Introduction
While it is true that the Philippines has no general data protection law, different laws embrace rules on the collection, storage and transfer of personal data or information. Absence of any general data protection law in this country does not mean that personal data may be freely transferred and stored within and outside the country. Certain requirements, limitations and restrictions may be found in various laws which regulate the flow of personal data. Some of the laws we have which control the traffic of personal data are: Republic Act No. 7277 (the “Magna Carta of Disabled Persons”), Republic Act No. 8504 (the “Philippine AIDS Prevention and Control Act”), Republic Act No. 8792 (the “Electronic Commerce Act”), and Presidential Decree No. 1718 (“PD 1718”).
Basic Information on the Senate Bill (SB) 2965 and the House Bill (HB) 1554
The Senate, on its third and final reading, approved a bill aimed at protecting digital data collected by government agencies and service providers. It passed, on Tuesday (March 20, 2012), the Data Privacy Act (Senate Bill No. 2965)also known as “An Act Protecting Individual Personal Information in Information and Communications Systems in the Government and the Private Sector, Creating for This Purpose a National Data Protection Commission, and for Other Purposes.” It features significant notice, consent and data breach notification requirements, and it imposes direct obligations on both data information controllers and/or data information processors. Once approved, a National Privacy Commission will be created. It will be authorized not only to monitor compliance but also to recommend to the Department of Justice the imposition of penalties for noncompliance, including imprisonment and fines. Despite having no provisions on restrictions on cross-border data transfer, the law will still apply to certain foreign processing of personal information about Philippine residents. In an apparent effort to protect the domestic outsourcing industry, however, the law will not apply to “personal information originally collected from residents of foreign jurisdictions in accordance with the laws of those foreign jurisdictions, including any applicable data privacy laws, which is being processed in the Philippines.”
Said Senate Bill differs from House Bill 1554 passed in 2011. There must now be a bicameral conference committee to ‘reconcile’ the versions of the two houses, and then the reconciled version will be sent to the President for signature after its passage by both Houses.
Rep. Roman T. Romulo (Lone District, Pasig City), author of House Bill 1554 also known as “Data Privacy Act,” believes its passage will enhance Philippine competitiveness in the international economy as a hub for BPO and promote consumer trust and user confidence in electronic commerce. He noted the absence of a unified and special law protecting citizens' rights to privacy and confidentiality over their personal information in both private and government information and communications system. HB 1554 seeks to establish a National Privacy Commission that will act on complaints affecting personal information and compel any entity or government agency to abide or take action on matters affecting data privacy. It likewise prohibits the processing of sensitive personal information and privileged information except when consent has been given by data subject or processing is provided by law and necessary to protect the life and health of data subject or another person.
Sen. Edgardo Angara, author of SB 2965, on the otherhand, mandates public and private entities to protect and preserve the integrity, security and confidentiality of personal data collected in its operations. It emphasizes the importance of compliying with international data security standards.
From the writings of the two bills, one clear objective of both bills is to enhance and protect the integrity, security and confidentiality of personal data collected in its operations in order to boost investment in the fast-growing IT-BPO industry.
Once signed into law, the legislation will impose a privacy regime modeled on the EU Data Protection Directive. Angara said the bill is based on the Directive 95/46/EC of the European Parliament and Council, which is said to be the most widely adopted data privacy regime. This directive prohibits companies in the European Union from outsourcing the processing of private information to countries that do not follow particular data protection standards. It is based on standards set by the European Parliament and is aligned with the Asia Pacific Economic Cooperation (APEC) Information Privacy Framework, and is intended to protect the integrity and confidentiality of personal data.
The Bill and Its Projected Effects on the IT-BPO Business in the Philippines
The Business Processing Association of the Philippines (BPAP) president and CEO Benedict Hernandez said that the act will increase confidence among international investors and companies that outsource business processes to the Philippines as it brings the Philippines to international standards of privacy protection. According to him, the Philippines’ IT-BPO industry is evolving rapidly with the result that an increasing amount of the work undertaken in the Philippines involves non-voice, complex services in a wide range of functional areas and industry verticals. Complex services already account for over 30 percent of industry revenues, and these services are growing more rapidly than voice services. He further added that since much of the work involves confidential personal and company information, and client firms of the IT-BPOs want to know that the Philippines provides international standards of protection to safeguard their information. That assurance will further enhance the competitiveness of the industry, an important requisite to sustaining growth, particularly in non-voice, complex services.
In an online article entitled “Internet Law - Data Protection Law in Philippines’ Business Process Outsourcing Industry” written by Martha L. Arias, IBLS Director, she mentioned that “Offshore Business Process Outsourcing (BPO) is a growing industry in Eastern Europe and Asia countries. Typical BPO include customer and support call centers, payroll, and medical transcripts centers. Philippines ranked second, to India, in business process outsourcing for the year 2005, by producing $1 billion revenue through BPO contracts (compared to $800 million in 2004). Philippines BPO is particularly interesting for United States ("US") business due to its strong English-speaking ability, capable workforce availability, IT infrastructure, and cultural skills to interact with US citizens and other Western cultures (including Spanish-speakers).”
The IBLS Director went further in saying that “In 2006, the Government of Philippines recognized the significance of data protection laws in their profitable and growing BPO industry and issued 'Administrative Order 8' that contains the Guidelines for the Protection of Personal Data in Information and Telecommunication System in the Private Sector ("Guideline 8"). The objectives of Guideline 8 are to encourage and provide support to private entities to adopt personal data protection policies, and provide rules for data protection certifiers in Philippines. BPO entities must comply with Guideline 8's principles and rules, including lawful access, confidentiality obligation and security.”
