What is Data Privacy Act: A Briefer
Data is an asset that businesses collect, analyze, and store daily. However, the growing reliance on technology and continuous information collection has led to data breaches and privacy risks.
As such, businesses established privacy regulations to safeguard the fundamental human right to private communication while preserving the free flow of information required to foster innovation and progress.
Republic Act No. 10173, or The Data Privacy Act of 2012, is a law that provides guidelines for data protection in the Philippines. The law’s preamble emphasizes protecting individual privacy while fostering social and economic progress. Businesses must abide by the Act’s rules to preserve the privacy rights of consumers and employees.
Here is the definitive guide on the Data Privacy Act of 2012, presented in an easy-to-understand infographic format.
Key Provisions and Principles
Data Privacy Principles
-
Transparency
The Data Privacy Act requires that businesses be open and honest about gathering, using, and disclosing personal data. People must consent before companies collect, use, or share their personal data. Moreover, companies must give them a choice to view, update, or remove their information.
By ensuring that they are aware of how firms utilize their data, this principle strives to offer people control over their information.
-
Legitimate purpose
Companies can only process personal data for valid reasons. They must carry out the procedure for specific, legitimate goals, without going above and beyond what is required.
Businesses must collect and process accurate, current, and pertinent personal data. This principle ensures that companies are not misusing or abusing the personal data they collect. Gathering information is necessary for running a business, but doing so equitably and transparently is important. (Section 11, (b))
-
Proportionality
Personal data collected must be relevant, necessary, and must not be excessive in relation to the purpose for which it was collected. Businesses should ensure this data is correct and kept up-to-date.
This Act prevents companies from collecting excessive or unnecessary personal data that can infringe on people’s right to privacy. Adhering to this idea lowers the risk of data breaches and illegal access and ensures they handle personal data morally, ethically, and openly.
-
Security
Businesses must implement security measures to guarantee the confidentiality, accuracy, and accessibility of the personal data they collect, handle, and store. Protect personal data through organizational, technical, and physical measures to prevent theft and loss of information that could lead to identity theft or fraud.
The best thing you can do to protect your client’s data is to put in place the proper security measures based on the kind and amount of personal data you are handling and the potential repercussions of a breach.
-
Openness
Data controllers must ensure that the people whose personal data they collect can easily access and understand their privacy policies. It could mean posting guidelines where people can quickly find them, like an online privacy notice or statement.
Why is Data Privacy Important?
After defining the Data Privacy Act, it’s crucial to know its importance.
Data privacy is important because it ensures that individuals control their personal data and how companies use it. It helps to protect them from identity theft, fraud, and other forms of cybercrime.
-
Protects individuals’ fundamental rights to privacy
The Data Privacy Act is a law that sets guidelines for collecting, using, processing, and storing personal data to safeguard people’s fundamental rights to privacy. It requires businesses to get people’s consent before collecting personal data.
-
Holds companies accountable
The Data Privacy Act ensures that businesses are held accountable for protecting individuals’ data privacy. Companies must emphasize data privacy in their operations by the prospect of fines, legal action, and reputational damage for those that do not abide by these requirements. (Section 25)
-
Prevents crimes on privacy breaches
The Act is a legal framework that allows those who have experienced privacy infractions to seek compensation from companies. As a result, companies are more careful with collecting and using personal data, decreasing the possibility of such crimes.
-
Ensures privacy and free flow of information
The law permits unlimited information sharing while protecting individual privacy. Doing this strikes a balance between protecting people’s privacy and enabling corporations to use data legitimately. (Section 2)
-
Promotes innovation and growth
The law promotes innovation and growth by providing a clear legal framework for using and processing personal data. Protecting privacy rights while allowing businesses to acquire and use personal data generates consumer confidence and trust, encouraging more innovation and growth potential.
