RA 8791 – GENERAL BANKING LAW OF 2000

 law that generally governs the regulation, organization and operation of banks, quasi-banks,
and other quasi-entities.
 It primarily governs Universal Banks and Commercial Banks, and has suppletory application
to Thrift Banks, Rural Banks, and Cooperative Banks

UNIVERSAL BANKS COMMERCIAL BANKS

As to equity investment
May invest in the equities of Allied (either financial May invest only in the equities of allied enterprises
or non-financial) and non-allied enterprises (either financial or non-financial)

Total investment in equities of allied and non- The total investment in equities of allied
allied enterprises shall not exceed 50% of the net enterprises shall not exceed 35% of the net worth
worth of the bank

The equity investment in any one enterprise,
whether allied or non-allied, shall not exceed 25%
of the net worth of the bank
Equity Investments in Financial Allied Enterprises
Can own up to 100% of the equity in a thrift bank,
a rural bank or a financial allied enterprise
The equity investment in any one enterprise shall
not exceed 25% of the net worth of the bank
May own up to 100% of the equity of a thrift bank
or a rural bank.
Where the equity investment of a CB is in other
financial allied enterprises, including another
Commercial bank, such investment shall remain a
minority holding in that enterprise.

Equity Investments in Non-Financial Allied Enterprises

A UB or CB may own up to one hundred percent (100%) of the equity in a non-financial allied enterprise
Equity Investments in Quasi Banks
To promote competitive conditions in financial To promote competitive conditions in financial
markets, the Monetary Board may further limit to markets, the Monetary Board may further limit to
40% equity investments of UBs and CBs in QBs 40% equity investments of UBs and
CBs in QBs.

Equity Investments in Non-Allied Enterprises

The equity investment of a UB, or of its wholly or
majority-owned subsidiaries, in a single non-allied
enterprise
1. shall not exceed 35% of the total
equity in that enterprise nor
2. shall it exceed 35% of the voting stock in
that enterprise.
FINANCIAL ALLIED UNDERTAKINGS

With prior BSP approval, banks may invest in equities of the following financial allied undertakings,
subject to the limits prescribed under Sec. X378

a. Leasing companies

b. Banks;

c. Investment houses;

d. Financing companies;

e. Credit card companies;

f. Financial institutions catering to small and medium scale industries including venture capital
corporation (VCC)

g. Companies engaged in stock brokerage/securities dealership; and

h. Companies engaged in foreign exchange dealership/brokerage.

In addition, EKBs may invest in the following as financial allied undertakings:

a. Insurance companies; and

b. Holding company

NON-FINANCIAL ALLIED UNDERTAKING

A bank may acquire up to one hundred percent (100%) of the equity of a non-financial allied
undertaking:

The determination of whether the corporation is engaged in a non-financial allied undertaking shall be
based on the primary purpose as stated in its articles of incorporation and the volume of its principal
business.

UBs/KBs and TBs may invest in equities of the following non-financial allied underta-kings:

(1) Warehousing companies;

(2) Storage companies;

(3) Safe deposit box companies;

(4) Companies primarily engaged in the management of mutual funds but not in the mutual funds
themselves;

(5) Management corporations engaged or to be engaged in an activity similar to the management of

mutual funds;

(6) Companies engaged in providing computer services;

(7) Insurance agencies/brokerages;

(8) Companies engaged in home building and home development;

(9) Companies providing drying and/or milling facilities for agricultural crops such as rice and corn;

(10) Service Bureaus organized to perform for and in behalf of banks and non-bank financial institutions
the services allowed to be outsourced under Circular No. 268; provided, that data processing companies
may be allowed to invest up to 40% in the equity of Service Bureaus;

(11) Philippine Clearing House Corporation (PCHC) and Philippine Central Depository, Inc. (PDIC); and

(12) Such other similar activities as the Monetary Board may declare as non-financial allied undertakings
of banks.

UBs may further invest in health maintenance organizations (HMOs).

Truth in Lending Act

Salient Provisions of Republic Act No. 3765 (“Truth in Lending Act”)

 It is the policy of the State to protect its citizens from a lack of awareness of the true cost of credit to
the user by assuring a full disclosure of such cost with a view of preventing the uninformed use of credit
to the detriment of the national economy.

Definition of Terms

 “Board” means the Monetary Board of the Central Bank of the Philippines.

 “Credit” means any loan, mortgage, deed of trust, advance, or discount; any conditional sales
contract; any contract to sell, or sale or contract of sale of property or services, either for
present or future delivery, under which part or all of the price is payable subsequent to the
making of such sale or contract; any rental-purchase contract; any contract or arrangement for
the hire, bailment, or leasing of property; any option, demand, lien, pledge, or other claim
against, or for the delivery of, property or money; any purchase, or other acquisition of, or any
credit upon the security of, any obligation of claim arising out of any of the foregoing; and any
transaction or series of transactions having a similar purpose or effect.

 “Finance charge” includes interest, fees, service charges, discounts, and such other charges
incident to the extension of credit as the Board may be regulation prescribe.

 “Creditor” means any person engaged in the business of extending credit (including any person
who as a regular business practice makes loans or sells or rents property or services on a time,
credit, or installment basis, either as principal or as agent) who requires as an incident to the
extension of credit, the payment of a finance charge.

 “Person” means any individual, corporation, partnership, association, or other organized group
of persons, or the legal successor or representative of the foregoing, and includes the Philippine
Government or any agency thereof, or any other government, or of any of its political
subdivisions, or any agency of the foregoing.

 Each person to whom credit is extended, prior to the consummation of the transaction, shall be
furnished a clear statement in writing setting forth, to the extent applicable and in accordance with rules
and regulations prescribed by the Monetary Board, the following information:

 the cash price or delivered price of the property or service to be acquired;

 the amounts, if any, to be credited as down payment and/or trade-in;

 the difference between the amounts set forth under clauses (1) and (2);

 the charges, individually itemized, which are paid or to be paid by such person in connection
with the transaction but which are not incident to the extension of credit;
  the total amount to be financed;

 the finance charge expressed in terms of pesos and centavos; and

 the percentage that the finance charge bears to the total amount to be financed expressed as a
simple annual rate on the outstanding unpaid balance of the obligation.

The disclosure statement in writing is a required attachment to the credit transaction contract.  The
borrower has a right to demand a copy of the disclosure statement.

The Board shall prescribe such rules and regulations as may be necessary or proper in carrying out the
provisions of this Act. Any rule or regulation prescribed hereunder may contain such classifications and
differentiations as in the judgment of the Board are necessary or proper to effectuate the purposes of
this Act or to prevent circumvention or evasion, or to facilitate the enforcement of this Act, or any rule
or regulation issued thereunder.

Section 6. (a) Any creditor who in connection with any credit transaction fails to disclose to any person
any information in violation of this Act or any regulation issued thereunder shall be liable to such person
in the amount of P100 or in an amount equal to twice the finance charged required by such creditor in
connection with such transaction, whichever is the greater, except that such liability shall not exceed
P2,000 on any credit transaction. Action to recover such penalty may be brought by such person within
one year from the date of the occurrence of the violation, in any court of competent jurisdiction. In any
action under this subsection in which any person is entitled to a recovery, the creditor shall be liable for
reasonable attorney's fees and court costs as determined by the court.

(b) Except as specified in subsection (a) of this section, nothing contained in this Act or any regulation
contained in this Act or any regulation thereunder shall affect the validity or enforceability of any
contract or transactions.

(c) Any person who willfully violates any provision of this Act or any regulation issued thereunder shall
be fined by not less than P1,00 or more than P5,000 or imprisonment for not less than 6 months, nor
more than one year or both.

(d) No punishment or penalty provided by this Act shall apply to the Philippine Government or any
agency or any political subdivision thereof.

(e) A final judgment hereafter rendered in any criminal proceeding under this Act to the effect that a
defendant has willfully violated this Act shall be prima facie evidence against such defendant in an
action or proceeding brought by any other party against such defendant under this Act as to all matters
respecting which said judgment would be an estoppel as between the parties thereto.

Section 7. This Act shall become effective upon approval.

A Summary of RA No. 10173 or the Data Privacy Act of 2012

n 2012, the Philippines passed Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA) “to protect
the fundamental human right to privacy of communication while ensuring free flow of information to
promote innovation and growth [and] the [State’s] inherent obligation to ensure that personal
information in information and communications systems in government and in the private sector are
secured and protected”.

What acts are covered by the DPA?

The DPA and its Implementing Rules and Regulations (IRR) apply to all acts done or practices engaged in
and outside of the Philippines if:

 If the person, either an individual or an institution, involved in the processing of personal data is
located in the Philippines;

 The act or practice involves personal data of a Philippine citizen or Philippine resident;

 The processing of personal data is done in the Philippines; or

 The act, practice or processing of personal data is done by an entity with links to the Philippines,
subject to international law and comity.

“Personal data” refers to all types of personal information.

“Processing” is any operation/s performed upon personal data. These operations include, but are not
limited to the collection, recording, organization, storage, updating or modification, retrieval,
consultation, use, consolidation, blocking, erasure, or destruction of data.

Who implements the DPA?

The National Privacy Commission (NPC) is in charge of administering and implementing the DPA. It is
also tasked to monitor and ensure compliance of the Philippines with international standards for
personal data protection. The major functions of the NPC are as follows:

1. Rule making.

2. Advisory. The NPC is the advisory body on matters related to personal data protection.

3. Public education. – The NPC shall launch initiatives to educate the public about data privacy,
data protection and fair information rights and responsibilities.

4. Compliance and monitoring. – The body has compliance and monitoring functions to ensure
personal information controllers comply with the law. It is also tasked to manage the
registration of personal data processing systems.

5. Complaints and investigations.

 6. Enforcement.

“Personal information controller” is an individual or institution, or any other body who controls the
processing of personal data, or instructs another to process personal data on its behalf.

How to comply with the Data Privacy Act?

If you are a personal information controller, you are required to comply with the following in accordance
with the law:

Registration of data processing systems (DPS). An individual or institution employing fewer than 250
employees need not register unless its data processing operations:

involves sensitive personal information of at least 1,000 individuals; likely to pose a risk to the rights and
freedoms of data subjects; or the processing is not occasional.

Notification of automated processing operations where the processing becomes the sole basis of
making decisions about a data subject and when the decisions would significantly affect the data
subject. A “data subject” is an individual whose personal, sensitive personal or privileged information is
process.

NOTE:  No decision with legal effects concerning a data subject shall be made solely on the basis of
automated processing without the consent of the data subject. The consent may be in written,
electronic or recorded form. It may be given by a lawful representative or agent.

Appointment of a Data Protection Officer in charge of ensuring compliance with the DPA;

Creation of a data breach response team that will immediately address security incidents or personal
data breach;

Adoption of data protection policies that provide for data security measures and security incident
management;

Annual report of the summary of documented security incidents and personal data breaches; and

Compliance with other requirements as may be provided by the NPC.

What should you do in the event of a data breach?

The law requires a data breach notification within 72 hours upon knowledge of the breach or reasonable
belief that it has occurred to the NPC and the data subject. The notification is generally required when
the breach involves sensitive personal information or any other information that may be used to enable
identity fraud; this information has been acquired by an unauthorized person; and the acquisition is
likely to give rise to a real risk of serious harm to the affected data subject.

The NPC may investigate the breach, depending on its nature or if there is a delay or failure to notify.
Inquiries may include on-site examination of systems and procedures.

Kinds of Deposits

1) Demand deposits are those liabilities of banks which are denominated in Philippine currency
and are subject to payment in legal tender upon demand by presentation of checks. In here, no
interest is paid by the bank because the depositor can take out his funds any time. It is called
demand deposit because the depositor can withdraw the money he deposited on the very same
day.
2) Savings Account, which is the most common type of deposit, is usually evidenced by a passbook.
Under the fine print, if you deposit today, you cannot withdraw the amount until 60 days later.
Bank pays an interest rate, but not as high as time deposits.
3) Time Deposit is an account with fixed term. The interest rate is stipulated depending on the
number of days. During this period, the money deposited cannot be withdrawn. It has a higher
rate of interest than saving account.
4) Negotiable Order of Withdrawal (NOW) Account is an interest-bearing deposit account that
combines the payable on demand feature of checks and investment feature of savings accounts.
5) Other Account is one that may be opened by one individual or by two or more persons.
Whenever two or more persons open an account, the same may be an “and/or account” or an
“and” account.

