Professional Documents
Culture Documents
The act is a necessary and important precaution in a world economy that’s swiftly going
digital. In 2014, it was estimated that 2.5 quintillion — or 2.5 billion billion — bytes of
data were created everyday. This includes unprecedented knowledge about what real
individuals are doing, watching, thinking, and feeling.
Companies must be held accountable not only for what they do with customer data —
but how they protect that data from third parties. The past few years of security
breaches, system errors, and ethical scandals within some of the country’s major banks
have reminded us that there is much work to be done.
So, where to begin for institutions who want to comply with RA 10173 and be proactive
about their consumers’ digital privacy?
What is RA 10173?
RA 10173, or the Data Privacy Act, protects individuals from unauthorized processing
of personal information that is (1) private, not publicly available; and (2) identifiable,
where the identity of the individual is apparent either through direct attribution or
when put together with other available information.
First, all personal information must be collected for reasons that are specified,
legitimate, and reasonable. In other words, customers must opt in for their data to be
used for specific reasons that are transparent and legal.
Third, personal information must be discarded in a way that does not make it visible
and accessible to unauthorized third parties.
The National Privacy Commission, which was created to enforce RA 10173, will check
whether companies are compliant based on a company having 5 elements:
1. Appointing a Data Protection Officer
2. Conducting a privacy impact assessment
3. Creating a privacy knowledge management program
4. Implementing a privacy and data protection policy
5. Exercising a breach reporting procedure
To learn more, schedule a free consultation or read the full text of the Data Privacy Act
of 2012 and its Implementing Rules and Regulations.