We celebrated Data Privacy Day in January 28, 2020! And some sectors are now proposing for an amendment of the special law which we call nowadays as the “Data Privacy Act”. In 2012 the law was passed thru the efforts of the late Senator Angara and the IRR was published in 2016 and the newly formed commission started its campaign in 2017 and fast forward we are now in 2020.
Some of the suggestions based on the proposal of the good Congressman of Tarlac are stiffer penalties including administrative fines not exceeding to 5M PhP, additional classification of personal information and sensitive personal information on the different sector that is deemed sensitive on that sector, organizational structure of the commission, introduction of personal data on minors, some additional clause on offense by a public officer and the commission can launch conferences in the advancement of the general public etc…
There are good points and not so good points but my suggestion is to let the law breathe first. The implementation of RA10173 is barely two years old and let the commission flex its muscle before amending the law. Laws should be universal and the incidentals can be done on circulars that has been done in the past.
Personally, I think the most pressing matter is the development of the ecosystem, compliance and registration of the 2M companies (NPC has 35k companies registered to date only) and the education of the current pool of Data Privacy Officers and making the country as a center of excellence on Data Privacy and Protection in the region.
We need to understand that RA10173 is a special law on data that targets personal information and classifying personal data as asset both on civil law and commercial law.
CIVIL LAW because of the 8 rights of our citizen – Right to INFORMED, OBJECT, ACCESS, CORRECT / RECTIFY, BLOCK / REMOVE, DATA PORTABILITY, COMPLAINT and IMDENIFIED.
Commercial Law because we need to understand the basics and DATA is considered as an ASSET and personal information or customer information may it be intangible is one of the most important asset nowadays as the business model of each enterprise changes our classification of asset also changes.
Corporation / Juridical Entities must understand that their organization is dependent on the productivity of four assets:
- People
- Information / Data
- Technology
- Facilities
As I mentioned, as we creatively change our business model canvass our strategy changes and our data becomes bigger and bigger. We have to relate personal information to be an asset because as we collect more the data becomes more valuable and as we collect less it becomes smaller in value.
And in order to be resilient in this day we need to realize two things in corporate we need to sustain our asset and protect it
We have discussed earlier that this law is due to the change in times and due to the actions being done creatively by companies in this age. We need to understand that this is a special law and it be anchored on the bill or rights in article 3 section 2 which is was also patterned on the fourth amendment on the US constitution.
Below are a series of events on Privacy Law including the Philippine implementation.
Privacy has been in there for so long and Justice Brandeis in 1928 case mentioned:
“The right to be let alone is the most comprehensive of rights and the right most valued by civilized men”
*We can discuss the 1928 case but it will take a day of discussion…
As I mentioned law must be universal and implementation must be inputted inside the implementing rules and regulation or either as circulars and consultation can be done on giving advisories.