PH data privacy bill hurdles second reading
The countryâs booming BPO sector has something to look forward to this year as the House of Representatives passed last week on second reading the proposed Data Privacy Act, which seeks to govern and establish fair practices in the collection and use of personal details stashed in the computer systems of the private sector and the government. The outsourcing sector is the one of the primary backers of the proposed law since a huge number of confidential data is processed in the country from other countries, particularly the US. The House action came shortly after the committee on information and communications technology, along with the committee on government reorganization, endorsed the bill authored chiefly by representatives Roman Romulo of Pasig City and Susan Yap of Tarlac. Romulo, who also serves as House deputy majority leader, said the measure:
- Covers all entities and individuals involved in the gathering and processing of all types of personal information;
- Sets rigorous standards for and controls on the lawful culling, processing and retrieval of personal information;
- Defines the rights of data subjects, or the individuals whose personal information are being compiled; and
- Mandates the Commission on Information and Communications Technology (CICT) as administrator of all electronic data privacy controls.
- The measure would prevent the misuse of personal facts in computer systems, including identity theft; reinforce consumer confidence in electronic commerce; and build up the countryâs business process outsourcing (BPO) activities that handle a great deal of personal information, according to Romulo.
- The data subject has given his or her clear consent, which must be in writing or through other similar means of express consent, depending on the circumstances;
- The processing is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract;
- The processing is required to protect the data subjectâs vital interests, including life and health; or
- The processing is needed in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority.