HOW THE DATA PRIVACY ACT IMPACTS ME PERSONALLY
I am studying Law but I did not bother to read
this Act until this was required in my subject, Technology and the Law. Indeed,
it deserves to be given a closer look and
how this Act will impact me as a person, in the legal profession and in the
society to which I live in.
1. Personally
I
know that personal information submitted to government agencies such as
PAG-IBIG, SSS or LTO or NSO are not totally private or personal information
exclusive only to the access of staff of said government agencies. It can be
made available as public records to anyone who has a legal purpose, right
connection and money to buy such information. Before one knows it, it has
already been sold to an advertising company, or to a credit card company and
one begins to wonder why one suddenly receives phone calls from strangers who
pretend they know them personally. To one's surprise they have an accurate
personal information of the person and all he needs to do is to confirm it with
them! You start thinking if someone just sold your personal data? Or did you
just lost an ID card and somebody found it and your personal information has
gone public? Or having to experience that there is a record of a current Loan in
SSS or PAG-IBIG when the member has not really availed of such loan. This shows
that somebody had an access of the SSS/PAG-IBIG details of the subject and it
was used by somebody else. But the member/subject has to pay it and he cannot
do anything otherwise his alleged outstanding loan will balloon or his
retirement benefit will get affected! If none of these make sense, then you
realize, nothing is safe now these days including safeguarding one’s own
identity! Before this Act, one is as helpless as anyone else on what to do if
these things happen.
Personally,
I think the Data Privacy Act is an answer to the growing violation against the
basic human right, the right to privacy. Privacy to personal data information
is what this Act is aimed to protect. It protects and safeguards personal
information of private individuals like me so that personal information are not
readily available and accessible to the public or to anyone who may just want
to access personal information, misuse or steal an identity. The coming of this
policy must have been adopted in the United States or other countries where
digital technology is far more advanced and security of personal data is of
prime importance. The Philippines, which is a little bit behind is just
catching up. Many controversies pertaining data privacy must have been
encountered, either recorded or unrecorded, thus the birth of this Act. Indeed,
it will protect private invidual’s right to privacy, the right to life and the
freedom to live in the way one wants without it looking at one’s shoulder that
one is watching his/her life! I hope that the Implementing Rules and Regulations
will clarify provisions of the Act that may be vague.
Before
one could have process personal or data information, or process sensitive information,
the request must pass through several layers of approval which to me indicates that
getting access to personal data or information of the subject is indeed
difficult. This assures the subject that before one could have access to his
personal details, on top of the layers of approval, it further needs the
subject’s consent. So before one could access to my personal data
information, I need to be informed and my consent will be needed before any
information will be released to any requesting party. The Act puts limit to the
extent of personal information that one can only gained access thereto.
I
believe this Act will protect my right to privacy and will prevent any
difficult situation for identity theft or from misuse which will put me in
danger. I just hope that Implementing Rules and Regulations will have a
clear-cut procedure so that unscrupulous individuals will not use it to their
advantage and benefit from it.
The limitation that the Act does not apply to any officer
or employee of a government institution is welcoming in line with the
transparency of the government employee or official in charge of processing or
keeping of personal data information. This will deter the government employee
to hide information that will pertain to any conflict of interest or financial
interest that he or she may be protecting and might just be using the Act to
protect his own interest.
II. As to the Legal Profession
I
will still discuss my opinion in line with the legal profession as this is
personal to me, being a student of law. Personally,
it protects and safeguards my personal data information and it puts integrity
to the goverment agencies who collect personal data. However, I think that this
Act will provide a shield to the criminal offenders, recidivists, accused or
those who were already convicted. Before the information commission may release
data information to the Court, one needs the consent of the accused, convict or
criminal. Who in his right mind will incriminate himself and permit anyone to
collect information that maybe later be used against him? Speaking of the fruit
of the poisonous tree, any information obtained that will violate the human
rights or without affording due process to the individual cannot be used as an
evidence against him in any court, administrative body or tribunal. How will
this be addressed in the Act’s Implementing Rules and Regulations? Will this be
taken into consideration?
