Data Privacy Act of 2011 pertains to establishing fair practices and regulate the collection or gathering and use of personal details or information stored in the computer systems of both the government and private sector. These entities are mandated to protect the integrity, security and confidentiality of such personal records. The act is telling us to be accountable for such gathering information where every data controller is responsible to comply with the proposed Act and also be accountable for the action or inaction of the data processor. Each data controller is required to designate an individual that will be responsible to ensure compliance.

As to the scope of the Act, it covers all entities and individuals involved in the gathering and processing of all types of personal information and sets stringent standards for, and controls on, the lawful manner of selecting, processing and retrieval of personal information.

All the personal information classified as confidential or considered to be information imbued with public interest maintained by the government shall be secured using the most suited standards recognized by the ICT industry and as recommended by the Commission of Information Communications Technology (CICT). With this, it will prevent the misuse of personal information in computer systems.

The proposed law provide for several rights to the individual such as right to be informed whether an individual’s data is being processed, to have access to personal data and to correct. Also, the person has the right to the data subject to suspend, block, remove or destruct personal information from the data controller’s filing system if the information is incomplete, outdated false, unlawfully obtained, used for unauthorized purposes or direct marketing. Moreover, it gives right to the data subject to be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.

Through this Act of having an environment protective of its data and information, we can be successful in data processing like that of the call centers. We can go into higher value-added IT services like engineering, finance, accounting, healthcare and the like.

According to Benedict Hernandez, BPAP president and chief executive, “the act will increase confidence among international investors and companies that outsource business processes to the Philippines because it brings the Philippines to international standards of privacy protection.” He also added that IT-BPO industry is evolving rapidly with the increasing amount of work undertaken in the country involving non-voice and complex services, in a wide range of functional areas and industry verticals. He further uttered that “complex services already account for over 30% of industry revenues, and these services are growing more rapidly than voice services. Much of this work involves confidential personal and company information, and client firms of our IT-BPOs want to know that the Philippines provides international standards of protection to safeguard their information.”

It is also worth noting of the comment of Senator Edgardo J. Angara which he said that the Data Privacy Act will not be used to stifle press freedom, following reports showing that a clause in said measure will penalize journalists and media professionals involved in breaches of confidentiality. This is in relation to the Philippine Press Institute which protested that Section 30 of the Data Privacy Act, during the bicameral review, that implies such as to extend the liability to reporters, writers, presidents, publishers, managers and editors-in-chief involved in the unauthorized publishing of sensitive personal information.

According to Senator Angara, “It was not our intention to penalize the media for doing their job of responsible reporting,” as the Chair of the Senate Committee on Science and Technology. He added that “Only those whose actions were directly behind the release of private information will be held accountable. For example, a private individual was hospitalized and that person’s medical records were made public without his consent. In this case, the hospital or the records custodian will be sanctioned, not the journalist who wrote about it.” The Data Privacy Act will not be used to gag media, and we will rectify this provision during the bicameral hearing.

The main objective of the proposed measure is to promote confidence in the country’s booming Information Technology and Business Process Outsourcing (IT-BPO) industry and its growing e-governance initiatives by mandating public and private institutions to safeguard the integrity, security and confidentiality of personal information collected throughout their operations. This act would be very beneficial to all of as, especially to the community, for it give us assurance as to the privacy of our personal facts. This would be a big step towards eliminating illegal access to private personal facts, information illegally obtained or used for unauthorized purposes. Before the introduction of this act, we were helpless for there is no remedy given to us for such unlawful acts. With the passage of Data Protection Act, it would really have a positive outcome to the community (private or government) in many and countless ways.