Philippines: Data privacy protection

Author: | Published: 24 Aug 2017
Email a friend

Please enter a maximum of 5 recipients. Use ; to separate more than one email address.

Villaraza & Angangco

Address

Philippines

Telephone

+632 988 6088

Fax

Visit Website

In this digital age, the value of data is increasing exponentially. Digital information is everywhere. It is generated, collected, analysed, stored, shared and sold for personal, business and political use. With such rapid growth, strong data protection rules must be in place to maintain privacy and prevent abuse in the disclosure of personal information. Recent events have also shown a steady surge of data breaches which further highlight the importance of data protection.

The Philippines followed suit in this global trend towards greater data privacy regulation with the enactment of the Data Privacy Act of 2012. It is broadly applicable to any natural and juridical person involved in the processing of personal information, with some exceptions. It has extraterritorial application covering those who, although not found or established in the Philippines, use equipment located in the Philippines or those who maintain an office, branch or agency in the Philippines. The law established the National Privacy Commission, which is the agency tasked to ensure compliance of the country with international standards for data protection, the procedures to be followed in the collection, processing and handling of personal information, and separate penalties for various violations.

To give more meaning to the law, the implementing rules and regulations (IRR), as well as other relevant components, were issued to impose the following obligations (among others) on relevant entities: (a) the registration at the National Privacy Commission of all personal data processing systems operating in the Philippines that involve the processing of the personal information of at least 1,000 individuals. Controllers or processors that employ fewer than 250 people are exempt from the registration requirement, subject to certain conditions; (b) the notification of security incidents and/or personal data breaches; and (c) the designation of a data protection officer, who is accountable for ensuring compliance with laws and rules relating to privacy and data protection by entities covered by the law. Entities were given a period of one year from the effective date of the IRR, in other words, until September 9 2017, to register and comply with the requirements of the law.

The Data Privacy Act is the Philippines' response to the need to strengthen its privacy and security protection, as a result of the ever-growing digital economy. Although still relatively new, it is a first and crucial step towards greater protection and control over personal information.

Franchette M
Acosta
  Fritzzie Lyn F
Español

Villaraza & Angangco
11th Avenue corner 39th Street,
Bonifacio Triangle, Bonifacio Global City 1634
Metro Manila, Philippines
T: +632 988 6088
F: +632 988 6000
E: info@thefirmva.com
W: www.thefirmva.com

 


 

 

close Register today to read IFLR's global coverage

Get unlimited access to IFLR.com for 7 days*, including the latest regulatory developments in the global financial sector, updated daily.

  • Deal Analysis
  • Expert Opinion
  • Best Practice

register

*all IFLR's global coverage published in the last 3 months.

Read IFLR's global coverage whenever and wherever you want for 7 days with IFLR mobile app for iPad and iPhone

"The format of the Review has changed over the years; the high quality of its substantive content has not."
Lee C Buchheit, Cleary Gottlieb

register