 A bank other than a UB or CB cannot accept or create demand deposits except upon prior
approval of, and subject to such conditions and rules as may be prescribed by the Monetary
Board.
Salient Features of Republic Act 8792 – The E-Commerce Law

Republic Act 8792, was signed into law last June 14, 2000. It is a landmark legislation in the history of the
Philippines. Not only has this bill made the country a legitimate player in the global marketplace. The
Philippine Internet community has played a major role in pushing for its passage. The law took effect last
June 19, 2000.

Here are the salient features of Republic Act 8792:

1. It gives legal recognition of electronic data messages, electronic documents, and electronic
signatures. (section 6 to 13)

2. Allows the formation of contracts in electronic form. (section 16)

3. Makes banking transactions done through ATM switching networks absolute once consummated.
(section 16)

4. Parties are given the right to choose the type and level of security methods that suit their needs.
(section 24)

5. Provides the mandate for the electronic implementation of transport documents to facilitate carriage
of goods. This includes documents such as, but not limited to, multi-modal, airport, road, rail, inland
waterway, courier, post receipts, transport documents issued by freight forwarders, marine/ocean bill of
lading, non-negotiable seaway bill, charter party bill of lading. (section 25 and 26)

6. Mandates the government to have the capability to do e-commerce within 2 years or before June 19,
2002. (section 27)

7. Mandates RPWeb to be implemented. RPWeb is a strategy that intends to connect all government
offices to the Internet and provide universal access to the general public. The Department of
Transportation and Communications, National Telecommunications Commission, and National
Computer Center will come up with policies and rules that shall lead to substantial reduction of costs of
telecommunication and Internet facilities to ensure the implementation of RPWeb. (section 28)

8. Made cable, broadcast, and wireless physical infrastructure within the activity of telecommunications.
(section 28)

9. Empowers the Department of Trade and Industry to supervise the development of e-commerce in the
country. It can also come up with policies and regulations, when needed, to facilitate the growth of e-
commerce. (section 29)

10. Provided guidelines as to when a service provider can be liable. (section 30)

11. Authorities and parties with the legal right can only gain access to electronic documents, electronic
data messages, and electronic signatures. For confidentiality purposes, it shall not share or convey to
any other person. (section 31 and 32)
12. Hacking or cracking, refers to unauthorized access including the introduction of computer viruses, is
punishable by a fine from 100 thousand to maximum commensurating to the damage. With
imprisonment from 6 months to 3 years. (section 33)

13. Piracy through the use of telecommunication networks, such as the Internet, that infringes
intellectual property rights is punishable. The penalties are the same as hacking. (section 33)

14. All existing laws such as the Consumer Act of the Philippines also applies to e-commerce
transactions. (section 33)

Anyone who uses the Internet, computer, cellular phone, and other IT-enabled devices has the duty to
know RA8792. As the old saying goes, “Ignorance of the law doesn”t excuse anyone.”
On 14 June 2000, President Joseph E. Estrada signed into law R.A. 8792 "An Act Providing For The
Recognition And Use of Electronic Commercial And Non-Commercial Transactions, Penalties For
Unlawful Use Thereof, And Other Purposes, also known as the "Electronic Commerce Act."

In its Declaration of Policy (Section 2), it is declared that "The State recognizes the vital role of
information and communications technology (ICI) in nation building. The Objective and Sphare of
Application of the new law are as hereunder stated:

Sec. 3. Objective - This Act aims to facilitate domestic and international dealings, transactions,
arrangements, agreements, contracts and exchanges and storage of information through the utilization
of electronic, optical and similar medium, mode, instrumentality and technology to recognize the
authenticity and reliability of electronic data messages or electronic documents related to such activities
and to promote the universal use of electronic transactions in the government and by the general
public. Sec. 4. Sphere of Application - This Act shall apply to any kind of electronic data message and
electronic document used in the context of commercial and non-commercial activities to include
domestic and international dealings, transactions, arrangements, agreements, contracts and exchanges
and storage of information.

