Aquino Signs Data Privacy Act

23 August 2012

A new law that protects the integrity and confidentiality of personal data shared online or other information and communication technology (ICT) systems has been signed by President Benigno S. Aquino III.

Republic Act No. 10173 or the Data Privacy Act of 2012 also established the National Privacy Commission to ensure the protection of digital information in the government and the private sector

The law, a priority measure of President Aquino, requires both the public and private institutions to comply with international data security standards while providing safeguards to protect press freedom.

Excluded in the scope of RA 10173 are "personal information processed for journalistic, artistic, literary or research purposes." Other exclusions cover information about government officials and other civil servants as well as information necessary for banks as part of anti-money laundering efforts.

The new law also provides protection to journalists and their sources, citing that they will not be compelled to reveal the source of their news report.

The National Privacy Commission will be led by a commissioner with two deputy commissioners to monitor and ensure compliance of the country with international standards set for data protection. The new body will be supported by a secretariat and will be allotted P20 million to fulfill its functions.

Under RA 10173, the disclosure of personal information shall be allowed subject to certain requirements, including consent of data subject and stating the legitimate purposes.

It also provided the rights of the data subject, including the scope and purpose of the information processing.

The data collectors, on the other hand, must implement reasonable and appropriate measures for the protection of personal data taken from subjects.

Unauthorized processing of personal data shall be imprisoned from one year to three years and a fine of not less than P500,000 but not more than P2 million. The P2-million penalty will be slapped against persons who get personal data without consent.

For persons who illegally release sensitive information, they will be penalized by imprisonment from three years to six years and a fine of not less than P500,000 but not more than P4 million.