still available to the public. The method in which private or sensitive information is secured is the value that the Data Privacy Act of 2012 brings to the current condition of Philippine law.

To be more explicit, the passage of this law has increased the value of data and its protection in the Philippines to a large amount. To that aim, the law establishes and establishes strict restrictions for their access, and it sets severe penalties, both criminal and financial, for the unauthorized use or disclosure of information.

What is the Philippines’ Data Privacy Act?

The Philippines Congress passed the Data Privacy Act (DPA), also known as Republic Act No. 10173, in 2012, and it was eventually implemented five years later in 2016. RA 10173 ensures the “open flow of information to foster innovation and growth” (Republic Act No. 10173, Ch. 1, Sec. 2) while also safeguarding users’ fundamental privacy rights.

What is the procedure for putting it into action?

The Philippines Congress passed the Data Privacy Act (DPA), also known as Republic Act No. 10173, in 2012, and it was eventually implemented five years later in 2016. RA 10173 ensures the “open flow of information to foster innovation and growth” (Republic Act No. 10173, Ch. 1, Sec. 2) while also safeguarding users’ fundamental privacy rights.

What does this imply for data collectors and businesses?

Anyone in the government or business sector who processes personal data is subject to the Act. All personal data must be collected for valid reasons, and both parties giving and receiving information should be aware of this. That being stated, all collection must be done with the customer’s express permission.

All personal information must be relevant and used only for the stated and intended objectives. Companies must safeguard consumer information from the time it is collected until it is properly disposed of, preventing illegal access.

What do you mean by “personal information”?

“Personal information” is defined as “any information, whether recorded in a material form or not, from which the identity of an individual can be reasonably and directly ascertained by the entity holding the information, or which, when combined with other information, would directly and certainly identify an individual” (Republic Act. No. 10173, Ch. 1, Sec. 3).

What is “sensitive personal information”?

About a person’s race, ethnicity, marital status, age, skin color, and religious, philosophical, or political beliefs. Concerning a person’s health, education, genetics, or sexual life, or any proceeding for any offense done or alleged to have been committed by such person, the outcome of such proceedings, or any court’s punishment in such proceedings.

Social security numbers, previous or current health records, licenses or their denials, suspension or revocation, and tax returns are among the items issued by government agencies that are unique to an individual; and Specifically established by an executive order or an act of Congress to be kept classified.

What is “consent”?

Any voluntarily given, specific, informed indication of will by which the data subject accepts to the collection and processing of personal information about and/or relating to him or her is referred to as data subject consent. Written, electronic, or recorded evidence of consent is required. It may also be given on the data subject’s behalf by an agent who has been expressly authorized by the data subject to do so (Republic Act. No. 10173, Ch. 1, Sec. 1).

What are the rights of the data subject?

Several aspects of the data collection process must be fully disclosed to the data subject or the individual giving his or her personal information. This list includes, but is not limited to: (1) the reason for use (2) access methods (3) the identity and contact details of the personal data controller (4) how long the data will be kept for (5) access to their rights.

What actions must I take to comply with the Act?

Companies must essentially ensure that their data gathering procedures are flawless, as well as disclose the entire process with data subjects on a constant basis, including any security breaches that may occur.

Companies should hire a Data Protection Officer, develop privacy knowledge programs, and privacy and data policies to regulate data handling, as well as conduct regular evaluations to maintain high-quality data protection. Companies must also have a procedure in place for notifying customers of security breaches.

What happens if I do not comply?

Improper/unauthorized processing, handling, or disposal of personal information can result in a six-year prison sentence and a fine of at least 500,000 pesos (PHP 500,000). Data privacy is a top priority for Sprout Solutions, and the company takes extra precautions to keep information secure. We advise all businesses to review the Data Privacy Act and ensure that their own data privacy procedures are secure.

Importance of Data Privacy Act

Bad things can happen when data that should be kept private falls into the wrong hands. A data breach at a government agency, for example, may provide a hostile state access to top secret material. A data breach at a company can put confidential information in the hands of a competitor.

A school security breach might put kids’ personal information in the hands of criminals who could use it to commit identity theft. PHI can fall into the wrong hands if a hospital or doctor’s office suffers a data breach.