The Bill and Its ‘Anti-Media’ Provisions
Media organizations demonstrated protest for the enactment of the bill claiming that certain provisions may be used to impose penalties on journalists for “breaches of confidentiality” and may suppress press freedom. Said issue was already rectified. The Data Privacy Act was approved with more safeguards put in place to protect press freedom. Senator Angara, however, confirmed that there is absolutely no reason to be alarmed. He attested that “Press freedom is provided clearly in our Constitution, but so is a person’s right to privacy. What the Data Privacy Act does is simply extend the safeguards on privacy to the personal information transmitted and stored via the Internet and the other ICT.” He further clarified that the bill’s “main intention was to generate confidence in IT-BPO, e-governance and e-commerce in the country. Many other countries where these industries are flourishing have similar laws in place. In that way, this law is not unique and just puts us on a par with global standards."
Legal Bases of the Act
In an online article written by ACCRALAW lawyers Aleli Angela G Quirino and John Paul M Gaba entitled “Data Protection: Philippines,” they mentioned that there is no existing comprehensive legislation on personal data protection or information privacy. Privacy rights are generally considered to be connected with the due process clause of the Constitution. The right to privacy is closely related to constitutional guarantees granted to individuals:
* Against unreasonable searches and seizures (section 2, Article III, Constitution).
* For privacy of communications and correspondence (section 3, Article III, Constitution).
These guarantees serve as safeguards for private citizens against the state's actions, and do not limit private transactions and activities undertaken by non-state entities and individuals in relation to private persons.
There are specific statutory provisions that recognise and safeguard an individual's right to privacy providing a cause of action for damages and for other equitable relief if intrusive acts are committed by private persons. These acts include (Articles 26 and 32, Civil Code):
* Prying into the privacy of an individual's residence.
* Meddling with or disturbing the private life or family relations of an individual.
* Causing an individual to be alienated from his friends.
* Aggravating or humiliating an individual, on account of his religious beliefs, status in life, place of birth, physical defect, or other personal condition.
* Infringing an individual's right to be secure in his person, house, papers, and effects against unreasonable searches and seizures.
* Breaching an individual's privacy of communication and correspondence.
The courts have yet to interpret these privacy provisions in relation to personal data. However, the collection, processing, and use of personal information for commercial and non-commercial purposes without an individual's (data subject's) knowledge and consent can be construed as, and can give rise to, a cause of action for violation of privacy rights.
Specific provisions concerning the right to privacy over information are found in the:
* Republic Act No. 1405, as amended (Secrecy of Bank Deposits Law).
* National Internal Revenue Code 1997 in relation to the power of the Commissioner of Internal Revenue to obtain information from certain taxpayers.
* New Social Security Law in relation to information contained in membership applications.
* AIDS Prevention and Control Act of 1998.
The Writer’s Appraisal of the Data Privacy Act of 2011
The decision foreign companies to set up their business process outsourcing operations in the Philippines is a vote of trust and confidence not only in the quality of the local workforce but on the belief that we are at par with the global standards when it comes to data protection and security.
There are currently efforts to draft legislation for a general data protection law aimed for the protection of individuals with regard to the processing of personal data and on the free movement of such data (Data Protection Directive).
In our current economic situation, a job-hunter and a regular employee can only hope and be optimistic that our Government could provide enough jobs if not for everyone, at least for the majority. The members of the Senate, in unanimously approving the bill, believe that the passage of the bill into a law will attract more investors in the information technology and BPO industry in the Philippines. According to BPAP, the IT-BPO industry generated $11 billion in revenues in 2011, and directly employed approximately 640,000 people. With the bill passed into law, the Philippine IT-BPO industry can achieve projections of revenue increase from $9 billion in 2011 to $25 billion by 2016 according to Angara. He also pointed out that employment in the industry could increase from about 1 million to 4 million in the next four years.
In an online article by Daxim Lucas of Philippine Daily Inquirer dated March 11, 2012, he mentioned that the industry has the backing of the administration of President Benigno Aquino III, which hopes to see some 1.3 million Filipinos employed in BPO centers by 2016. It also hopes to double the total of the industry’s revenues to around $25 billion during the same time frame.
The important role of the IT-BPO companies should be acknowledged in generating both direct and indirect jobs which contribute to an increased revenue and employment rate in the country. Numerous data are available to support the vital role that the IT-BPO companies play to our economic growth. Indeed, this IT-BPO industry generates revenue and helps improve employment rate in the Philippines.
Senate President Juan Ponce Enrile expressed his optimism with the approval of the trio ICT bills in this period when Filipinos have experienced an exodus in skilled workers and professionals. As mentioned by Enrile: "Today, we live in an open and seemingly borderless world marked by amazing advancements in technology. It is essential to pass measures that are timely and those which adhere to international standards, at the same time, keeping up with the rapid changes in ICT sector."
The Congress and the administration have been extremely supportive of the industry and that gave way to their initiative in creating a general law on data protection. The act imposes mandatory compliance obligations on the data information controller and/or data information processor. Unlike the previous Department of Trade and Industry Guidelines which served only as regulatory measures and dealt directly with the protection of personally identifiable information but gave no penal nor administrative sanctions for beach, an inclusion of penal and/or administrative sanctions for breach in this Act shows how serious our Senate officials are in its objective to strengthen the IT-BPO industry in their hope that the said industry would contribute to an increased in investment, job-generation, and high-value services.
Online References
http://newsinfo.inquirer.net/159323/wells-fargo-says-bpo-operations-vote-of-confidence-in-philippines
No comments:
Post a Comment