by:
adeng ocampo
01
December 2012
How does Republic Act 10173 affect me?
Is there benefit or flaw in the law?
As I sit in front
of the computer trying to figure out how I would answer these questions, I
assessed myself, am I pro to this new law? The title helped me sort out my
confusion – “An Act Protecting Individual Personal Information In Information
and Communications System in the Government and the Private Sector, Creating
For This Purpose A National Privacy Commission, And For Other Purposes.”
Honestly, I asked
myself, “What the heck is this?!” “What does it REALLY do?”
It might be a
wonder to many why this sound out of this world to me, well, for everybody’s
information, I am not a computer GENIUS… yes, I am literate as it is noticeable
I am able to type, and send this blog. But it does not follow that I understand
everything that I do NOT do – obviously, I don’t do it because I do not intend
to, and I don’t want to commit mistakes. Like the use of facebook, twitter,
blog or however else any modern person of this era will want to communicate and
reach out to many souls as easily as sending their messages without having to
do it the old fashioned way… such as : letter-writing (as in like IN THE TESTATOR”S
OWN HANDWRITING!), notice messaging via any post office, LBC, JRS or even the
FedEx. Well I do that still. Am still in the Jurassic era, if that is how it is
called nowadays. I prefer to commit less mistakes- with that, it is less headache.
If modernity through technology will complicate my already complicated life,
then I prefer to live in the Jurassic era where things are a little slower but
less risk. HOWEVER, am now putting my opinion on a blog-seems like I have no
choice. But, I understand why I need to be tech literate- as this not only
refer to tech geniuses but in the profession that I intend to be a part of a few years from now.
I must understand how it works- you know this techy thingy majigs!
First question :
How does the law affect me intimately?
Skeptical!
The law says, xxx
to protect the fundamental human right of privacy xxx
First, can this
law protect me from invasion of my privacy?
This law will be tested only when the harm is done already… and my
privacy has already been violated.
Second, this law
came about when there was already breach of this so-called privacy.
What it only does
is that it serves as a warning to those who are in possession of any personal
information about an individual. Just like any other law, it gives warning
only, not a full-proof protection of what it seems to impart to the netizens.
Before anything
else, it is important to know how and where our personal information go as we
send them. It is a worldwide web out
there!
I have watched a
movie where a person’s personal information was used by another individual
pretending to be her and the very ones who caused this trouble are the ones in
the government! It may be JUST A MOVIE, but come to think of it, it can be
anybody else’s reality once our information has landed onto the hands of the
crooks. It is not sci fi, it is a fact!
On the question,
“how does it affect me intimately?” it scares me because I know there is
nothing in this world, not even a law, can protect me 100%. But, I reserve some
respect to this law- 50% max that at least, when my privacy has been violated,
there is a basis for my cause of action. It will somehow give me the relief
needed by a netizen knowing that I am not totally abandoned in my quest for
privacy, even just a little.
One look at the
language of the law, it seems encompassing, full-proof.. that any violation
regarding my privacy, the National Privacy Commission is there to seal my
wound. But as I read it again, just like our courts, it is just there to help a
little, impose a big fine upon those guilty as we say – IF PROVEN. What if not?
Then we leak our own wounds.
Second question :
Is there benefit or flaw in the law?
Section
4 of the topic law provides,
Scope-
“This Act applies to the processing of
all types of personal information and to any juridical person involved in
personal information processing including those personal information
controllers and processors who, although not found or established in the
Philippines, use equipment that are located in the Philippines, or those who
maintain an office, branch or agency in the Philippines, subject to the
immediately succeeding paragraph: Provided, That the requirements of Section 5
are complied with.”
However,
there are exceptions, meaning, there are circumstances that this law does not
afford protection to. Reading those that are not included from protection of
this Act, I find it justifiable, rightly excluded , and fair enough as there
are many in our jurisdiction who take refuge in our own laws to circumvent the
spirit of it and take it to their side and escape penalty in broad daylight. An
example of this is the Secrecy of Bank Deposits Act which, as divulged through
the media in many events, are taken as shield by those seated in power. But
this RA 10173 will somehow tame the abuse of Secrecy of Bank Deposit Act.
Section
16 – Rights of the Data Subject –
When
I read the contents of this particular section, it does not cover all that can
be given as a right to one data subject. When an information is asked, the
system does not accept what is entered into if the data subject omits some
information he or she would want to skip – simply, for fear of violation or
breach of privacy. So, the right to skip, omit for purposes of protection is
not respected.
(f)Be
indemnified for any damages sustained due to such inaccurate, incomplete,
outdated, false, unlawfully obtained or unauthorized use of personal
information.
Under normal circumstances, this
does not have any tooth in regard any damages filed by a data subject. More
often than not, this leak or unauthorized use of personal information usually
goes ignored and hard to prove as to who the culprit really is. And Filipinos
as we are, we often let it go as any suit will only take our precious time,
moreover, costly.
Section 21 Principle of Accountability –
(a) xxx
(b) The
personal information controller shall designate an individual or individuals
who are accountable for the organization’s compliance with this Act. The
identity of the individual(s) so designated
shall be made known to any data subject upon request.
The above section
is not yet tried. Say on jobstreet.com,
it is system generated. All it does is get an
information of data subject. It cannot even be asked. It is a
one-way trip to Ohio where I GIVE DATA, IT RECEIVES DATA, AND I JUST WAIT WHAT
HAPPENS NEXT.
