[REPUBLIC ACT NO. 10173]
Republic Act 10173 is also known as “Data Privacy Act of 2012” it was approved last August 15, 2012 by our President Benigno Aquino III.
It is AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND COMMUNICATIONS SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER PURPOSES
The National Privacy Commission will administer and implement the provisions of this Act and to monitor and ensure compliance of the country with International Standard sets for data protection.
It Applies to the processing of all types of personal information and to any natural or juridical person involved in personal information processing including those personal information controllers and processors who, although not found in the Philippines, use equipment that are located in the Philippines or those who maintain an office, branch or agency in the Philippines subject to succeeding paragraph; provided that the requirements of section 5 are complied with.
It requires public and private entities to preserve data they collected. In turn, the law also established the creation of a National Privacy Commission which will ensure that our country complies with international security standards when it comes to data protection.
It is seen that Information Technology (IT) and Business Process Outsourcing (BPO) industry by making it in line with International Standards of Privacy protection will benefit the most.
The rapidly growing business process outsourcing (BPO) sector of the Philippines is set to benefit from the Data Privacy Act or Republic Act 10173 as it aims to protect personal digital data of private and public entities, specifically those that are dealing with offshore businesses.
Advantages and Disadvantages
- Commission shall refer to the National Privacy Commission created by virtue of this Act.
- Consent of the data subject refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of the data subject by an agent specifically authorized by the data subject to do so.
- Data subject refers to an individual whose personal information is processed.
- Direct marketing refers to communication by whatever means of any advertising or marketing material which is directed to particular individuals.
- Filing system refers to any act of information relating to natural or juridical persons to the extent that, although the information is not processed by equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular person is readily accessible.
- Information and Communications System refers to a system for generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents and includes the computer system or other similar device by or which data is recorded, transmitted or stored and any procedure related to the recording, transmission or storage of electronic data, electronic message, or electronic document.
- Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
- Personal information controller refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.
Under this Act Section 20 states the Security and privacy of information
SEC. 20. Security of Personal Information.–
(a) The personal information controller must implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing.
How it will affect me? First Data Privacy It is an effort to empower people to protect their privacy and control their digital footprint and escalate the protection of privacy and data as everyone’s priority. Personal Information is defined as “any information whether recorded in material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information.”
Since my phone is an iphone4 I become addicted to social networking sites, so I simultaneously open my social network Facebook, Twitter, Skype, Foursquare and Email to check on recent happenings in people’s lives as well as new posts on my own wall. It is essential that personal information systems are secured and protected.
However there is an issue or problem regarding this privacy, those are the hackers of the web site. Hackers is a term used in computing for several types of person, someone who accesses a computer system by circumventing its security system. Website Hacking is now common. It is simply trying to break into a site unauthorized. The files of website are stored on a computer. The computer, called a "server" or "web server", is not too much different from your home PC, except that its configuration is specialized for making files available to the world wide web, so it has a lot of hard drive capacity and a very high speed internet connection. It probably doesn't have its own monitor or keyboard because everyone who communicates with it does so through its internet connection. With everybody connecting to our site through the internet, it might seem like just an accident if one of our files gets changed once in a while in all the commotion, but it's not.
Our website and server have several security systems that determine what kind of access each person has. I'am the owner of my web site, so I have passwords that give me read, write access to my site. I can view my files (read) and I can also change them (write). Everybody else only has read access. They can view your files, but they are never supposed to be able to change them, delete them, or add new ones.
A hack occurs when somebody gets through these security systems and obtains write access to your service. Once they obtain that, they can change, add, or delete files however they want.
But how to prevent our website from being hacked? The first thing you need to do is to maintain a strong security on the computer that you use in managing your website because someone who is successful in infecting your computer can use it to get into your website. Keep all your internet-related softwares up to date with the latest security patches. Use adequate security settings in your web browser. Use strong passwords, about 8 to 20 characters. Don’t give your passwords to anyone.If you give your password to anyone for some reasons, change it after they are done with their work.
The disadvantage of RA 10173 poses an equally on penaltiesnot only for a long time, but also for those who are newbies in using internet. Those who have capabilities to store and transfer sensitive personal information may be prosecuted in courts of the Philippines due to improper handling of information or negligence. Which states under Section 26:
SEC. 26.Accessing Personal Information and Sensitive Personal Information Due to Negligence.–
(a) Accessing personal information due to negligence shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.