Komisyon para sa Proteksiyon ng Personal na Impormasyon | |
Agency overview | |
---|---|
Formed | March 7, 2016 |
Jurisdiction | Government of the Philippines |
Headquarters | 5th Floor, Philippine International Convention Center, Vicente Sotto Avenue, Pasay |
Annual budget | ₱220.18 million (2022) [1] |
Agency executives |
|
Parent agency | Department of Information and Communications Technology |
Website | www |
The National Privacy Commission, or NPC, is an independent body created under Republic Act No. 10173 or the Data Privacy Act of 2012, [2] mandated to administer and implement the provisions of the Act, and to monitor and ensure compliance of the country with international standards set for data protection. [3] It is attached to the Philippines' Department of Information and Communications Technology (DICT) for purposes of policy coordination, but remains independent in the performance of its functions. [4] The Commission safeguards the fundamental human right of every individual to privacy, particularly Information privacy while ensuring the free flow of information for innovation, growth, and national development. [5]
In order to fulfill its mandate, the commission is vested with a broad range of powers, from receiving complaints and instituting investigations on matters affecting personal data protection to compelling entities to abide by its orders in matters affecting data privacy. It also represents the Philippine Government internationally on data protection related issues. The Commission formulates and implements policies relating to the protection of personal data, including the relevant circulars and advisory guidelines, to assist organisations in understanding and complying with the Data Privacy Act. The commission also reviews organizational actions in relation to data protection rules and issue decisions or directions for compliance where necessary. It is mandated to work with relevant sector regulators in exercising its functions.
Beyond regulating data protection issues, the NPC also undertakes public and sector-specific educational and outreach activities [6] to help organizations adopt good data protection practices and to help individuals to better understand how they may protect their own personal data from misuse.
The Data Privacy Act of 2012 is the first law in the Philippines which acknowledges the rights of Individuals over their Personal Data and Enforcing the responsibilities of entities who process them.
The initial definition was offered first in Republic Act 8792, Section 32 better known as the eCommerce Act of the Philippines and was formally introduced by the Department of Trade and Industry (DTI) on its Department Administrative Order #08 – Defining Guidelines for the Protection of Personal Data in Information Private Sector. Along with the Anti-Cybercrime Bill (now RA 10175), The first draft of the law started in 2001 under the Legal and Regulatory Committee of the former Information Technology and eCommerce Council (ITECC) which is the forerunner of the Commission on Information and Communication Technology (CICT). It was headed by former Secretary Virgilio "Ver" Peña and the committee was chaired by Atty. Claro Parlade. It was an initiative of the Information Security and Privacy Sub-Committee chaired by Albert Dela Cruz who was the President of PHCERT together with then Anti-Computer Crime and Fraud Division Chief, Atty. Elfren Meneses of the NBI. The administrative and operational functions was provided by the Presidential Management Staff (PMS) acting as the CICT secretariat.
With rising concerns by the Information Technology and Business Process Association of the Philippines (IBPAP) of an absence of a Data Privacy Law, Philippine Congress passed Senate Bill No. 2965 and House Bill No. 4115 on June 6, 2012. President Benigno S. Aquino III signed Republic Act No. 10173 or the Data Privacy Act of 2012 on August 15, 2012. The law was influenced by the Data Protection Directive and the APEC Privacy Framework. [7]
President Aquino appointed on March 7, 2016, Raymund Liboro as inaugural head of the commission with Damian Domingo O. Mapa and Ivy D. Patdu as inaugural deputy privacy commissioners. [8] With fixed terms of office, they continued with their roles during the administration of President Rodrigo Duterte.
After consultation with various private organizations, civil societies and a series of public hearings in Manila, Cebu and Davao, the Implementing Rules and Regulations [2] of the Data Privacy Act was signed on August 24, 2016. It took effect on September 9, 2016. [9]
In May 2016, the Commission formally investigated the Commission on Elections for the Commission on Elections data breach one of the largest security breach in government held personal data. [10] On February 21, 2017, NPC announced that the Commission on Elections was being investigated for another security breach due to alleged theft of a computer containing personal data of voters. [11]
The NPC also began coordinating with different sectors on privacy and data protection. [12] In 2016, the National Privacy Commission was accepted as a member in the International Conference of Data Protection and Privacy Commissioners and the Asia Pacific Privacy Authorities.
Commissioner | Title | Appointed |
---|---|---|
John Henry D. Naga | Commissioner | December 14, 2021 [13] |
Leandro Angelo Y. Aguirre | Deputy Commissioner | February 9, 2018 [14] |
Commissioner | Title | Term |
---|---|---|
Raymund E. Liboro | Commissioner | March 7, 2016 - December 13, 2021 [8] |
Damian Domingo O. Mapa | Deputy Commissioner | March 7, 2016 – February 9, 2018 [8] |
Ivy D. Patdu | Deputy Commissioner | March 7, 2016 – December 5, 2019 [8] |
Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data privacy or data protection.
