Have We Become Technology Lab Rats ? A Look at RA 10173 ( The Data Privacy Act of 2012 ) By : Karen G.

Tolentino

I have to e-mail my boss and request for a paper shredder, this was the very first thing that
came to my mind when I first heard about the Data Privacy Act of 2012. I got worried that my work in HR would get me into trouble simply because my hand shredder is not designed to be as reliable as its machine counterpart I felt the weight of responsibility placed upon my shoulders as a professional. A persons application papers may not have as many pages as an autobiography but I knew it was enough to tell someones life story. mind. What if For a moment, I had to play a scene in my I dont tear the documents of applicants properly after they leave my active file

folder and these end up being pieced back together and misused. Will I be responsible for it ? Perhaps my fear is much like those of the Facebook fanatics who feared that hitting the like button would put them in jail as a violation of the Anti Cybercrime Law. Such fear that prompted most Facebook users to remove their profile pictures and replace the same with a black page , as if weeping and mourning for the death of their right to freedom of expression. To calm myself down, I went ahead and read some more. Maybe, just maybe, by understanding the law better, Id discover that as great a responsibility as it is, I am meant to be more of a defender or advocate of the right to privacy instead of being on the other side of the coin. RA 10173 or the Data Privacy Act of 2012 which was signed by President Aquino on August 15, 2012 is intended to protect individual personal information and communication systems in the government and the private sector. It is one of those laws which was seemingly given proper attention having been introduced only in 2011. The law requires both public and private institutions to comply with international data security standards while providing safeguards to protect press freedom. It stipulates under its Declaration of Policy that it is the policy of the State to protect the fundamental human right to privacy of communication while insuring free flow of information to promote innovation and growth. But why is respect for privacy such a sensitive issue to begin with ? Is this goal even achievable ? According to Wikipedia, privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. Wikipedia lists down various reasons individuals may object to the seeking of personal information affecting sexual orientation, political affiliations, or personal activities. These reasons include discrimination, personal embarrassment, or damage to religion, avoidance of

professional reputations. To some,

protection of ones private information means protecting themselves from the harsh realities of todays world, from virtual prying eyes, from the unknown enemy distanced by land or sea but kept close by the click of the mouse, from institutions designed to make life easier and transactions faster but end up doing more than what is required of them, by making profit out of the information provided to them in confidence for instance. Considering the rapid growth of technology and just how easily the majority of the worlds population is able to keep up with the

changes, is there any surefire program that can for once make us feel safe and secure ? Or is it automatic that by living in this generation and time, we have unconsciously consented to become technologys lab rats ?This tug of war between proper use and abuse of information is what the law on Data Privacy aims to address. Though encompassing and wide in scope, I believe the Data Privacy Act of 2012 is one of the bold moves of our government to protect investments in the country particularly that which currently serves as the bread and butter of most of our citizens, the BPO industry . As published in the website of the British Philippine Outsourcing Council, the offshore call center industry started in the Philippines in 1999 when cyber city set up a facility for outsourcing in Clark, Pampanga. The research results posted on the website further provides proof of just how large the industry has become citing results from the SGV Audit BPO Industry Edition where revenues are projected to have reached $12.2 billion in 2010. With the Philippines believed by many to be the home of language sponges who only require a month or two to assimilate a foreign accent coupled with the industriousness of the Filipinos and the cheaper salary compared to other countries, business process outsourcing in the country shoot up like mushrooms. If investors require proof that the Philippines can secure confidential information required by industries in their operations , then our government is committed to doing just that. In my personal point of view, this paved the way for the contemplation of some of the provisions of RA 10173. Section 4 of RA 10173 stipulates that the Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors, who, although not found or established in the Philippines, use equipment that are located in the Philippines , or those who maintain an office, branch or agency in the Philippines. The intention of the law is very noble and given proper implementation, I dont see why it should not work , especially with the creation of the National Privacy Commission which will administer and implement the provisions of the Act as well as monitor our countrys compliance with International Standards set for data protection as stipulated in Sec. 4 of the law The general rule is not without exceptions though. These exceptions include personal information processed for journalistic, artistic and literary purposes; personal information originally collected from residents of foreign jurisdictions in accordance with the laws of those foreign jurisdictions; information necessary for banks and financial institutions under the jurisdiction of the independent central monetary authority or BSP to comply with the Anti- Money Laundering Act; information necessary to carry out the functions of public authority and information about any individual who is or was an officer or employee of a government institution that relates to the position or function of the individual. The exclusion of journalists may prove to be a double edged sword. The role of journalists in the Philippines is very crucial. We love hearing the news and at times even, when we feel that the units of government who are supposed to assist us are just plain and simple incompetent or perhaps unworthy of trust , we run to the media. The media seemingly has the power to turn things around, to make mere news of the day into a trending topic worldwide. While it is proper for