The
restriction to the access and processing of personal data information have no
exemption like giving authority to validate the identity of a criminal, bank
transactions that will prove he has been involved in anti-money laundering
activities or has assumed another person's identity. He will be able to hide
and disguise his identity and be scot free. Access to sensitive information
such as bank deposits and transactions, civil status, blood type, etc. cannot
be secured because one needs his consent
in order to be able to access and process such personal information. Any person
who has committed a crime and may not want anyone to gain access of his person
data information may just properly invoke this Act. At worst, the subject can
even file a complaint against the individual who secured sensitive personal
information when he should be the one to be charged for the crime he has
committed.
One
that is also pointed out in this Act is the level of approval that needs to be
sought before one could have access to the data information needed and it has also
certain limitations to the number of personal information allowed. Consent of
the person is required before one have an access to it. Again, this will
reinforce the doctrine against self-incrimination.
Will this Act cover the ‘General Waiver’ being signed by applicants who seek employment in
companies? An example of a General Waiver will state the following:
By my
signature on this application, I:
a.
Authorize the verification of the above information and
other necessary inquiries that may be necessary to determine my suitability for
employment.
b.
Affirm that the above information is true.
________________________________
Applicant’s
signature
Can the employer in private corporatations invoke this ‘General Waiver’ to check on the
employment background and history, personal information of an applicant such as, existing loans
in any government agency or bank, criminal records? If this cannot be invoked
and the Act prevails, how will the employer protect its business? How do you
safeguard the right of the employer to their right of information pertaining to
the people that they hire or do you take into consideration the 'General Waiver' signed by the applicant? Can the employee invoke and take advantage of the
provisions of this Act to cover his illegal activities, his past wrongdoing in
the previous employment? Is the ‘General Waiver’ clause unconstitutional? Should it be stricken out from the employer’s hiring application form?
The pyramiding scam, the most recent ‘Aman Futures’,
victimized so many people and robbed them off of their livelihood in Mindanao.
The persons involved may be charged with syndicated estafa if their guilt is
proven. They claimed that they were issued with the Certificate of Registration
by Securities and Exchange Commission. If their personal data were accessed
prior to the establishment of the organization, will the Securities and
Exchange Commission issue the Certificate of Registration?
The
Penalty for unauthorized processing of personal information range from one year
to three years with a fine of not less than P500,000 but not more than
P2,000,000 while the processing of sensitive information is penalized by
imprisonment ranging from three years to six years and a fine not less than
P500,000 but not more than P4,000,000. Even access due to negligence is also
being penalized in this Act. The fine in this Act is a lot higher compared with
other offenses in the Revised Penal Code. To me, it does not commensurate to
the special law violated. Although penalties in the Revised Penal Code really
need to be revisited since those were still made during the Spanish regime or
adopted from the Spanish Penal Laws, the penalties of this Act seem too harsh
for such violation/s.
What
provisions in the Act which shall be in conflict with the provisions of the
Revised Penal Code? Were these reconciled? Will the Implementing Rules and
Regulations clarify any provisions in conflict with other Laws?
I also think that this Act will curtail the
freedom of speech of Journalists. They will not be able to collect or gather
personal information or gain access to sensitive information and cannot just
publish it as they will be penalized for gaining access to. Again, the unscrupulous individuals can use
this Act to protect themselves . What if the Journalist’s reports open the
pandora’s box and will uncover more illegal activities involving powerful and influential people or
even extend to our territorial waters, can this Act just be invoked so their
right is protected?
The
society or community must also be informed and educated about this Act so they
know their rights. It must be relevant and should cover many areas including employment,
etc.
III. Conclusion
To conclude, this Act definitely protects public interest
and safeguards a person’s basic right to privacy. One feels safer and secured
that nobody will assume or steal your identity or that your data information you
have submitted for any legal purpose is not accessed or misused or changed
unless you consent or authorize it. With proper implementation, this Act will
be used for a more orderly, safer society.