In May, 2018, fastfood giant Jollibee got into hot water when it was found that its food delivery website contained vulnerabilities, which allowed unauthorized persons to gain access to customers’ personal information stored in the website’s database. The National Privacy Commission ordered the suspension of the site until the said vulnerabilities were addressed.
This incident highlighted the importance of data privacy in the Philippines, which is protected by RA 10173 or the Data Privacy Act of 2012 (DPA). The National Privacy Commission was created in 2016 to administer and implement this law.
The importance of the Data Privacy Act
With the phenomenal rise of internet use around the world, and with almost everything today found in the cloud, data protection laws have become important tools in protecting the privacy of individuals and consumers everywhere. Without these laws, personal information is vulnerable to misuse, which can not only lead to a breach of privacy but to cybercrimes like identity theft and transaction fraud, as well.
The DPA brings the Philippines up-to-date with international standards on data protection. As one of the world’s largest users of the internet, the country needs to ensure that its citizens’ fundamental right to privacy is protected and preserved.
By safeguarding the privacy rights of Filipinos, the DPA paves the way for a sustainable free flow of information where consumers feel safe to give out their personal data, and government and businesses are accountable for the responsible use of the information they collect.
Moreover, the Philippines has a fast-growing business outsourcing industry where data is transmitted and processed in large volumes every day. The DPA provides BPO clients – local and international – with the assurance that the data involved in their day-to-day operations are protected and secure.
The rights protected by the DPA
The DPA guarantees the following rights to data subjects, or owners of personal information stored in a database system:
The impact of the DPA to businesses
At its core, the DPA requires businesses that collect personal information to abide by the following:
Violations of the DPA can result in imprisonment of up to six years or a fine of up to P5 million.
To learn more about the DPA, check out the National Privacy Commission’s website. If you need help in ensuring your business is compliant, get in touch with FilePino at +1.806.553.6552 (USA) or +63.917.8922337 (Philippines).