Republic Act No. 10173 - Data Privacy Act of 2012
Section 1. Short Title
This Act shall be known as the "Data Privacy Act of 2012".
Section 2. Declaration of Policy
It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.
Section 3. Scope
This Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch, or agency in the Philippines subject to the immediately succeeding paragraph: Provided, That the requirements of Section 5 are complied with.
Section 4. Definition of Terms
- Personal Information - refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
- Personal Information Controller - refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.
- Personal Information Processor - refers to any natural or juridical person qualified to act as such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.
Section 5. General Principles in Processing Personal Information
The processing of personal information shall be allowed, subject to compliance with the requirements of this Act and other laws allowing disclosure of information to the public and adherence to the principles of transparency, legitimate purpose and proportionality.
Section 6. Lawful Processing of Personal Information
The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists:
- The data subject has given his or her consent, prior to the collection, or as soon as practicable and reasonable after collection;
- The processing is necessary for the performance of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract;
- The processing is necessary for compliance with a legal obligation to which the personal information controller is subject;
- The processing is necessary to protect vitally important interests of the data subject, including life and health;
- The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate;
- The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution.
Section 7. Rights of the Data Subject
The data subject is entitled to:
- Be informed whether personal information pertaining to him or her shall be, are being, or have been processed;
- Be furnished the information indicated hereunder before the entry of his or her personal information into the processing system of the personal information controller, or at the next practical opportunity:
- Reasonable access to, upon demand, the contents of his or her personal information that were processed and the sources from which these were obtained;
- Dispute the inaccuracy or error in the personal information and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable;
- Suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller's filing system;
- Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.
Section 8. Security of Personal Information
The personal information controller shall implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing.
Section 9. Breach Notification
The personal information controller shall notify the Commission and affected data subjects when sensitive personal information or other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the Commission believes that such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject.
Section 10. Penalties
Any person who acts in contravention of the provisions of this Act shall be liable for the following penalties:
- For unauthorized processing of personal information: imprisonment from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00);
- For accessing personal information due to negligence: imprisonment from six (6) months to two (2) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but not more than Five hundred thousand pesos (Php500,000.00);
- For improper disposal of personal information: imprisonment from six (6) months to two (2) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but not more than Five hundred thousand pesos (Php500,000.00).
Barangay Implementation
As a government entity, BARANGAY UNO is committed to:
- Collecting only necessary personal information for official barangay services
- Securing all personal data in accordance with government security standards
- Using personal information solely for the purpose for which it was collected
- Not sharing personal information without explicit consent, except as required by law
- Providing residents access to their personal information upon request
- Maintaining accurate and up-to-date personal records
Contact Information
For questions regarding your personal data or to exercise your rights under the Data Privacy Act, please contact:
- Barangay Data Protection Officer: Barangay Secretary
- Contact Number: 049 542-9034
- Email: bagongbarangay1cabuyao@gmail.com
- Address: BARANGAY UNO, City of Cabuyao, Laguna
Note: This is a summary of the key provisions of RA 10173. For the complete text of the law, please refer to the official publication or visit the National Privacy Commission website.