Professional Documents
Culture Documents
Basics of Data Privacy Act
Basics of Data Privacy Act
In 2012, the Congress of the Philippines passed Republic Act No. 10173, also known as the Data Privacy
Act (DPA) of 2012. Five years later, the DPA’s Implementing Rules and Regulations was put in effect on
September 9, 2016, thus mandating all companies to comply.
The act is a necessary and important precaution in a world economy that’s swiftly going digital. In 2014, it
was estimated that 2.5 quintillion — or 2.5 billion billion — bytes of data were created everyday. This
includes unprecedented knowledge about what real individuals are doing, watching, thinking, and feeling.
Companies must be held accountable not only for what they do with customer data — but how they
protect that data from third parties. The past few years of security breaches, system errors, and ethical
scandals within some of the country’s major banks have reminded us that there is much work to be done.
So, where to begin for institutions who want to comply with RA 10173 and be proactive about their
consumers’ digital privacy?
What is RA 10173?
RA 10173, or the Data Privacy Act, protects individuals from unauthorized processing of personal
information that is (1) private, not publicly available; and (2) identifiable, where the identity of the individual
is apparent either through direct attribution or when put together with other available information.
Second, personal information must be handled properly. Information must be kept accurate and relevant,
used only for the stated purposes, and retained only for as long as reasonably needed. Customers must
be active in ensuring that other, unauthorized parties do not have access to their customers’ information.
Third, personal information must be discarded in a way that does not make it visible and accessible to
unauthorized third parties.