The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Science, Innovation and Technology. It is the independent regulatory office dealing with the Data Protection Act 2018 and the General Data Protection Regulation, the Privacy and Electronic Communications Regulations 2003 across the UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern Ireland and, to a limited extent, in Scotland. When they audit an organisation they use Symbiant's audit software.
The Personal Information Protection and Electronic Documents Act is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce. The act was also intended to reassure the European Union that the Canadian privacy law was adequate to protect the personal information of European citizens. In accordance with section 29 of PIPEDA, Part I of the Act must be reviewed by Parliament every five years. The first Parliamentary review occurred in 2007.
A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.
Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person.
Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.
The Privacy Act 1988 is an Australian law dealing with privacy. Section 14 of the Act stipulates a number of privacy rights known as the Australian Privacy Principles (APPs). These principles apply to Australian Government and Australian Capital Territory agencies or private sector organizations contracted to these governments, organizations and small businesses who provide a health service, as well as to private organisations with an annual turnover exceeding AUD$3M. The principles govern when and how personal information can be collected by these entities. Information can only be collected if it is relevant to the agencies' functions. Upon this collection, that law mandates that Australians have the right to know why information about them is being acquired and who will see the information. Those in charge of storing the information have obligations to ensure such information is neither lost nor exploited. An Australian will also have the right to access the information unless this is specifically prohibited by law.
Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handing sensitive information.
The Information and Privacy Commissioner of Ontario was established as an officer of the Legislature by Ontario's Freedom of Information and Protection of Privacy Act, which came into effect on January 1, 1988. The current commissioner is Patricia Kosseim.
The Professional Regulation Commission, otherwise known as the PRC, is a three-man commission attached to Department of Labor and Employment (DOLE). Its mandate is to regulate and supervise the practice of the professionals who constitute the highly skilled manpower of the country. As the agency-in-charge of the professional sector, the PRC plays a strategic role in developing the corps of professionals for industry, commerce, governance, and the economy.
The Securities and Exchange Commission is the agency of the Government of the Philippines charged with the registration and supervision of corporations and securities, as well as capital market institutions and participants, in the Philippines. As such, the Commission champions investor protection in the Philippines, as part of its mandate.
Canadian privacy law is derived from the common law, statutes of the Parliament of Canada and the various provincial legislatures, and the Canadian Charter of Rights and Freedoms. Perhaps ironically, Canada's legal conceptualization of privacy, along with most modern legal Western conceptions of privacy, can be traced back to Warren and Brandeis’s "The Right to Privacy" published in the Harvard Law Review in 1890, Holvast states "Almost all authors on privacy start the discussion with the famous article 'The Right to Privacy' of Samuel Warren and Louis Brandeis".
There is no absolute right to privacy in Australian law and there is no clearly recognised tort of invasion of privacy or similar remedy available to people who feel their privacy has been violated. Privacy is, however, affected and protected in limited ways by common law in Australia and a range of federal, state and territorial laws, as well as administrative arrangements.
The Cybercrime Prevention Act of 2012, officially recorded as Republic Act No. 10175, is a law in the Philippines that was approved on September 12, 2012. It aims to address legal issues concerning online interactions and the Internet in the Philippines. Among the cybercrime offenses included in the bill are cybersquatting, cybersex, child pornography, identity theft, illegal access to data and libel.
The Magna Carta for Philippine Internet Freedom is an internet law bill filed in the Congress of the Philippines. The bill contains provisions promoting civil and political rights and Constitutional guarantees for Philippine internet users, such as freedom of expression, as well as provisions on information and communications technology (ICT) policy, ICT4D, internet governance, e-governance, cybersecurity, cyberwarfare, cyberterrorism, and cybercrime.
The Office of the Privacy Commissioner administers the Privacy Act 2020. The Privacy Commissioner is entrusted to protect personal information of New Zealanders in accordance with the Privacy Act. Current Privacy Commissioner, Michael Webster, began his role in July 2022.
There are several national data protection authorities across the world, tasked with protecting information privacy. In the European Union and the EFTA member countries, their status was formalized by the Data Protection Directive and they were involved in the Madrid Resolution.
The following are the events in related to Philippine law in 2016. This includes developments in criminal investigations of national notability.
The Department of Information and Communications Technology (DICT) is the executive department of the Philippine government responsible for the planning, development and promotion of the country's information and communications technology (ICT) agenda in support of national development.
The Philippine Identification System ID, also known as the Philippine Identification Card or simply the national ID, is the official national identity card for Filipino citizens worldwide and foreign permanent residents in the Philippines. The document is a significant part of the Philippine Identification System (PhilSys), the national identification system to be implemented by the Philippine government.