The new law defines in Section 5 thereof what constitutes "electronic data message", "electronic
signature" and "electronic document", as follows:

c) "Electronic data message" refers to information generated, sent, received or stored by electronic,
optical or similar means.

e) "Electronic signature" refers to any distinctive mark, characteristic and/or sound in electronic form,
representing the identity of a person and attached to or logically associated with the electronic data
message or electronic document or any methodology or procedures employed or adopted by a person
and executed or adopted by such person with the intention of authenticating or approving an electronic
data message or electronic document.

f) "Electronic document" refers to information or the representation of information, data, figures,

symbols or other modes of written expression, described or however represented, by which a right is
established or an obligation extinguished, or by which a fact may be proved and affirmed, which is
received, recorded, transmitted, stored, processed, retrieved or produced electronically.

A) Legal Recognition / Admissibility As Evidence

The new law gives legal recognition to electronic data messages, electronic documents and electronic
signatures.

Thus, Section 6, 7 and 8 provides:

Sec. 6. Legal Recognition of Electronic Data Message - Information shall not be denied validity or
enforceability solely on the ground that it is in the form of an electronic data message purporting to give
rise to such legal effect, or that it is merely incorporated by reference in that electronic data message.
Sec. 7. Legal Recognition of Electronic Documents - Electronic documents shall have the legal effect,
validity or enforceability as any other document or legal writing, and

(a) Where the law requires a document to be in writing, that requirement is met by an electronic
document if the said electronic document maintains its integrity and reliability and can be authenticated
so as to be usable for subsequent reference, in that -

i) The electronic document has remained complete and unaltered, apart from the addition of any
endorsement and any authorized change, or any change which arises in the normal course of
communication, storage and display; and

ii) The electronic document is reliable in the light of the purpose for which it was generated and in the
light of all relevant circumstances.

(b) Paragraph (a) applies whether the requirement therein is in the form of an obligation or whether the
law simply provides consequences for the document not being presented or retained in its original form.
(c)Where the law requires that a document be presented or retained in its original form, that
requirement is met by an electronic document if -

i) There exists a reliable assurance as to the integrity of the document from the time when it was first
generated in its final form; and

ii) That document is capable of being displayed to the person to whom it is to be presented: Provided,
That no provision of this Act shall apply to vary any and all requirements of existing laws on formalities
required in the execution of documents for their validity.

For evidentiary purposes, an electronic document shall be the functional equivalent of a written
document under existing laws.

This Act does not modify any statutory rule relating to the admissibility of electronic data messages or
electronic documents, except the rules relating to authentication and best evidence.

Sec. 8. Legal Recognition of Electronic Signatures - An electronic signature on the electronic documents
shall be equivalent to the signature of a person on a written document if the signature is an electronic
signature and proved by showing that a prescribed procedure, not alterable by the parties interested in
the electronic document, existed under which -

a) A method is used to identify the party sought to be bound and to indicate said party’s access to the
electronic document necessary for his consent or approval through the electronic signature; b) Said
method is reliable and appropriate for the purpose for which the electronic document was generated or
communicated, in the light of all circumstances, including any relevant agreement; c) It is necessary for
the party sought to be bound, in order to proceed further with the transaction, to have executed or
provided the electronic signature; and d) The other party is authorized and enabled to verify the
electronic signature and to make the decision to proceed with the transaction authenticated by the
same.
The foregoing provisions put at rest the legal debate on whether or not Philippine Courts will accept
electronic contracts or documents as evidence.

The Rules of Court (Rules 128-134) govern court procedures and processes. Rule 130, at Section 2 of the
same, provides that documentary evidence are "those which consist of writings or any material
containing letters, words, figures, symbols, or other modes of written expressions offered as proof of its
contents." Are electronically generated data or documents covered under the said Rules?

