InfoSec Philippines

Information Security, Technology News and Opinions

The Philippine Data Privacy Act

Posted by Jaime Raphael Licauco, CISSP, GSEC on August 10, 2009

The Philippine Data Privacy Act is apparently stuck in Congress. They adjourned on June 5 and started again on July 27.

In the same vein that the country currently has no Anti-Cybercrime legislation, the Philippines has no specific Data Privacy Act. One of the best sources of information regarding the current state of legislation is Mr. Philip Varilla’s presentation on “Privacy Framework in the Philippines“, which if one Googles for “Philippine Privacy Law”, can be found in the website of the Office of the Privacy Commissioner for Personal Data… of Hong Kong.

The presentation states that privacy is a basic right bestowed by the Constitution’s Bill of Rights Section 2, “The right of the people to be secure in their persons, houses, papers,”; and Section 3, “The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise as prescribed by law….”

It also states that the following Philippine laws are relevant:
– REPUBLIC ACT (RA) 8505 (An Act providing Assistance and Protection for Rape Victims…) SECTION 5. Protective measures.
– RA 8369 (An Act Establishing Family Courts, granting them Exclusive Original Jurisdiction over Child and Family Cases…) SECTION 12. Privacy and Confidentiality of Proceedings.
– Law on Secrecy of Bank Deposits Republic Act No.1405, as amended
– E-COMMERCE ACT (ECA) RA 8792

If one wants to understand the current state of data privacy in the Philippines, I suggest downloading the above presentation. Reading it made me wonder why the Philippines doesn’t seem to have HIPAA like legislation specific to HMO’s making them liable in case they do not protect your medical information.

The Philippines, being a member of APEC, will be aligning its Data Privacy legislation with the APEC Framework.
The APEC Framework can be downloaded here.

Other Related Links:
(Inquirer.net Feb 2009) RP joins APEC data privacy initiatives
The Electronic Commerce Act and its Implementing Rules and Regulations (40 page pdf)
(Out-law.com) Why the APEC Privacy Framework is unlikely to protect privacy [published Oct 2007]
Philippines Convenes Seminar to Explore New Privacy Legislation
(Inquirer.net Oct 2008)Senate must pass IP, data privacy laws
(Global Sky.com) Outsourcing in the Philippines: Is your privacy protected?
ARC Frequently Asked Questions
(Chan Robles) E-Commerce Act of 2000
(Scribed) Republic Act 8792
(GMA News Blog) Janette Toral’s Blog
(Digital Filipino) Salient Features of RA8792, The E-Commerce Law
(Wikipedia) Information privacy law
(Wikipedia) US Health Insurance Portability and Accountability Act
(Wikipedia) EU Data Protection Directive

One Response to “The Philippine Data Privacy Act”

  1. Francis said

    hey jim, nice site. been working on privacy and privacy issues/technologies/frameworks/laws/etc for 2 yrs now for a Fortune 50 company and performed privacy audits for a Fortune 25 company. I developed the privacy program handbook and been very involved in industry/state/federal/international privacy laws. let me know if you need some guidance in this area.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: