R.A. 10173 or the "Data Privacy Act of 2012" The National Privacy Commission (ec. 7! - the implementing agency of the Data Privacy Act which is granted, inter alia, quasi-judicial functions in connection with violations of this Act. Likewise, the ommission has an e!press grant of power to issue cease and desist orders, and impose a temporary or permanent "an on the procession of information, upon a finding of detriment to national security and pu"lic interest. Classifications of nformation #n$er the Act (ec. 3! #. Personal $nformation - personal information in general% - refers to any information recorded in a material form or not, from which the identity of an individual is apparent or can "e reasona"ly and directly ascertained "y the entity holding the information. - or when put together with other information would drectly and certainly identify an individual.
&. 'ensitive Personal $nformation - are personal information( )#* )#* A"ou A"outt an indi indivi vidua dual+ l+ss race race,, ethni ethnicc orig origin in,, marit marital al stat status us,, age, age, colo color, r, and and reli religi giou ous, s, philosophical or political affiliations% )&* )&* A"ou A"outt an indiv individ idua ual+ l+ss heal health th,, educ educat atio ion, n, gene geneti ticc or se!u se!ual al life life of a pers person on,, or to any proceeding for any offense committed or alleged to have "een committed "y such person, the disposal of such proceedings, or the sentence of any court in such proceedings% )* $ssued "y government government agencies peculiar peculiar to an individual which includes, includes, "ut not limited to, soci social al secu securi rity ty num" num"er ers, s, previ previou ouss or cm-re cm-rent nt heal health th reco record rds, s, lice licens nses es or its its deni denial als, s, suspension or revocation, and ta! returns% and )* 'pecifically esta"lished "y an e!ecutive order or an act of ongress to "e kept classified. . Priveleged ommunication - refers to those as provided "y the ules of ourt and other pertinent laws. %&traterritorial A''lication A''lication (ec. ! /his Act applies to an act done or practice engaged in and outside of the Philippines "y an entity in the following conditions(
)a* /he act, practice or processing relates to personal information a"out a Philippine citi0en or a resident% )"* /he entity has a link with the Philippines, and the entity is processing personal information in the Philippines or even if the processing is outside the Philippines as long as it is a"out Philippine citi0ens or residents such as, "ut not limited to, the following( )#* A contract is entered in the Philippines% )&* A juridical entity unincorporated in the Philippines "ut has central management and control in the country% and )* An entity that has a "ranch, agency, office or su"sidiary in the Philippines and the parent or affiliate of the Philippine entity has access to personal information% )c* /he entity has other links in the Philippines such as, "ut not limited to( )#* /he entity carries on "usiness in the Philippines% and )&* /he personal information was collected or held "y an entity in the Philippines. nformation not covere$ )y the Act (ec. *! )a* $nformation a"out any individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual . )"* $nformation a"out an individual who is or was performing service under contract for a government institution that relates to the services performed, including the terms of the contract, and the name of the individual given in the course of the performance of those services% )c* $nformation relating to any discretionary "enefit of a financial nature such as the granting of a license or permit given "y the government to an individual, including the name of the
individual and the e!act nature of the "enefit% )d* Personal information processed for journalistic, artistic, literary or research purposes% )e* $nformation necessary in order to carry out the functions of pu"lic authority which includes the processing of personal data for the performance "y the independent, central monetary authority and law enforcement and regulatory agencies of their constitutionally and statutorily mandated functions. )f* $nformation necessary for "anks and other financial institutions under the jurisdiction of the 1angko 'entral ng Pilipinas )1'P* to comply with A 23#4, and A 2#54, as amended, otherwise known as the Anti-6oney Laundering Act and other applica"le laws% and )g* Personal information originally collected from residents of foreign jurisdictions in accordance with the laws of those foreign jurisdictions, including any applica"le data privacy laws, which is "eing processed in the Philippines. 78othing in this act shall "e construed as to have ammended or repealed the following( )#* A 3 - which affords protection to 9ournalists and their 'ources - 'ec. 3% )&* A #43 - /he 'ecrecy of 1ank Deposits Act% )* A 5&5 - /he :oreign urrenc y Deposits Act% )* A 23#4 redit $nformation 'ystem Act ; 'ec.)e* +a,f#l Processin- of Personal nformation (ec. 12! Processing of personal information )in general* are permitted only when not prohi"ited "y law, and when at least one of the following conditions e!ist( #. onsent of the Data 'u"ject% &.
protection of the sensitive personal information and the privileged information: Provided, further, That the consent of the data subjects are not required by law or regulation permitting the processing .
instrumentalities shall be secured. /he head of each government agency or instrumentality shall "e responsi"le for complying with the security requirements mentioned herein while the ommission shall monitor the compliance and may recommend the necessary action in order to satisfy the minimum standards. >n-site and >nline Access - ?mployees shall not "e given access to sensitive personal information on government property, or through online facilities, until they receive a security clearance from the head of the source agency. >ff-site Access ; 'ensitive personal information may not "e transported or accessed from a location off government property, until a request for such transportation or access is su"mitted and approved "y the head of the agency. Access "y @overnment ontractors ; $n entering into any contract that may involve accessing or requiring sensitive personal information from one thousand )#,444* or more individuals, an agency shall require a contractor and its employees to register their personal information processing system with the ommission in accordance with this Act ff/site Access Re#est $n the case of any request su"mitted to the head of an agency, such head of the agency shall approve or disapprove the request within two )&* "usiness days from su"mission. $n case of inaction "y the head, the request is deemed disapproved.
Rights of the Data Subject $n @eneral( )'ee 'ec. #5* /he data su"ject has the following rights( #. ight to access to his personal information% &. ight to "e informed of the purpose of the processing of the information, method of utili0ation and period of storage of the information, persons to whom it may "e disclosed, as well as the source from which the personal information was o"tained% . ight against inaccurate, incomplete, outdated, false, unlawfully o"tained and unauthori0ed use of personal information% and . ight to "e indemnified for damages sustained due to violation of the foregoing. +imitation on the ri-hts of the $ata s#)ect cientific Research ec.1 8on-applica"ility - where the information are used only for the needs of scientific and statistical research and, on the "asis of such, no activities are carried out and no decisions are taken regarding the data su"ject. Provided, that the personal information shall "e held under strict confidentiality, and shall "e used only for the declared purpose. Penal Provisions 1. nauthori0ed Processing of Personal $nformation, and 'ensitive Personal $nformation 2. Provided Personal $nformation and 'ensitive Personal $nformation Due to 8egligence 3.