Republic Act No. 10173, otherwise known as the Data Privacy Act is a law that seeks to protect all forms of information, be it private, personal, or sensitive. It is meant to cover both natural and juridical persons involved in the processing of personal information.
SCOPE
the Data Privacy Act applies to any natural or juridical persons involved in the processing of personal information. It also covers those who, although not found or established in the Philippines, use equipment located in the Philippines, or those who maintain an office, branch, or agency in the Philippines.
PROCESSING OF PERSONAL INFORMATION
the Data Privacy Act, “processing refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.”
In other words, processing of personal information is any operation where personal information is involved. Whenever your information is, among other things, collected, modified, or used for some purpose, processing already takes place.
WHAT IS PERSONAL INFORMATION?
Refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.”
In other words, personal information is any information which can be linked to your identity, thus making you readily identifiable.
PRIVILEGED INFORMATION
Privileged information refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.” One such example would be any information given by a client to his lawyer. Such information would fall under attorney-client privilege and would, therefore, be considered privileged information.
SCOPE AND APPLICATION
The Data Privacy Act is broadly applicable to individuals and legal entities that process personal information, with some exceptions. The law has extraterritorial application, applying not only to businesses with offices in the Philippines, but when equipment based in the Philippines is used for processing. The act further applies to the processing of the personal information of Philippines citizens regardless of where they reside.
One exception in the act provides that the law does not apply to the processing of personal information in the Philippines that was lawfully collected from residents of foreign jurisdictions an exception helpful for Philippines companies that offer cloud services.
APPROACH
The Philippines law takes the approach that “The processing of personal data shall be allowed subject to adherence to the principles of transparency, legitimate purpose, and proportionality.”
Empowerment Technologies 