the law to protect journalists and their sources by not compelling them to reveal the source of a report which strengthens freedom of speech and expression, these privileges given to the media are also subject to abuse. Nowadays, there is barely an item in the news which is not sensationalized. If journalists cannot be compelled to reveal their sources and if in a sense, they consider and encourage everyone to be vigilant and be patrollers ng bayan so to speak, where will people who fall victims to these irresponsible broadcasting seek relief after the world has judged them. There is a saying that goes, there are things one will never be able to undo, and one of them is the stone after the throw . It appears to me that since media seem to be all knowing and people believe them to be credible, the likes of the lady in the amalayer incident and similar incidents are left with no choice but to shield themselves from public ridicule, just because people were able to access information in excess of what was necessary. Juan dela Cruz faced with a new law to follow may wonder whats in it for him and ultimately weigh if the benefits of the law outweighs the rights that must be limited or regulated. In an article dated August 30, 2012 posted by Tempo newspaper online, the Business Process Outsourcing Industry is said to have hailed the passage of the bill as it will bring the Philippines to international standard of privacy protection as much as work in said industry is said to involve confidential company information of local and foreign clients. If this law ends up beneficial to Juans source of livelihood, it will end up to be more beneficial to him. Chapter IV which covers Section 16 of the law lists the rights of the data subject. Among these are to be informed whether personal information has been processed, to be furnished with such information before entry into the processing system, purpose and scope of the information processing, recipients to whom they may be disclosed as well as methods utilized for automated access, contact details of controller, period of storage and the existence of access and correction rights. The aim of the Data Privacy Act of 2012 is responsible use of information. It is worthy to note that it does not prohibit the collection and processing of personal information. What the law requires as listed in Section 11 is the collection of information for legitimate purposes , its fair and lawful processing, the need for it to be adequate and not excessive, its retention for the purposes for which the data was obtained and for it to be kept in form to permit identification of data subject for no longer than is necessary for the purposes for which data were collected and processed. We have seen it in movies time and again, waking up not knowing who you are and retracing everything and later finding out that some agency has tracked you down, decided to experiment on you and decided to erase everything you know about yourself and the world. Is there a possibility of this happening in real life ? Maybe. But I know for sure that with measures such as RA 10173, we can somehow rest our minds knowing entities are compelled to protect our personal information, that we are given the right to have access to these information and that in case they fail to observe what is required of them, they can end up in jail.

The progress of a nation is shaped by many factors. Among these factors however, willingness of its citizens and its enforcement agencies to be accountable plays a major part. Whether or not RA 10173 elevates the Philippines to International Standards remains to be seen. The law is relatively new and I feel that the authorities meant to enforce it must be given enough time to implement the same. Having gained a better understanding of the Data Privacy Act of 2012, I dont need a paper shredder after all.

Sources :

http://www.gov.ph/2012/08/15/republic-act-no-10173/ http://en.wikipedia.org/wiki/Privacy http://www.tempo.com.ph/2012/08/data-privacy-act-of-2012/ http://www.bpoc.uk.com/research.html