Professional Documents
Culture Documents
1. DATA PRIVACY ACT OF 2012 – RA 1073 SERIES OF 2012 F. Information necessary for banks and other financial institutions
under the jurisdiction of the independent, central monetary
The Republic Act No. 10173, also known as the Data Privacy authority or Bangko Sentral ng Pilipinas to comply with Republic
Act of 2012, is one of the leading policies in the Philippines that Act No. 9510, and Republic Act No. 9160, as amended, otherwise
aim to achieve this goal. By definition, it is “an act protecting known as the Anti-Money Laundering Act and other applicable
individual personal information in information and communications laws; and
systems in the government and the private sector, creating for this
purpose a national privacy commission, and for other purposes”. It G. Personal information originally collected from residents of
is important to note that, although the act ensures the privacy of foreign jurisdictions in accordance with the laws of those foreign
the data of the people, it also ensures that information is readily jurisdictions, including any applicable data privacy laws, which are
disseminated as well. This is elaborated in Section 2 which states being processed in the Philippines.
that the Data Privacy Act, “is the policy of the State to protect the
fundamental human right of privacy, of communication while With the policy being enacted, it is then implemented by the
ensuring free flow of information to promote innovation and growth. National Privacy Commission, as declared in Section 7. The
The State recognizes the vital role of information and functions of the National Privacy commission is as follows:
communications technology in nation-building and its inherent
obligation to ensure that personal information in information and A. Ensure compliance of personal information controllers with the
communications systems in the government and in the private provisions of this Act;
sector are secured and protected.” The data that is primarily being
protected through this act is personal information and according to B. Receive complaints, institute investigations, facilitate or enable
Section 3, it “refers to any information whether recorded in a settlement of complaints through the use of alternative dispute
material form or not, from which the identity of an individual is resolution processes, adjudicate, award indemnity on matters
apparent or can be reasonably and directly ascertained by the affecting any personal information, prepare reports on disposition
entity holding the information or when put together with other of complaints and resolution of any investigation it initiates, and, in
information would directly and certainly identify an individual.” cases it deems appropriate, publicize any such report: Provided,
That in resolving any complaint or investigation (except where
The broad definition of this act can be specified by the amicable settlement is reached by the parties), the Commission
scope found in Section 4 which states that “This Act applies to the shall act as a collegial body. For this purpose, the Commission
processing of all types of personal information and to any natural may be given access to personal information that is subject of any
and juridical person involved in personal information processing complaint and to collect the information necessary to perform its
including those personal information controllers and processors functions under this Act; 4
who, although not found or established in the Philippines, use
equipment that is located in the Philippines, or those who maintain C. Issue cease and desist orders, impose a temporary or
an office, branch or agency in the Philippines subject to the permanent ban on the processing of personal information, upon
immediately succeeding paragraph: Provided, That the finding that the processing will be detrimental to national security
requirements of Section 5 are complied with.” It is also determined and public interest;
by the same section that the act does not apply to the following:
D. Compel or petition any entity, government agency or
A. Information about any individual who is or was an officer or instrumentality to abide by its orders or take action on a matter
employee of a government institution that relates to the position or affecting data privacy;
functions of the individual
E. Monitor the compliance of other government agencies or
B. Information about an individual who is or was performing instrumentalities on their security and technical measures and
service under contract for a government institution that relates to recommend the necessary action in order to meet minimum
the services performed, including the terms of the contract, and the standards for protection of personal information pursuant to this
name of the individual given in the course of the performance of Act;
those services;
F. Coordinate with other government agencies and the private
sector on efforts to formulate and implement plans and policies to B. Be furnished the information indicated hereunder before the
strengthen the protection of personal information in the country; entry of his or her personal information into the processing system
of the personal information controller, or at the next practical
G. Publish on a regular basis a guide to all laws relating to data opportunity:
protection; 1. Description of the personal information to be entered
into the system;
H. Publish a compilation of agency system of records and notices, 2. Purposes for which they are being or are to be
including index and other finding aids; processed;
3. Scope and method of the personal information
I. Recommend to the Department of Justice (DOJ) the prosecution processing;
and imposition of penalties specified in Sections 25 to 29 of this 4. The recipients or classes of recipients to whom they
Act; are or may be disclosed;
5. Methods utilized for automated access, if the same is
J. Review, approve, reject or require modification of privacy codes allowed by the data subject, and the extent to which such
voluntarily adhered to by personal information controllers: access is authorized;
Provided, That the privacy codes shall adhere to the underlying 6. The identity and contact details of the personal
data privacy principles embodied in this Act: Provided, further, information controller or its representative;
That such privacy codes may include private dispute resolution 7. The period for which the information will be stored; and
mechanisms for complaints against any participating personal 8. The existence of their rights, i.e., to access, correction,
information controller. For this purpose, the Commission shall as well as the right to lodge a complaint before the
consult with relevant regulatory agencies in the formulation and Commission.
