While people are going gaga over the implementation of RA 10175 or known as the Cybercrime Prevention Act of 2012, a prior Act has been signed by President Pnoy back in August: RA 10173 or the Data Privacy Act of 2012.
This law is intended to protect the integrity and confidentiality of personal data. It is based on standards set by the European Parliament and aligned with the Asia Pacific Economic Cooperation Information Privacy Framework. And because of this law, a new commission under the Department of Transportation and Communications (DOTC) has been created and is called the National Privacy Commission which will administer and implement the provisions of the law.
While most people are very concerned about losing their freedom and rights to use the internet as a result of possible violations of RA 10175 provisions, I believe RA 10173 poses an equally if not more than alarming penalties not only for the long-time netizens but moreso for those who are newbies in using the internet or any kind of information technology media. Ordinary Filipinos, especially those who are computer illiterate, those with no access to, or seldom use the computer or any device that have the capabilities to store and transfer sensitive personal information may be prosecuted in courts of the Philippines due to improper handling of information or negligence.
Accessing Personal Information and Sensitive Personal Information Due to Negligence
What alarms me the most are the penalty clauses stating that anyone can be penalized by imprisonment and will be fined in gargantuan proportions for accessing personal information of another individual or entity. Even if she/he did not mean to.
SEC. 26. Accessing Personal Information and Sensitive Personal Information Due to Negligence. – (a) Accessing personal information due to negligence shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.
(b) Accessing sensitive personal information due to negligence shall be penalized by imprisonment ranging from three (3) years to six (6) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Four million pesos (Php4,000,000.00) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.
Looking at the number of Filipinos with access to the internet at 33% only of the total population, an alarming 66% of Filipinos may become potential “victims” of this law due to negligence. This Data Privacy Act concerns not only those who have access to computers or the internet but likewise covers those who use cellphones, smartphones, flash memory disks, external hard drives, mp3/mp4 players, and other similar gadgets in an environment or business that are involved in the processing of sensitive personal information or privileged information as defined in the law.
I’m not a legal expert and may be interpreting this law wrongly. But looking at the exclusions of RA 10173 which are, among others, personal information processed for journalistic, artistic, literary or research purposes, information about government officials and other civil servants, information necessary for banks and financial institutions as part of anti-money laundering efforts, and personal data processed by central monetary authorities and law enforcement and regulatory agencies, leaves the ordinary Filipinos and those working in industries and profession outside of these exclusions in conceivable exposure to civil and criminal liabilities.
Improper Disposal of Personal Information and Sensitive Personal Information
I remember the story of my former mentor in auditing about a sensitive printed document used as “pambalot” (wrapper) for a local delicacy in a public market. The man who bought the product discovered for himself that his personal information is on the paper used as a wrapper for his favorite streetfood. The guy who negligently disposed the paper was later on suspended for improper disposal of company documents.
The RA 10173 states that:
SEC. 27. Improper Disposal of Personal Information and Sensitive Personal Information. – (a) The improper disposal of personal information shall be penalized by imprisonment ranging from six (6) months to two (2) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but not more than Five hundred thousand pesos (Php500,000.00) shall be imposed on persons who knowingly or negligently dispose, discard or abandon the personal information of an individual in an area accessible to the public or has otherwise placed the personal information of an individual in its container for trash collection.
b) The improper disposal of sensitive personal information shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but not more than One million pesos (Php1,000,000.00) shall be imposed on persons who knowingly or negligently dispose, discard or abandon the personal information of an individual in an area accessible to the public or has otherwise placed the personal information of an individual in its container for trash collection.
Makes me feel more worried for ordinary citizens working in the medical, outsourcing, executive search, human resources, auditing professions as well as ordinary workers like receptionists, bellboys, garbage collectors, security guards, messengers, janitors, and other lowly laborers.
Could someone correct me please? Reading through this penalty clauses just makes me think I’m a target as well.
But despite all these seemingly threatening new cyber laws, I still believe that a handful of opportunities and advantages can still benefit and protect the public. We just need to be more vigilant and educated in order not be abused or worse, become subjects of these laws’ harsh penalties.
I’m getting the same understanding of these laws as you are. And the hard part is, these stuff are written and passed, and the public is not adequately informed, and I don’t just mean setting up a media campaign. Law is another language in itself that even above-average-intelligence people have difficulty interpreting. The phrase “knowingly or negligently” in the above clauses are alarming. I’d say possibly 95% of us would fall under “negligently”. And then they’ll tell us “ignorance of the law is no excuse.” Well, considering how they write laws, ignorance isn’t really the problem. It’s comprehension. If they can release “layman’s terms” of their legalese, then a lot more people would be not just informed, but might actually even understand it enough to be able to abide by them. Regular people want to live quiet lives and don’t want to get in trouble with the law, but if they can’t even understand the law, how will they know to keep on the right side of it?
Now that the Supreme Court has issued a TRO on R.A. 10175, I wonder if there are petitioners pushing for amendments of R.A. 10173. And how many of those who’s riding the Cybercrime Law protest popularity are aware about the Data Privacy Law, at all?