Data privacy bill hurdles second reading

The country’s booming BPO sector has something to look forward to this year as the House of Representatives passed last week on second reading the proposed Data Privacy Act, which seeks to govern and establish fair practices in the collection and use of personal details stashed in the computer systems of the private sector and the government.

The outsourcing sector is the one of the primary backers of the proposed law since a huge number of confidential data is processed in the country from other countries, particularly the US.


The House action came shortly after the committee on information and communications technology, along with the committee on government reorganization, endorsed the bill authored chiefly by representatives Roman Romulo of Pasig City and Susan Yap of Tarlac.

Romulo, who also serves as House deputy majority leader, said the measure:

• Covers all entities and individuals involved in the gathering and processing of all types of personal information;
• Sets rigorous standards for and controls on the lawful culling, processing and retrieval of personal information;
• Defines the rights of data subjects, or the individuals whose personal information are being compiled; and
• Mandates the Commission on Information and Communications Technology (CICT) as administrator of all electronic data privacy controls.
• The measure would prevent the misuse of personal facts in computer systems, including identity theft; reinforce consumer confidence in electronic commerce; and build up the country’s business process outsourcing (BPO) activities that handle a great deal of personal information, according to Romulo.

“The bill is quite strong. For instance, if you are a credit card issuer, you are expected to adopt adequate organizational, physical and technical measures to protect your electronic files,” Romulo said.

“In the event of unauthorized access to the files of your cardholders, you have to alert the CICT right away. Failure to issue a breach notification is enough to make you liable to pay a fine of up to P5 million per violation, to be imposed by the CICT,” he said.

“The punitive fine is without prejudice to possible criminal charges, once the Department of Justice ascertains that the failure (to issue a breach notification) was intentional,” Romulo added.

• The bill sets the following criteria for the lawful processing of personal information:

• The data subject has given his or her clear consent, which must be in writing or through other similar means of express consent, depending on the circumstances;
• The processing is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract;
• The processing is required to protect the data subject’s vital interests, including life and health; or
• The processing is needed in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority.

The other week, stakeholders of the local IT industry also gathered to push the cybercrime bill, which is also currently pending in Congress.


Angara during the cybercrime forum in Makati City.
Sen. Edgardo J. Angara, who was one of the guests during the 2nd International Conference on Cybercrime, said the cybercrime prevention bill which he filed in the upper chamber would empower authorities against offenses and violations made online.

Senate Bill No. 52 seeks to deter cybercrime by imposing prison time and heavy fines of at least P200,000.

The proposed law also seeks wide international cooperation to investigate and prosecute cybercrimes. Jurisdiction is one of the most critical aspects of cybercrimes, requiring collaboration within a government and among governments.

“Cybercrime is a silent epidemic that we cannot sufficiently address through existing law enforcement tools,” warned Angara.

“We need more dynamic solutions to address the rapidly changing cybercrime industry and ensure that ICT is maximized for the benefit of society more than anything else,” he said.