News

Philippine Data Privacy Law is Signed into Law

23 August 2012
Image
Image

On August 15, Philippine President Benigno Aquino III signed into law the Data Privacy Act of 2012, formally titled “An Act Protecting Individual Personal Information in Information and Communications Systems in the Government and the Private Sector, Creating for this Purpose a National Privacy Commission, and for Other Purposes”. The Act is modeled after the EU Data Protection Directive and the Asia-Pacific Economic Cooperation (APEC) Privacy Framework.

The Act applies to “the processing of all types of personal information” and to any person, including both government and private-sector entities, “involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines.” The term “Personal Information” is defined as any information “from which the identity of an individual is apparent or can be reasonably and directly ascertained” or that “when put together with other information would directly and certainly identify an individual.”

The Act contains provisions that govern the processing of personal information, the rights of data subjects (e.g., notice, access, and data portability), and the security of personal information (which includes a breach notification requirement). In addition, the Act creates the National Privacy Commission, which is tasked with administering and implementing the provisions of the Act and monitoring and ensuring compliance with international standards for data protection.

The law sets forth a detailed schedule of penalties for violations of Act, which include both imprisonment and fines. For example, the unauthorized processing of personal information is penalized by imprisonment of one to three years and a fine of not less than 500,000 pesos (approximately $11,850 USD) but not more than two million pesos (approximately $47,390 USD). If the unauthorized processing involves sensitive personal information, the penalties increase to imprisonment of three to six years and a fine of up to four million pesos (approximately $94,780 USD). In addition, the Act also penalizes – by imprisonment and fine – the improper disposal of personal information, the processing of personal information for unauthorized purposes, the concealment of a security breach, and the malicious and unauthorized disclosure of personal information.

 

Authored by HL Chronicle of Data Protection Team.

Contacts

bio-image

Bret S. Cohen

Partner

location Washington, D.C.

View more

Related topics

Related countries

Load more

Related keywords

Load more

Articles you may be interested in

image_1
News

The Data Chronicles | Data Protection in the Asia Pacific region | Trends, enforcement, and what’s ahead

17 April 2025
image_1
News

Malaysia imposes data breach reporting – what your business needs to know

25 March 2025
image_1
News

Malaysia introduces mandatory data officer appointment – What this means for your business

18 March 2025
image_1
Insights and Analysis

The future of global data flows in an uncertain world

13 January 2025
image_1
News

2024 Life Sciences & Health Care Horizons

18 April 2024
image_1
News

Hogan Lovells PaC team stays as sole Band 1 firm in Data Protection by Chambers Global

19 February 2024
image_1
News

The Data Chronicles: Insider Threats | Conducting an investigation from a global perspective

07 December 2023
image_1
Insights and Analysis

Digital Trust Whitepaper

21 November 2023
image_1
News

Horizons 2023: Panelists discuss key issues keeping APAC life sciences GCs up at night

16 October 2023
left_arrow
right_arrow

View more insights and analysis

arrow
arrow

Register now to receive personalized content and more!

 

Register
close
See benefits
Register