administration of privacy codes applying the standards set out in
this Act, with respect to the persons, entities, business activities C. Reasonable access to, upon demand, the following:
and business sectors that said regulatory bodies are authorized to 1. Contents of his or her personal information that were
principally regulate pursuant to the law: Provided, finally. That the processed;
Commission may review such privacy codes and require changes 2. Sources from which personal information were
thereto for purposes of complying with this Act; obtained;
K. Provide assistance on matters relating to privacy or data 3. Names and addresses of recipients of the personal
protection at the request of a national or local agency, a private information;
entity or any person; 4. Manner by which such data were processed;
5. Reasons for the disclosure of the personal information
L. Comment on the implication on data privacy of proposed to recipients;
national or local statutes, regulations or procedures, issue advisory 6. Information on automated processes where the data
opinions and interpret the provisions of this Act and other data will or likely to be made as the sole basis for any decision
privacy laws; significantly affecting or will affect the data subject;
7. Date when his or her personal information concerning
M. Propose legislation, amendments or modifications to Philippine the data subject were last accessed and modified; and
laws on privacy or data protection as may be necessary; 8. The designation, or name or identity and address of
the personal information controller;
N. Ensure proper and effective coordination with data privacy
regulators in other countries and private accountability agents, D. Dispute the inaccuracy or error in the personal information and
participate in international and regional initiatives for data privacy have the personal information controller correct it immediately and
protection; accordingly, unless the request is vexatious or otherwise
unreasonable. If the personal information have been corrected, the
O. Negotiate and contract with other data privacy authorities of personal information controller shall ensure the accessibility of
other countries for cross-border application and implementation of both the new and the retracted information and the simultaneous
respective privacy laws; receipt of the new and the retracted information by recipients
thereof: Provided, That the third parties who have previously
P. Assist Philippine companies doing business abroad to respond received such processed personal information shall he informed of
to foreign privacy or data protection laws and regulations; and its inaccuracy and its rectification upon reasonable request of the
data subject;
Q. Generally, perform such acts as may be necessary to facilitate E. Suspend, withdraw or order the blocking, removal or destruction
cross-border enforcement of data privacy protection. of his or her personal information from the personal information
controller’s filing system upon discovery and substantial proof that
Alongside privacy, confidentiality is also established by this act. the personal information are incomplete, outdated, false, unlawfully
The difference between the two concepts is that privacy protects obtained, used for unauthorized purposes or are no longer
personal information, while confidentiality protects different types necessary for the purposes for which they were collected. In this
of information from unauthorized persons. Under Section 8 of this case, the personal information controller may notify third parties
act, it states that “the commission shall ensure at all times the who have previously received such processed personal
confidentiality of any personal information that comes to its information; and
knowledge and possession.”
