Ra 10173 Data Privacy

8/20/2019 Ra 10173 Data Privacy

1/9

Republic of the Philippines

Congress of the Philippines

Metro Manila

Fifteenth Congress

Second Regular Session

Begun and held in Metro Manila, on Monday, the twenty-fifth day of July, two thousand eleven.

[REPUBLI !" #$. %&%'()

AN ACT PROTECTING INI!I"A# PERSONA# INFORMATION IN INFORMATION AN

COMM"NICATIONS S$STEMS IN T%E GO!ERNMENT AN T%E PRI!ATE SECTOR&

CREATING FOR T%IS P"RPOSE A NATIONA# PRI!AC$ COMMISSION& AN FOR OT%ER

P"RPOSES

Be it enacted, by the Senate and House of Representatives of the Philippines in Congress assembled:

*!P"ER I

+E#ER!L PR$II$#

E"I$# %. Short Title. "his !t shall /e 0nown as the 12ata Privay !t of 3&%34.

E. 3. !eclaration of Policy. It is the 5oliy of the tate to 5rotet the funda6ental hu6an right of

5rivay, of o66uniation while ensuring f ree flow of infor6ation to 5ro6ote innovation and growth.

"he tate reogni7es the vital role of infor6ation and o66uniations tehnology in nation-/uilding and

its inherent o/ligation to ensure that 5ersonal infor6ation in infor6ation and o66uniations syste6s in

the govern6ent and in the 5rivate setor are seured and 5roteted.

E. (. !efinition of Terms. 8 9henever used in this !t, the following ter6s shall have the res5etive

6eanings hereafter set forth:

;a< Commission shall refer to the #ational Privay o66ission reated /y virtue of this !t.

;/< Consent of the data sub"ect refers to any freely given, s5eifi, infor6ed indiation of will, where/y

the data su/=et agrees to the olletion and 5roessing of 5ersonal infor6ation a/out and>or relating to

hi6 or her. onsent shall /e evidened /y written, eletroni or reorded 6eans. It 6ay also /e given on

/ehalf of the data su/=et /y an agent s5eifially authori7ed /y the data su/=et to do so.

;


2/9

;(< Issued /y govern6ent agenies 5euliar to an individual whih inludes, /ut not li6ited to, soial

seurity nu6/ers, 5revious or 6-rent health reords, lienses or its denials, sus5ension or revoation,

and ta? returnsA and

;C< 5eifially esta/lished /y an e?eutive order or an at of ongress to /e 0e5t lassified.

E. C. Scope. 8 "his !t a55lies to the 5roessing of all ty5es of 5ersonal infor6ation and to any natural

and =uridial 5erson involved in 5ersonal infor6ation 5roessing inluding those 5ersonal infor6ation

ontrollers and 5roessors who, although not found or esta/lished in the Phili55ines, use e@ui56ent that

are loated in the Phili55ines, or those who 6aintain an offie, /ranh or ageny in the Phili55ines

su/=et to the i66ediately sueeding 5aragra5h: Provided, "hat the re@uire6ents of etion D areo65lied with.

"his !t does not a55ly to the following:

;a< Infor6ation a/out any individual who is or was an offier or e65loyee of a govern6ent institution

that relates to the 5osition or funtions of the individual, inluding:

;%< "he fat that the individual is or was an offier or e65loyee of the govern6ent institutionA

;3< "he title, /usiness address and offie tele5hone nu6/er of the individualA

;(< "he lassifiation, salary range and res5onsi/ilities of the 5osition held /y the individualA and

;C< "he na6e of the individual on a dou6ent 5re5ared /y the individual in the ourse of e65loy6ent

with the govern6entA

;/< Infor6ation a/out an individual who is or was 5erfor6ing servie under ontrat for a govern6ent

institution that relates to the servies 5erfor6ed, inluding the ter6s of the ontrat, and the na6e of the

individual given in the ourse of the 5erfor6ane of those serviesA

;< Infor6ation relating to any disretionary /enefit of a finanial nature suh as the granting of a liense

or 5er6it given /y the govern6ent to an individual, inluding the na6e of the individual and the e?at

nature of the /enefitA

;d< Personal infor6ation 5roessed for =ournalisti, artisti, literary or researh 5ur5osesA

;e< Infor6ation neessary in order to arry out the funtions of 5u/li authority whih inludes the

5roessing of 5ersonal data for the 5erfor6ane /y the inde5endent, entral 6onetary authority and law

enfore6ent and regulatory agenies of their onstitutionally and statutorily 6andated funtions. #othing

in this !t shall /e onstrued as to have a6ended or re5ealed Re5u/li !t #o. %C&D, otherwise 0nown as

the erey of Ban0 2e5osits !tA Re5u/li !t #o. C3, otherwise 0nown as the Foreign urreny

2e5osit !tA and Re5u/li !t #o. GD%&, otherwise 0nown as the redit Infor6ation yste6 !t ;I!


3/9

;/< Reeive o65laints, institute investigations, failitate or ena/le settle6ent of o65laints through the

use of alternative dis5ute resolution 5roesses, ad=udiate, award inde6nity on 6atters affeting any

5ersonal infor6ation, 5re5are re5orts on dis5osition of o65laints and resolution of any investigation it

initiates, and, in ases it dee6s a55ro5riate, 5u/lii7e any suh re5ort: Provided, "hat in resolving any

o65laint or investigation ;e?e5t where a6ia/le settle6ent is reahed /y the 5arties


4/9

"rans5ortation $ffie ;L"$


5/9

E. %C. Subcontract of Personal %nformation. & 5ersonal infor6ation ontroller 6ay su/ontrat the

5roessing of 5ersonal infor6ation: Provided, "hat the 5ersonal infor6ation ontroller shall /e

res5onsi/le for ensuring that 5ro5er safeguards are in 5lae to ensure the onfidentiality of the 5ersonal

infor6ation 5roessed, 5revent its use for unauthori7ed 5ur5oses, and generally, o65ly with the

re@uire6ents of this !t and other laws for 5roessing of 5ersonal infor6ation. "he 5ersonal infor6ation

5roessor shall o65ly with all the re@uire6ents of this !t and other a55lia/le laws.

E. %D. ()tension of Privileged Communication. Personal infor6ation ontrollers 6ay invo0e the

5rini5le of 5rivileged o66uniation over 5rivileged infor6ation that they lawfully ontrol or 5roess.

u/=et to e?isting laws and regulations, any evidene gathered on 5rivileged infor6ation is inad6issi/le.

*!P"ER I

RI+*" $F "*E 2!"! UBJE"

E. %. Rights of the !ata Sub"ect. 8 "he data su/=et is entitled to:

;a< Be infor6ed whether 5ersonal infor6ation 5ertaining to hi6 or her shall /e, are /eing or have /een

5roessedA

;/< Be furnished the infor6ation indiated hereunder /efore the entry of his or her 5ersonal infor6ation

into the 5roessing syste6 of the 5ersonal infor6ation ontroller, or at the ne?t 5ratial o55ortunity:

;%< 2esri5tion of the 5ersonal infor6ation to /e entered into the syste6A

;3< Pur5oses for whih they are /eing or are to /e 5roessedA

;(< o5e and 6ethod of the 5ersonal infor6ation 5roessingA

;C< "he rei5ients or lasses of rei5ients to who6 they are or 6ay /e dislosedA

;D< Methods utili7ed for auto6ated aess, if the sa6e is allowed /y the data su/=et, and the e?tent to

whih suh aess is authori7edA

;< "he identity and ontat details of the 5ersonal infor6ation ontroller or its re5resentativeA

;'< "he 5eriod for whih the infor6ation will /e storedA and

;< "he e?istene of their rights, i.e., to aess, orretion, as well as the right to lodge a o65laint /efore

the o66ission.

