DATA PRIVACY ACT OF 2012: THE LAW TO BOOST BPO AND INFORMATION TECHNOLOGY-RELATED BUSINESSES IN THE PHILIPPINES

Introduction and Overview

Data Privacy Act is one of the newest Bills being passed by the Congress and the Senate to respond the need for protection of everyone’s right in terms of privacy and communication. More often than not, today hacking and malware is a trend, but in our country where BPO has an active participation in economy, it cannot be promoted, nor encouraged. There must be certain right rules and regulations which are essential to suppress these mishaps. Consequently, the framers of this Act believe that ICT related bills will strengthen the country's position as a prime destination for IT investments, noting that the country has experienced an exodus of skilled workers and professionals in the field due to a lack of lucrative careers in the country.

Section 2, Chapter 1 of the said Act defines the Declaration of Policy, whereby it provides that:

           “It is the policy of the State to protect the fundamental human right of privacy communication. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.”

 Therefore, it is essential to pass measures that are timely which and those which adhere to international standards, at the same time, keeping up with the rapid changes in ICT sector. The bill further seeks to establish fair practices and regulation relating to the collection, use and protection of an individual's private information and communications system; to contribute to the promotion and development of electronic commerce in the Philippines and to enhance the competitiveness of the Philippines in the international economy as a hub for business process outsourcing; and to protect the consumers and promote its trust and user confidence in electronic commerce through the issuance of clear, transparent, predictable and enforceable rules to clarify and ensure the protection of personal data information and communications systems.

The Mission of The National Privacy Commission 

The National Privacy Commission is created by virtue of this Act to ensure that data manipulation is taken care of, particularly in both private and public sector. It is sanctioned to administer and implement the provisions of the Act, and to monitor and ensure the compliance of the country with international standards set for data protection, there is hereby created an independent body to be known as the National Privacy Commission to act as a collegial body. For this purpose, the Commission may be given access to personal information subject of any complaint to collect the information necessary to perform its functions under the Act.

What are the Rights of the Data Subject?

The data subject is entitled to the following:

1. be informed whether personal information pertaining to him or her shall be, are being or have been processed;

2. be furnished of the information indicated into the processing system of the personal information controller;

3. access to the contents and sources from which personal information were processed;

4. dispute the inaccuracy or error in the personal information and have the personal information controller correct it immediately;

5. suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controllers filing system upon discovery and substantial proof;

6. be indemnified of damages sustained due to incorrect and unauthorized use.

Is the Act beneficial to everyone?

Yes. Taking into account that the Philippines’ IT-BPO industry which is has a big role as a generator of both direct and indirect jobs is evolving rapidly with the result that an increasing amount of the work undertaken in the Philippines involves non-voice, complex services in a wide range of functional areas and industry verticals. Much of this work involves confidential personal and company information, and client firms of our IT-BPOs want to know that the Philippines provides international standards of protection to safeguard their information. In fact, there are many service buyers who are looking forward to outsource healthcare information management related jobs to the offshore which has direct access to the key information and details of any customer. Implementation of the Data privacy act will make such clients to be more confident to disclose the personal details.

Likewise, the act will increase confidence among international investors and companies that outsource business processes to the Philippines, adding the Data Privacy Act brings the Philippines to international standards of privacy protection. The same are based on standards set by the European Parliament and is aligned with the Asia Pacific Economic Cooperation (APEC) Information Privacy Framework, is intended to protect the integrity and confidentiality of personal data.

Conclusion

Indeed, this Act seems to bring in a new era bringing a very important role in the present Philippine economy-- the BPO industry. The heavy penalty as provided under Sections 22 to 34 of the Data Privacy Act gives justice to the purpose of the framers of the law, which is to protect and ensure implementation of the Act. This is the long overdue answer to the need of BPO and IT industry. #