The rapid development in information technology has paved the way for an easy access of people on almost anything there is to know in the world. Through the use of internet, people are able to communicate with their relatives and friends anywhere in the globe and the use of information technology provides speedy access and transfer of information regardless of the nature of information. And to keep up with the recent developments in technology, a Bill is currently being proposed that adapts to the developments in information technology and reconciles the same to the people's right to privacy and confidentiality.
The proposed Act is based on European Council No. 45/2001 which provides for a framework on the protection of individuals with regard to the processing of personal data by institutions and on the free flow of such data. The provisions set up a high standard of protection and safeguard to information that are classified as personal and thus confidential. This also called for the establishment of an authority which is tasked to uphold the standard of protection and monitor its security.
The sponsor of the Data Protection Act, Senator Edgardo Angara, confirmed reference of the Act to the European Council No. 45/2001 policy which is similarly protects and ensures proper handling and management of personal information. The Act provides its application to all entities whether private or public who are involved in the business of processing all types of information. It is with the goal to make Philippines at par with the data privacy law globally. By strengthening the foundation of data privacy in the country, we open the country's doors to IT investments particularly the Business Process Outsourcing.
The features of the Bill include the establishment of the National Privacy Commission, specification of the lawful processing of personal information and extent of accountability of controller and its subcontractor, and the penalties that are imposed in case of breach thereof. It also provides for the rights of the data subject as well as the level of security required in handling personal information.
The National Privacy Commission is tasked to enforce the provisions provided in the Act, and monitor compliance of the entities covered. This is a dedicated commission that is authorized to receive complaints, institute investigation, and settle disputes. they are given the power to issue cease and desist orders in relation to processing of personal information.
The Act further provides for the General Data Privacy Principle which indicates circumstances where information may be disclosed to the public in adherence to the principles of transparency, legitimate purpose, and proportionality. In relation to this, the extent of accountability of the information controller is to comply with the set guidelines of the Act and adhere to its security standards. It is also in the mind of the framers of the Act that outsourcing is an emerging industry in the market and thus provided for the applicability to subcontractors. the Act still counts on the controller the responsibility for the enforcement of proper safeguards to maintain confidentiality of the personal information.
The Act gives the burden to the custodian of the personal information to secure and only use such information within the sphere of its authorized purpose. The Act could potentially mitigate the cases of unauthorized disclosure and use of personal information such as identification, medical condition and history, sexual activities of a person, etc. The Act extends the accountability to the source of these kinds of information. With the existing legislation, only the media or the one who exposes the information is held liable. The Act serves as another control point to ensure that the very source of personal information, the controller, is faced with the burden of potentially bring liable in case of mismanagement of the information under their custody.
The proposed law on Data Privacy as well as the recent passage of IT related law such as Cyber Crime Protection Bill is a proof that our legislative branch of government is dedicated to enact laws that will adopt to the changing times and developments in information technology. It is noteworthy to cite Senator Angara's comment that the government needs to enforce policies that balances the right of the person to privacy and the swift access of information by anyone thru the use of internet. The Act is seen to open more opportunities for the Business Processing Outsourcing and information technology driven industries as the foreign players are assured of the government's dedication in strengthening the foundation and protection of data privacy and integrity.
Sources: Senate passes proposed data privacy act, Marvin Sy.The Philippine Star. 21 March 2012 European Parliament and Council Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
Walang komento:
Mag-post ng isang Komento