Republic Act 10173, better known as the Data Privacy Act of 2012, was at last given the green light by President Benigno Aquino III on August 15, based on the Official Gazette of the Office of the President of the Philippines.
Under the law, public agencies and private firms alike are mandated to maintain the confidentiality of sensitive personal data they collect.
As stated in Section 4, this “applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines.”
Section 5, on the other hand, protects journalists and their sources “from being compelled to reveal the source of any news report or information appearing in said publication which was related in any confidence to such publisher, editor, or reporter.” This also extends to publishers and editors of any newspaper, periodical, or magazine.
The act has led to the creation of a National Privacy Commission, an agency that will manage and enforce the provisions of the Data Privacy Act under the Department of Information and Communications Technology (DICT).
Among the functions of the commission is to regularly publish a guide to all information protection-related legislation.
However, the law’s jurisdiction doesn’t extend to certain types of information, like data on government employees, or that collected and processed by regulatory and monetary agencies and financial institutions.
Its passage into law is poised to be a boon to local e-commerce, according to several reports.
In a statement, Senator Edgardo Angara, who actively lobbied for the act in Congress, described the newly minted Data Privacy Act as “an important first step to ensuring competitiveness of the IT-BPO industry.”
Its implementation, he added, will also involve fleshing out the details of its regulations, and further training for local IT experts.
