BPOs in the Philippines on the Lookout for Data Privacy Bill
The Philippine Congress is set to enact House Bill 4115, or the Data Privacy Act of 2011, as the bill passed its third and final reading this week. The country’s booming business process outsourcing (BPO) industry is expected to benefit from the measure, which aims to protect and regulate recording of personal data in information and communication systems in the public and private sectors.
"The bill will also contribute to the promotion and development of electronic commerce in the Philippines and protect the consumers. It will also promote consumer trust and user confidence in electronic commerce through the issuance of clear, transparent, predictable, and enforceable rules to clarify and ensure the protection of personal data in information and communications systems in both the private sector and the government sector," explains Rep. Roman Romulo, author of the bill.
Bill co-author Rep. Susan Yap explained that the state needed to protect the fundamental human right to privacy of communication. "The State recognizes the vital role of information and communications technology in nation building and its inherent obligation to ensure that personal information in information and communications systems in the government and the private sector are secure and protected," the legislator said.
Once signed into law, the bill’s provisions on guaranteed security for personal data will be enforced by the Commission on Information and Communications Technology (CICT). Among the responsibilities outlined for the CICT include the selection and recommendation of the most secure technologies available to protect government databases from cyber attacks. The bill also protects the CICT from criminal or civil suits that may happen in the course of the commission’s protection of personal data.
The bill prescribes that data controllers and processors must use techniques in protecting personal data against accidental or illegal misuse, destruction, disclosure, alteration, or even illegal processing. At the same time, the bill makes it illegal to share personal data with third parties. Violators will be fined by as much as PHP5 million (USD 115,000), the bill prescribes.
The Business Processing Association of the Philippines (BPAP) had earlier lauded the data privacy bill when it passed second reading last month. “The approval of the Data Privacy Act on second reading sends the right signals not only to existing foreign locators in the business process outsourcing industry but also to the many global players which are just deciding whether to invest in our country and participate in the IT-BPO space,” said Martin Crisostomo, BPAP executive director for external affairs.
A counterpart bill was filed in August of last year at the Philippine Senate by Sen. Miriam Defensor Santiago.