F. Be indemnified for any damages sustained due to such
Chapter IV, section 16 of this act acknowledges and identified the inaccurate, incomplete, outdated, false, unlawfully obtained or
rights of the data subject as follows: unauthorized use of personal information.
4. Improved patient education Patient education is becoming 2. Lack of Empathy in Patient and Doctor Interaction Even
increasingly important in healthcare, and experts are adopting when they are not physically present to one another, technology
technology that might assist better inform and engage patients. can help keep healthcare personnel and patients linked. Instead of
Technology has enabled the delivery of personalized health relying on sporadic consultations, it is conceivable, for instance, to
education information to patients depending on their unique create and update a treatment plan on an ongoing basis by
requirements and situations. The Patient Electronic Portal, for utilizing data and technology. As we proceed through the COVID-
example, is a secure online tool that gives patients access to their 19 pandemic, clinicians are using telehealth more and more as a
personal health information as well as two-way electronic contact critical tool. In these hard times, the use of such instruments has
with their care provider by computer or mobile device. According to maintained the healthcare system and ensured that patients
one study, this application has boosted patients' adherence to receive continuity of treatment. Similar to earlier detection of
preventative medical measures, medical adherence, possible problems, remote patient monitoring can reduce
selfawareness, and illness management. healthcare expenses by preventing future consequences.
Telehealth and remote monitoring also make it possible to solve
5. Wearable Technology Modern technology introduced wearable the scarcity of clinicians in rural places that has plagued many
medical technology tools in the market. These devices are a kind nations, including our own. However, there could be problems as a
result of how technology has evolved to serve as the conduit concerned with the manipulation and abuse of consumer data and
between patients and clinicians. The personal touch of therapy is massive data breaches in relation to the human selfish pursuits of
removed while working with dashboards on connected medical their own goals. Because of this, a person’s dignity and their right
devices and computers, which leads to a loss of empathy for to privacy are being violated. As technology progresses, it also
patient care. Using technology as the interface for care can be becomes more susceptible to hacking. This involves hacking into
frustrating and confusing, especially for elderly and vulnerable medical devices that can result in endangering human life
patients. It may also lead to misunderstandings about treatment undergoing treatment. Implantable cardiac devices such as the
plans or patient noncompliance. pacemakers are among the top most prone to hacking, along with
smart pens, drug infusions, insulin pumps, and wearable vital
3. Frustration with Poor Implementation The proverb monitors. Even though there were no current reports of hackers
"technology is fantastic — when it works" comes to mind as we harming patients, these issues on medical devices should be taken
continue to analyze the advantages and disadvantages of medical seriously since they contain cybersecurity vulnerabilities that
technology. According to research by Asurion, 80% of Americans potentially pose a threat to the patient’s health.
have at least one frustrating experience with technology every day.
Systems need to be precise, simple to use, and ultimately better
than the current patient care practices in order for technology to A. Medical Devices Prone to Hacking:
benefit healthcare. It is crucial for clinicians and medical 1. Pacemakers and heart rate monitors
professionals to make sure that the technology they use is simple 2. MRI devices
to use and comprehend, rather than a burden. Healthcare 3. Hospital networks
practitioners who spend more time battling technology than 4. Wearable health devices
providing patient care are more inclined to ignore its use and new 5. Insulin pumps
developments. However, even for healthcare professionals that 6. Cochlear implants and hearing aids
support the use and implementation of technology, it is essential to
make sure that the results produced by the technology are more B. Reasons for Hacking Medical Devices:
accurate or better at diagnosing. Care must be taken to ensure 1. Targeting Individuals- goal is to kill individual
that healthcare personnel are aware of the limitations of emerging 2. Corrupting Systems- Viruses and malware
technologies like AI and machine learning. For instance, because 3. Stealing personal or medical data- Sensitive-detailed
they are trained on historical data, many machine learning models information of a person
struggle to adjust to changes over time when operational data 4. Finding back doors into larger networks- Break into wider
significantly differs from learned data. Similar to this, practitioners hospital networks
who rely too heavily on AI/ML systems may become complacent
and fail to crosscheck or take other factors into account when I. Possible Solutions for Data Surveillance and Data Privacy:
making predictions. The ongoing use of technology in healthcare is 1. Data Privacy Act of 2012 - Republic Act No. 10173 - One of the
risky if it does not improve care in terms of speed, efficiency, or leading policies aims to protect data and maintain its security. - It is
accuracy. meant to cover both natural and juridical persons involved in
processing personal information.
