“Data Privacy Act of 2012″

 

Let me begin, by mentioning Section 5 of the 1987 Philippine Constitution. The law provides that   "The privacy of communication and correspondence shall be in violable except upon lawful order of the court or when public safety and order require otherwise." (Article III, section 1 [5] of the Constitution. This provision cited refers to privileged communication. Privilege communication is defined as a private communication made by any person to another, in good faith, in the performance of any duty, whether legal, moral, or social, solely with the fair and reasonable purpose of protecting the interests of the person making the communication or the interests of the person to whom the communication is made, is a privileged communication.” (Sec. 9, Act. No 227).  Likewise  a communication made bona fide upon any subject-matter in which the party communicating has an interest, or in reference to which he has a duty, is privileged, if made to a person having a corresponding interest or duty, although it contained incriminatory matter which without this privilege would be slanderous and actionable.' (Harrison vs. Bush). 

Privilege is classified as either absolute or qualified. For the sake of clearness of application privileged communications are often divided into two classes: Absolute privilege; and conditional or qualified privilege, the second sometimes being called 'quasi privilege.' In cases of absolutely privileged communications, the occasion is an absolute bar to the action; whereas, in cases of conditionally or qualifiedly privilege communications, the law raises only a prima facie presumption in favor of the occasion. In the former class the freedom from liability is said to be absolute or without condition, regardless of the existence of express malice, as contrasted with such freedom in the latter class where it is said to be conditioned on the want or absence of express malice." (53 C.J.S., 141-142.) An absolutely privileged communication is one for which, by reason of the occasion on which it is made, no remedy is provided for the damages in a civil action for slander or libel. It is well settled that the law recognizes this class of communications which is so absolutely privileged that even the existence of express malice does not destroy the privilege, although there are some dicta denying the rule, and some eminent judges, in dealing with particular applications of the rule, have doubted or questioned the rationale or principle of absolutely privileged communications. As to absolutely privileged communications, a civil action f or libel or slander is absolutely barred." (53 C.J.S., p. 142.) Qualified privilege exists in a larger number of cases than does absolute privilege. It relates more particularly to private interests; and comprehends communications made in good faith, without actual malice, with reasonable or probable grounds for believing them to be true, on a subject matter in which the author of the communication has an interest, or in respect to which he has a duty, public, personal, or private, either legal, judicial, political, moral, or social, made to a person having a corresponding interest or duty. Briefly stated, a qualifiedly privileged communication is a defamatory communication made on what is called an occasion of privilege without actual malice, and as to such communications there is no civil liability, regardless of whether or not the communication is libelous per se or libelous per quod." (53 C.J.S., pp. 143-144.)

Public policy is the foundation of the doctrine of privileged communications. It is based upon the recognition of the fact that the right of the individual to enjoy immunity from the publication of untruthful charges derogatory to his character is not absolute and must at times yield to the superior necessity of subjecting to investigation the conduct of persons charged with wrongdoing. In order to accomplish this purpose and to permit private persons having, or in good faith believing themselves to have, knowledge of such wrongdoing, to perform the legal, moral, social duty resulting from such knowledge of belief, without restraining them by the fear that an error, no matter how innocently or honestly made, may subject them to punishment for defamation, the doctrine of qualified privilege has been evolved, under which, "the occasion on which the communication was made rebuts the inference of malice prima facie arising from a statement prejudicial to the character of the plaintiff, and puts upon him the burden of proving that the defendant was actuated by motives of personal spite or ill-will, independent of the occasion on which the communication was made (US vs. CAÑETE).

Indeed, our constitutional guarantee of privacy of communication and correspondence will not be violated, because the trial court has power and jurisdiction to issue the order for the production and inspection of the books and documents in question in virtue of the constitutional guarantee making an express exception in favor of the disclosure of communication and correspondence upon lawful order of a court of justice. As the law stands now, there are two ways that this guarantee may be limited that is by lawful order of the court or when public safety and order.  Lawful order means that there is a mandate coming from courts in their exercise of their judicial power to limit such right. The other when public safety or order requires. This is a mandate by the very existence of the government. When the government deems it fit to enact laws, they may enact laws, in order to promote and preserve the government as well as its citizenry.

