HOW THE DATA PRIVACY ACT IMPACTS ME PERSONALLY

 I am studying Law but I did not bother to read this Act until this was required in my subject, Technology and the Law. Indeed,  it deserves to be given a closer look and how this Act will impact me as a person, in the legal profession and in the society to which I live in.

1. Personally

I know that personal information submitted to government agencies such as PAG-IBIG, SSS or LTO or NSO are not totally private or personal information exclusive only to the access of staff of said government agencies. It can be made available as public records to anyone who has a legal purpose, right connection and money to buy such information. Before one knows it, it has already been sold to an advertising company, or to a credit card company and one begins to wonder why one suddenly receives phone calls from strangers who pretend they know them personally. To one's surprise they have an accurate personal information of the person and all he needs to do is to confirm it with them! You start thinking if someone just sold your personal data? Or did you just lost an ID card and somebody found it and your personal information has gone public? Or having to experience that there is a record of a current Loan in SSS or PAG-IBIG when the member has not really availed of such loan. This shows that somebody had an access of the SSS/PAG-IBIG details of the subject and it was used by somebody else. But the member/subject has to pay it and he cannot do anything otherwise his alleged outstanding loan will balloon or his retirement benefit will get affected! If none of these make sense, then you realize, nothing is safe now these days including safeguarding one’s own identity! Before this Act, one is as helpless as anyone else on what to do if these things happen.

Personally, I think the Data Privacy Act is an answer to the growing violation against the basic human right, the right to privacy. Privacy to personal data information is what this Act is aimed to protect. It protects and safeguards personal information of private individuals like me so that personal information are not readily available and accessible to the public or to anyone who may just want to access personal information, misuse or steal an identity. The coming of this policy must have been adopted in the United States or other countries where digital technology is far more advanced and security of personal data is of prime importance. The Philippines, which is a little bit behind is just catching up. Many controversies pertaining data privacy must have been encountered, either recorded or unrecorded, thus the birth of this Act. Indeed, it will protect private invidual’s right to privacy, the right to life and the freedom to live in the way one wants without it looking at one’s shoulder that one is watching his/her life! I hope that the Implementing Rules and Regulations will clarify provisions of the Act that may be vague.  

Before one could have process personal or data information, or process sensitive information, the request must pass through several layers of approval which to me indicates that getting access to personal data or information of the subject is indeed difficult. This assures the subject that before one could have access to his personal details, on top of the layers of approval, it further needs the subject’s  consent.  So before one could access to my personal data information, I need to be informed and my consent will be needed before any information will be released to any requesting party. The Act puts limit to the extent of personal information that one can only gained access thereto.

I believe this Act will protect my right to privacy and will prevent any difficult situation for identity theft or from misuse which will put me in danger. I just hope that Implementing Rules and Regulations will have a clear-cut procedure so that unscrupulous individuals will not use it to their advantage and benefit from it.

            The limitation that the Act does not apply to any officer or employee of a government institution is welcoming in line with the transparency of the government employee or official in charge of processing or keeping of personal data information. This will deter the government employee to hide information that will pertain to any conflict of interest or financial interest that he or she may be protecting and might just be using the Act to protect his own interest. 

II. As to the Legal Profession

I will still discuss my opinion in line with the legal profession as this is personal to me, being a student of law.  Personally, it protects and safeguards my personal data information and it puts integrity to the goverment agencies who collect personal data. However, I think that this Act will provide a shield to the criminal offenders, recidivists, accused or those who were already convicted. Before the information commission may release data information to the Court, one needs the consent of the accused, convict or criminal. Who in his right mind will incriminate himself and permit anyone to collect information that maybe later be used against him? Speaking of the fruit of the poisonous tree, any information obtained that will violate the human rights or without affording due process to the individual cannot be used as an evidence against him in any court, administrative body or tribunal. How will this be addressed in the Act’s Implementing Rules and Regulations? Will this be taken into consideration?

The restriction to the access and processing of personal data information have no exemption like giving authority to validate the identity of a criminal, bank transactions that will prove he has been involved in anti-money laundering activities or has assumed another person's identity. He will be able to hide and disguise his identity and be scot free. Access to sensitive information such as bank deposits and transactions, civil status, blood type, etc. cannot be secured  because one needs his consent in order to be able to access and process such personal information. Any person who has committed a crime and may not want anyone to gain access of his person data information may just properly invoke this Act. At worst, the subject can even file a complaint against the individual who secured sensitive personal information when he should be the one to be charged for the crime he has committed.

   

One that is also pointed out in this Act is the level of approval that needs to be sought before one could have access to the data information needed and it has also certain limitations to the number of personal information allowed. Consent of the person is required before one have an access to it. Again, this will reinforce the doctrine against self-incrimination.

            Will this Act cover the ‘General Waiver’ being signed by applicants who seek employment in companies? An example of a General Waiver will state the following:  

By my signature on this application, I:

a.      Authorize the verification of the above information and other necessary inquiries that may be necessary to determine my suitability for employment.

b.      Affirm that the above information is true.

________________________________

                                                                        Applicant’s signature

            Can the employer in private corporatations invoke this ‘General Waiver’ to check on the employment background and history, personal information of an applicant such as, existing loans in any government agency or bank, criminal records? If this cannot be invoked and the Act prevails, how will the employer protect its business? How do you safeguard the right of the employer to their right of information pertaining to the people that they hire or do you take into consideration the 'General Waiver' signed by the applicant? Can the employee invoke and take advantage of the provisions of this Act to cover his illegal activities, his past wrongdoing in the previous employment? Is the ‘General Waiver’ clause unconstitutional? Should it be stricken out from the employer’s hiring application form?

            The pyramiding scam, the most recent ‘Aman Futures’, victimized so many people and robbed them off of their livelihood in Mindanao. The persons involved may be charged with syndicated estafa if their guilt is proven. They claimed that they were issued with the Certificate of Registration by Securities and Exchange Commission. If their personal data were accessed prior to the establishment of the organization, will the Securities and Exchange Commission issue the Certificate of Registration?

The Penalty for unauthorized processing of personal information range from one year to three years with a fine of not less than P500,000 but not more than P2,000,000 while the processing of sensitive information is penalized by imprisonment ranging from three years to six years and a fine not less than P500,000 but not more than P4,000,000. Even access due to negligence is also being penalized in this Act. The fine in this Act is a lot higher compared with other offenses in the Revised Penal Code. To me, it does not commensurate to the special law violated. Although penalties in the Revised Penal Code really need to be revisited since those were still made during the Spanish regime or adopted from the Spanish Penal Laws, the penalties of this Act seem too harsh for such violation/s.

What provisions in the Act which shall be in conflict with the provisions of the Revised Penal Code? Were these reconciled? Will the Implementing Rules and Regulations clarify any provisions in conflict with other Laws?

 I also think that this Act will curtail the freedom of speech of Journalists. They will not be able to collect or gather personal information or gain access to sensitive information and cannot just publish it as they will be penalized for gaining access to.  Again, the unscrupulous individuals can use this Act to protect themselves . What if the Journalist’s reports open the pandora’s box and will uncover more illegal activities  involving powerful and influential people or even extend to our territorial waters, can this Act just be invoked so their right is protected?

The society or community must also be informed and educated about this Act so they know their rights. It must be relevant and should cover many areas including employment, etc.

III. Conclusion

            To conclude, this Act definitely protects public interest and safeguards a person’s basic right to privacy. One feels safer and secured that nobody will assume or steal your identity or that your data information you have submitted for any legal purpose is not accessed or misused or changed unless you consent or authorize it. With proper implementation, this Act will be used for a more orderly, safer society.