4. Increased Cost of the Treatment for the Patients. One of the
drawbacks of medical technology is the rising expense of care. 2. Upgrade operating systems, implement patches and ensure
The majority of technologically assisted treatments and network visibility - Keeping software up to date is an essential
procedures, such as robotic surgery and other types of component of maintaining cybersecurity. - Systems must keep
technological machinery surgeries, are quite expensive. ahead of hackers to remain protected against the latest malware
Additionally, the majority of the patients are impoverished and from and other threats.
rural areas. Poor folks are unable to afford pricey operations.
Technology improved healthcare, but it also raised its price which 3. Educate and spread awareness to healthcare providers -
the sufferers are unable to pay. Healthcare providers must be trained in cybersecurity best
practices. - They should have regular training sessions on how
C. CURRENT TECHNOLOGY: ISSUE AND DILEMMA breaches commonly occur, and conduct periodic risk
assessments.
Indeed, technology in the present is undeniably upgrading day by
day. It has achieved tremendous success as it provides our society 4. Adopt multi-layered authentication - Example: Biometrics
with products and services that make everyday life easier.
However, as it continually progresses, many issues and dilemmas Misinformation, Disinformation, and Fake News
concerning technology as well as its effects on the medical field Misinformation, disinformation, and fake news are one of the
emerge. Some of the areas of concern the technology is currently issues encountered as the current technology continues to
facing include digital surveillance and data privacy, misinformation develop. Fake news are news and stories on the internet that are
or fake news, lowquality and counterfeit pharmaceuticals, and not true. It may be in the form of disinformation or misinformation.
effects on physical and mental health. If today’s generation fails to Disinformation is defined as false information that is spread to
provide a holistic solution to these concerns, it will likely cause the deliberately cause harm. Moreover, misinformation is the term that
future to struggle and fail in dealing with the same obstacles. is generally used to refer to misleading information disseminated
without the intent to cause harm. One of the most subtle and
Digital Surveillance and Data Privacy detrimental effects of technology today is how our society views
truth, and how the information overload we face every day causes
With the rampant growth of technology and our dependence on it, all of us to lose touch with reality. Because of the increasing
there is also a growing concern over personal data and the use of amount of information online, it is getting harder to determine
data. According to research by Silvergate, Kosmowski, Horn, and which is based on facts, frauds, or lies. This becomes more
Jarvis (2021), data privacy is among the top concerns or dangerous especially when children and young people will be
dilemmas, as the issue is somewhat critical and needs to be persuaded to do things that they have read or seen on the internet,
addressed over the next few years. The problem is mostly and will eventually cause harm to other people. One perfect
example of this is the spread of false information about COVID and societal norms. Because of the rapid progress within the fields of
COVID vaccines. Because of the fake news and misinformation nanotechnology, biotechnology, information technology and
disseminated in a lot of platforms, a lot of people lose their trust in cognitive science, the evolutionary status of humans has been
the circulating facts about these topics; thus, a lot of people also brought into question.
refuse to get vaccinated and may also result in endangering their
16 health. It is a right of a person to be informed, and spreading Issues on Human enhancement:
false information suppresses this right of a person.
- Mainly revolves around the question of whether there is a
Possible Solutions: common “nature” that all human beings share and which is
1. Research unwarrantedly violated by enhancing a human being’s capabilities
2. Verify Information beyond the normal level defined by this shared “nature”.