The enactment of Republic Act 10173 or known as the “Data Privacy Act of 2012″ is a living example of such authority of the government to preserve, promote and improve the government itself. This law accordingly is deemed necessary to safeguard the rights of its citizenry. Basically, this law will try be protecting personal information in the information and communication systems in the government and the private sectors. Personal information is refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.  The policy is embodied in section 2 to wit, “it is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected”. The said provision is the root of its enactment. The wise men and women of Congress, to me had anticipated the fast changing era, the so called postmodernism. Accordingly, postmodernity implies flexibility and changes. For Lyotard, postmodern would be that which in the modern invokes the un-presentable in the representation itself. That which refuses the consolation of the correct forms, refuses the consensus of taste permitting a common experience of nostalgia for impossible and inquiries of the new un-presentable (Lyotard, postmodern condition). The pronouncement made by him ignites changes in the first world countries. U.S.A, Germany, France and other countries begin to improve their laws concerning communications in relation participation in the political sphere. They now acknowledge, what was before unrepresented and/or un-captured to their minds, the birth technology matters in the political hemisphere.

Quite interesting to point out that its applicability is encompassing. Section 4 of the said law provides that “Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines. It does include juridical and those other person that may be authorized by law. Furthermore, it did not limits its application herein the Philippines as section 6 points out that it may be made applicable to acts done or practices engaged in and outside of the Philippines by an entity if relates to personal information about a Philippine citizen or a resident entity that has a link with the Philippines, and the entity is processing personal information in the Philippines or even if the processing is outside the Philippines as long as it is about Philippine citizens or residents such as, but not limited to, the following: (1) A contract is entered in the Philippines; (2) A juridical entity unincorporated in the Philippines but has central management and control in the country; and (3) An entity that has a branch, agency, office or subsidiary in the Philippines and the parent or affiliate of the Philippine entity has access to personal information amongst other. For me, this shows more significant to Filipinos working anywhere other than our country. In order to classify what may be included as personal information, the law specifically provided its criteria. The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists:(a) The data subject has given his or her consent; (b) The processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract; (c) The processing is necessary for compliance with a legal obligation to which the personal information controller is subject; (d) The processing is necessary to protect vitally important interests of the data subject, including life and health; (e) The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate; or (f) The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution.

One important feature of this law is the creation of National Privacy Office. This independent body is likely to assure that the purposes of this law will be attained. Without which, no instrumentality of the government can focus specially the mandates of this law. The Commission shall be attached to the Department of Information and Communications Technology (DICT) and shall be headed by a Privacy Commissioner, who shall also act as Chairman of the Commission. The Privacy Commissioner shall be assisted by two (2) Deputy Privacy Commissioners, one to be responsible for Data Processing Systems and one to be responsible for Policies and Planning. The Privacy Commissioner and the two (2) Deputy Privacy Commissioners shall be appointed by the President of the Philippines for a term of three (3) years, and may be reappointed for another term of three (3) years. Vacancies in the Commission shall be filled in the same manner in which the original appointment was made.

The powers and functions of the commission is enshrine in section 7, to wit the assurance compliance of personal information controllers, exercise quasi-judicial power within its scope and limitations as well as lawful order to rendered the law effective, issue cease and desist orders, impose a temporary or permanent ban on the processing of personal information, upon finding that the processing will be detrimental to national security and public interest, compel or petition any entity, government agency or instrumentality to abide by its orders or take action on a matter affecting data privacy, monitor the compliance of other government agencies or instrumentalities on their security and technical measures and recommend the necessary action in order to meet minimum standards for protection of personal information. The Commission is itself mandated to coordinate with other government agencies and the private sector on efforts to formulate and implement plans and policies to strengthen the protection of personal information in the country, to publish on a regular basis a guide to all laws relating to data protection and publish a compilation of agency system of records and notices, including index and other finding aids. Likewise it may recommend to the Department of Justice (DOJ) the prosecution and imposition of penalties. The commission is also task to ensure proper and effective coordination with data privacy regulators in other countries and private accountability agents, participate in international and regional initiatives for data privacy protection, negotiate and contract with other data privacy authorities of other countries for cross-border application and implementation of respective privacy laws, to assist Philippine companies doing business abroad to respond to foreign privacy or data protection laws and regulations; and to generally perform such acts as may be necessary to facilitate cross-border enforcement of data privacy protection.  
To me, the Republic Act 10173 or known as the “Data Privacy Act of 2012″ is very timely. Now is a good time for such law. Our country needs to update itself to the current changes of the world. Not only that it needed to be updated but also to ensure that situations be suitable and appropriate for it so that life, liberty and property of its citizenry will not be prejudice.