Section
25- Unauthorized Processing of
Personal Information and Sensitive Personal Information- (a) The
unauthorized processing of personal information shall be penalized by
imprisonment ranging from one (1) year to tree (3) years and a fine of not less
than Five Hundred Thousand Pesos (500,000) but not more than Two Million Pesos
(2,000,000) shall be imposed on persons who process personal information
without the consent of the data subject, with or without being authorized under
this Act or any existing law; (b) The unauthorized processing of personal
sensitive information shall be penalized by imprisonment ranging from three (3)
years to six (6) years and a fine not less than Five Hundred Thousand Pesos
(500,000) but not more than Four Million Pesos
(4,000,000) shall be imposed on persons who process personal information
without the consent of the data subject, or without being authorized under this
Act or any existing law.
Oftentimes, when a law has been
passed, we look into the scope- we see to it we are not subject to it, and if
we are, we take precautions. Next thing we look upon is the penalty. Section 25
is securing that this law will be implemented properly basing on the imposition
of fines which are quite high as compared with other laws. What I do not read
from any of the penalty provisions is the penalty in case of insolvency of the
data or personal information controller.
Section
26 – Accessing Personal Information and Sensitive Personal Information Due to
Negligence – (a) accessing personal information due to negligence shall be
penalized by imprisonment ranging from one (1) year to three (3) years and a
fine of not less than Five hundred thousand pesos (500,000) but not more than
two million pesos(2,000,000) shall be imposed on persons who, due to
negligence, provided access to personal information without being authorized
under this Act or any existing law; (b) Accessing sensitive personal
information due to negligence shall be penalized by imprisonment ranging from
three (3) years to six (6) years and a fine not less than Five Hundred Thousand
Pesos (500,000) but not more than Four
Million Pesos (4,000,000) shall be imposed on persons who, due to negligence,
provided access to personal information without being authorized under this Act
or any existing law.
What I understand on this
provision is that, say, I, an ordinary netizen, negligently accessed a personal
information. Does this mean, any person? Like you and I? who, due to
negligence, provided access to personal information? How will that happen?
Educate me. Like when I tinker on my computer
and upon doing such, I get an access code without really knowing and
understanding it, and suddenly, wallahh! There appears the personal or
sensitive information of another. I think this must be cleared- the language of
the law is ”ACCESSING personal
information” and “PROVIDED
information xxx,”
which must be negligently
done. There is no clear comportment as to how negligence is to be made so as to
be held liable under this provision. Negligence must be accompanied by the
intention and the surrounding circumstances that go about the so-called
negligence. It does not come straight and alone, more often, it is not what we
judge it is.
Have I understood
PRIVACY the way this law would want me to?
What does PRIVACY mean? – a state
of being apart from the company or observation of others; freedom from undesirable intrusions; esp.
avoidance of publicity.
Article
III BILL OF RIGHTS 1987 CONSTITUTION
Sec.3 (1) The
privacy of communication and correspondence shall be inviolable xxx.
(2) xxx
Based on the
penalties imposed and the functions of the National Privacy Commission, what I
understand is that my right to privacy of any information sub-qualified into personal
and sensitive information is as valuable as my own life that it is safeguarded
like a precious gem.
Like any law, there are pros and cons
for its enactment. There are advantages and disadvantages of Republic Act
10173, and as quoted from other sources, are as follows:
“The Advantages of this Act is that it aims to
protect the individuals in personal information. the effects of this
in our country’s e-Commerce security infrastructure, especially on the
e-entrepreneurs. It helps the entrepreneurs in terms of their privacy
when talking about the their business. On the other hand, R.A no. 10173
helps to prevent the theft of intellectual property and the privacy of
each individuals.
The
disadvantages of this act is that it minimizes the Information and
Communications System generating, sending, receiving, storing or otherwise
processing electronic data messages or electronic documents and includes the
computer system or other similar device by or which data is recorded, transmitted
or stored and any procedure related to the recording, transmission or storage
of electronic data, electronic message, or electronic document.”[1]
“Benedict Hernandez, Director of the
Business Processing Association of the Philippines (BPAP) and President of the
Contact Center Association of the Philippines (CCAP), said the local BPO sector
must and will abide by the new law’s provisions. It is also predicted to
attract more investors as it is set to reinforce protection of private data.
In an interview, Hernandez also highlighted several
uses and benefits of the law to the outsourcing industry and other sectors as
well. He added that private information should be handled with outmost
confidentiality.
Moreover, he said having reinforced data privacy
processes will help pave the way for better business practices in companies and
more opportunities in attracting potential investors. He reiterated that BPAP
will strive to work with the government in implementing and establishing the
provisions of the Data Privacy Law.”
“While the disadvantage of RA 10173 poses an equally if not more than
alarming penalties not only for the long-time netizens but moreso for those who
are newbies in using the internet or any kind of information technology media.
Ordinary Filipinos, especially those who are computer illiterate, those with no
access to, or seldom use the computer or any device that have the capabilities
to store and transfer sensitive personal information may be prosecuted in
courts of the Philippines due to improper handling of information or negligence.
“What alarms me the most are the penalty clauses stating that anyone
can be penalized by imprisonment and will be fined in gargantuan proportions
for accessing personal information of another individual or entity. Even if
she/he did not mean to”.
With all these presented - my preference for the old route, my need for what new techs offer just to be able to dance well with the fast paced life we have right now, it can be well said that this Republic Act 10173 is a balancer of the inevitable and its remedy.
[2]
No comments:
Post a Comment