The Supreme Court, in a sedition case (People vs. Burgos, 200 SCRA 67), had occasion to rule on whether
evidence submitted in electronic form could be admissible as evidence. Burgos argued that the evidence
– contained in diskettes – which the military had sought to introduce against him could not be
admissible as the military could have tampered with it. The judge in the lower court agreed with him
and disallowed the presentation of the evidence. In the Supreme Court, the lower court was reversed
and was directed to admit the evidence. But instead of ruling, however, on whether an electronic –
generated evidence was admissible or not, it relied on the presumption of regularity in the performance
of public service. It allowed the introduction of the evidence on the ground that there was no showing
that the military had tampered with the diskette. Thus, the issue of electronically generated
documents/data as evidence was not squarely decided upon.

The new law now expressly provides that for evidentiary purposes, an electronic document shall be the
functional equivalent of a written document under existing laws. Under this principle of "functional
equivalent" any electronic data message, document or signature, which is the functional equivalent of a
written document or original signature, it is now clearly admissible as evidence. The operative words for
admissibility are "integrity", "reliability" and "can be authenticated". Thus, Sections 10 and 11 of the
new law provides:

Sec. 10. Original Documents - (1) Where the law requires information to be presented or retained in its
original form, that requirement is met by an electronic data message or electronic document if:

a) the integrity of the information from the time when it was first generated in its final form, as an
electronic data message or electronic document is shown by evidence aliunde or otherwise; and b)
where it is required that information be presented, that the information is capable of being displayed to
the person to whom it is to be presented.

(2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or whether the
law simply provides consequences for the information not being presented or retained in its original
form.

(3) For the purposes of subparagraph (a) of paragraph (1):

a) the criteria for assessing integrity shall be whether the information has remained complete and
unaltered, apart from the addition of any endorsement and any change which arises in the normal
course of communication, storage and display; and
b) the standard of reliability required shall be assessed in the light of the purpose for which the
information was generated and in the light of all the relevant circumstances.

Sec. 11. Authentication of Electronic Data Messages and Electronic Documents -  Until the Supreme Court
by appropriate rules shall have so provided, electronic documents, electronic data messages and
electronic signatures, shall be authenticated by demonstrating, substantiating and validating a claimed
identity of a user, device, or another entity in an information or communication system, among other
ways.

The new law further provides in Section 12 thereof that electronic messages and electronic documents
are admissible and have evidential weight. Thus:

Sec. 14. Admissibility and Evidential Weight of Electronic Data Messages or Electronic Documents - In
any legal proceedings, nothing in the application of the rules on evidence shall deny the admissibility of
an electronic data message or electronic document in evidence -

a. On the sole ground that it is in electronic form; or

b. On the ground that it is not in the standard written form, and the electronic data message or
electronic document meeting, and complying with the requirements under Sections 6 or 7 hereof shall
be the best evidence of the agreement and transaction contained therein.

In assessing the evidential weight of an electronic data message or electronic document, the reliability
of the manner in which it was generated, stored or communicated, the reliability of the manner in which
its originator was identified, and other relevant factors shall be given due regard.

(a) Carriage Of Goods

With reference to electronic commerce in carriage of goods, the new law provides in Section 26 thereof
that "where the law requires that any action (in connection with a contract of carriage of goods) be
carried out in writing or by using a paper document, that requirement is met if the action is carried out
by using one or more electronic data or electronic documents." Thus, electronic messages or electronic
documents may be used as "functional equivalents" of written or paper documents in connection with
the following instances:

a)

i) furnishing the marks, number, quantity or weight of goods;

ii) stating or declaring the nature or value of goods;

iii) issuing a receipt for goods;

iv) confirming that goods have been loaded;

b)
i) notifying a person of terms and conditions of the contract

ii) giving instructions to a carrier;

c)

i) claiming delivery of goods;

ii) authorizing release of goods;

iii) giving notice of loss, or damage to goods;

d) giving any other notice or statement in connection with the performance of the contract;

e) undertaking to deliver goods to a named person or a person authorized to claim delivery;

f) granting, acquiring, renouncing surrendering, transferring or negotiating rights in goods;

g) acquiring or transferring rights and obligations under the contract.

(b) Electronic Transactions In Government

The new law mandates in Section 27 thereof that Government, within two (2) years from the date of
effectivity of the Act, must accept/use electronic data messages, electronic documents and electronic
signatures. Thus:

SEC. 27. Government Use of Electronic Data Messages, Electronic Documents and Electronic Signatures.
– Notwithstanding any law to the contrary, within two (2) years from the date of the effectivity of this
Act, all departments, bureaus, offices and agencies of the government, as well as all government-owned
and controlled corporations, that pursuant to law require or accept the filing of documents, require that
documents be created, or retained and/or submitted, issue permits, licenses or certificates or
registration or approval, or provide for the method and manner of payment or settlement of fees and
other obligations to the government, shall-

a) accept the creation, filing or retention of such documents in the form of electronic data messages or
electronic documents;

b) issue permits, licenses, or approval in the form of electronic data messages or electronic documents;

c) require and/or accept payments, and issue receipts acknowledging such payments, through systems
using electronic data messages or electronic documents; or

d) transact the government business and/or perform governmental functions using electronic data
messages or electronic documents, and for the purpose, are authorized to adopt and promulgate, after
appropriate public hearing and with due publication in newspapers of general circulation, the
appropriate rules, regulations, or guidelines, to among others, specify-
  the manner and format in which such electronic data messages or electronic documents shall be
filed, created, retained or issued;

 where and when such electronic data messages or electronic documents have to be signed, the
use of an electronic signature, the type of electronic signature required;

 the format or an electronic data message or electronic document and the manner the electronic
signature shall be affixed to the electronic data message or electronic document;

 the control processes and procedures as appropriate to ensure adequate integrity, security and
confidentiality of electronic data messages or electronic documents or records or payments;

 other attributes requires of electronic data messages or electronic documents or payment; and

 the full or limited use of the documents and papers for compliance with the government
requirements: Provided, That this Act shall by itself mandate any department of the
government, organ of state or statutory corporation to accept or issue any document in the
form of electronic data messages or electronic documents upon the adoption, promulgation and
publication of the appropriate rules, regulations, or guidelines.

(c) Confidentiality

Section 32 of the new law underscores the obligation for confidentiality. Thus:

Section 32. Obligation of Confidentiality. – Except for the purposes authorized under this Act, any person
who obtained access to any electronic key, electronic data message or electronic document, book,
register, correspondence, information, or other material pursuant to any powers conferred under this
Act, shall not convey to or share the same with any other person.

(d) Illegal Activities / Penalties

To protect internet users, consumers and owners of computer systems / servers and copyright owners,
the new law defines what constitutes illegal activities and provides penalties thereof. Thus:

SEC. 33. Penalties. – The following Acts shall be penalized by fine and/or imprisonment, as follows:

o Hacking or cracking which refers to unauthorized access into or interference in a

computer system/server or information and communication system; or any access in
order to corrupt, alter, steal, or destroy using a computer or other similar information
and communication devices, without the knowledge and consent of the owner of the
computer or information and communications system, including the introduction of
computer viruses and the like, resulting in the corruption, destruction, alteration, theft
or loss of electronic data messages or electronic documents shall be punished by a
minimum fine of One Hundred Thousand Pesos (P100,000.00) and a maximum
commensurate to the damage incurred and a mandatory imprisonment of six (6)
months to three (3) years;
o Piracy or the unauthorized copying, reproduction, dissemination, distribution,
importation, use, removal, alteration, substitution, modification, storage, uploading,
downloading, communication, making available to the public, or broadcasting of
protected material, electronic signature or copyrighted works including legally protected
sound recording or phonograms or information material on protected works, through
the use of telecommunication networks, such as, but not limited to, the internet, in a
manner that infringes intellectual property rights shall be punished by a minimum fine
of One Hundred Thousand Pesos (P100,000.00) and a maximum commensurate to the
damage incurred and a mandatory imprisonment of six (6) months to three (3) years;

o Violation of the Consumer Act or Republic Act No. 7394 and other relevant or pertinent
laws through transactions covered by or using electronic data messages or electronic
documents, shall be penalized with the same penalties as provided in those laws;

o Other violations of the provisions of this Act, shall be penalized with a maximum penalty
of One Million Pesos (P1,000,000.00) or six (6) years imprisonment.