Pillars of Company Compliance
Companies must follow data privacy rules to protect customers’ personal data and avoid legal and financial issues. Here are some of the tools and strategies businesses use to comply with data privacy laws:
-
Appoint a Data Privacy Officer
Companies can appoint a Data Privacy Officer (DPO) to manage their data privacy policies to ensure compliance with the Data Privacy Act. The DPO will also address data breaches, conduct privacy impact analyses, and adopt data protection policies and procedures.
-
Conduct a Privacy Impact Assessment (PIA)
A PIA evaluates data processing operations’ potential risks and impacts on people’s privacy. It makes it possible for organizations to understand and take action to address privacy issues—and put preventative measures into place so they never happen.
-
Create a privacy management program (PMP)
To ensure compliance with the law, companies can implement a PMP. It will detail the company’s policies and practices to ensure they abide by the industry’s best practices and standards for protecting personal data.
-
Implement data privacy governance to carry out identified security measures
Data privacy governance encompasses creating policies, processes, and procedures for data protection. It also includes allocating roles and duties and implementing security steps. Businesses must frequently evaluate and audit their data privacy laws to ensure they have the right policies.
-
Prepare data breach protocols
Businesses can comply with data privacy rules by implementing data breach policies, which outline methods for locating, addressing, and reporting data breaches. It mitigates the effects of a leak and shows how committed a corporation is to protecting consumer information.
-
Register Data-Processing Systems
By registering data-processing systems, businesses can have reinforced data security compliance. This compliance requirement acts as a monitoring function, especially when it comes to processing personal data.
What Happens to Violators of the Data Privacy Act
The Data Privacy Act is a legal framework that imposes penalties on companies that violate the privacy of individuals. The consequences for violating this law are appropriate because they align with the offense’s severity. In this context, it is essential to understand the results that violators of the Data Privacy Act may face.
Anybody found violating the Philippine Data Privacy Act is liable to penalties under Chapter VIII. These penalties may include a maximum prison term of 6 years and/or a maximum fine of P500,000.
Additional infractions include the failure to put security measures in place and the illegal handling of sensitive personal information and personal data. The fines and penalties act as a deterrence to stop data breaches and protect people’s privacy rights.
Protecting Personal Data
The Data Privacy Act of 2012 protects personal data in the Philippines. The right to secure sensitive data is protected by the right to take security precautions. Meanwhile, businesses are responsible for any improper handling of such data.
If you are looking for a data-driven solution to help you recruit customers while preserving privacy principles, Inquiro is here for you. Contact us today and learn about our solutions.
FAQs
1. What personal data is protected by the Data Privacy Act?
The Data Privacy Act of the Philippines protects all types of personal data, including name, address, date of birth, government-issued identification, contact information, financial information, and other sensitive data. The law covers information, material form or not, if it may be fairly and immediately ascertained by the entity holding it.
2. What are the three principles of data privacy?
The three cornerstones of data privacy are lawfulness, fairness, and transparency.
Your company should always collect and use personal data lawfully, transparently, and with the individual’s consent. To guarantee that people can easily understand how their data is being used, organizations must employ clear and accessible communication.
3. Is violation of the Data Privacy Act a criminal case?
The Data Privacy Act of 2012 in the Philippines states that violation of data privacy can be illegal. The provisions of the legislation are punishable by fines and imprisonment. Each infraction carries a maximum punishment and jail term of P5,000,000, ranging from six months to seven years.
4. What happens when the right to privacy is violated?
The Data Privacy Act of the Philippines imposes prison terms of one to three years and fines ranging from P500,000 to P2,000,000 on individuals who knowingly and unlawfully access or compromise data systems that store sensitive or private information.
5. What personal data is private?
In the Philippines, all personal data used to identify a person is considered private. It includes one’s name, address, phone number, email address, government-issued identification numbers, financial data, and biometric data,
The Data Privacy Act of the Philippines protects sensitive personal data, including facts about a person’s health, race, religion, sexual orientation, and political affiliations.