!ny infor6ation su55lied or delaration 6ade to the data su/=et on these 6atters shall not /e a6ended

without 5rior notifiation of data su/=et: Provided, "hat the notifiation under su/setion ;/< shall not

a55ly should the 5ersonal infor6ation /e needed 5ursuant to a subpoena or when the olletion and

5roessing are for o/vious 5ur5oses, inluding when it is neessary for the 5erfor6ane of or in relation

to a ontrat or servie or when neessary or desira/le in the onte?t of an e65loyer-e65loyee

relationshi5, /etween the olletor and the data su/=et, or when the infor6ation is /eing olleted and

5roessed as a result of legal o/ligationA

;< Reasona/le aess to, u5on de6and, the following:

;%< ontents of his or her 5ersonal infor6ation that were 5roessedA

;3< oures fro6 whih 5ersonal infor6ation were o/tainedA

;(< #a6es and addresses of rei5ients of the 5ersonal infor6ationA

;C< Manner /y whih suh data were 5roessedA

;D< Reasons for the dislosure of the 5ersonal infor6ation to rei5ientsA

;< Infor6ation on auto6ated 5roesses where the data will or li0ely to /e 6ade as the sole /asis for any

deision signifiantly affeting or will affet the data su/=etA

;'< 2ate when his or her 5ersonal infor6ation onerning the data su/=et were last aessed and

6odifiedA and

;< "he designation, or na6e or identity and address of the 5ersonal infor6ation ontrollerA

;d< 2is5ute the inauray or error in the 5ersonal infor6ation and have the 5ersonal infor6ation

ontroller orret it i66ediately and aordingly, unless the re@uest is ve?atious or otherwise

unreasona/le. If the 5ersonal infor6ation have /een orreted, the 5ersonal infor6ation ontroller shall

ensure the aessi/ility of /oth the new and the retrated infor6ation and the si6ultaneous reei5t of the

new and the retrated infor6ation /y rei5ients thereof: Provided, "hat the third 5arties who have

5reviously reeived suh 5roessed 5ersonal infor6ation shall he infor6ed of its inauray and its

retifiation u5on reasona/le re@uest of the data su/=etA

;e< us5end, withdraw or order the /lo0ing, re6oval or destrution of his or her 5ersonal infor6ation

fro6 the 5ersonal infor6ation ontrollers filing syste6 u5on disovery and su/stantial 5roof that the

5ersonal infor6ation are ino65lete, outdated, false, unlawfully o/tained, used for unauthori7ed

5ur5oses or are no longer neessary for the 5ur5oses for whih they were olleted. In this ase, the

5ersonal infor6ation ontroller 6ay notify third 5arties who have 5reviously reeived suh 5roessed

5ersonal infor6ationA and

;f< Be inde6nified for any da6ages sustained due to suh inaurate, ino65lete, outdated, false,

unlawfully o/tained or unauthori7ed use of 5ersonal infor6ation.

E. %'. Transmissibility of Rights of the !ata Sub"ect. "he lawful heirs and assigns of the data su/=et

6ay invo0e the rights of the data su/=et for, whih he or she is an heir or assignee at any ti6e after the

death of the data su/=et or when the data su/=et is ina5aitated or ina5a/le of e?erising the rights as

enu6erated in the i66ediately 5reeding setion.


6/9

E. %. Right to !ata Portability. "he data su/=et shall have the right, where 5ersonal infor6ation is

5roessed /y eletroni 6eans and in a strutured and o66only used for6at, to o/tain fro6 the

5ersonal infor6ation ontroller a o5y of data undergoing 5roessing in an eletroni or strutured

for6at, whih is o66only used and allows for further use /y the data su/=et. "he o66ission 6ay

s5eify the eletroni for6at referred to a/ove, as well as the tehnial standards, 6odalities and

5roedures for their transfer.

E. %G. *on0&pplicability. 8 "he i66ediately 5reeding setions are not a55lia/le if the 5roessed

5ersonal infor6ation are used only for the needs of sien tifi and sta tistial researh and, on the /asis of

suh, no ativities are arried out and no deisions are ta0en regarding the data su/=et: Provided, "hat

the 5ersonal infor6ation shall /e held under strit onfidentiality and shall /e used only for the delared

5ur5ose. Li0ewise, the i66ediately 5reeding setions are not a55lia/le to 5roessing of 5ersonal

infor6ation gathered for the 5ur5ose of investigations in relation to any ri6inal, ad6inistrative or ta?

lia/ilities of a data su/=et.

*!P"ER

EURI"H $F PER$#!L I#F$RM!"I$#

E. 3&. Security of Personal %nformation. 8 ;a< "he 5ersonal infor6ation ontroller 6ust i65le6ent

reasona/le and a55ro5riate organi7ational, 5hysial and tehnial 6easures intended for the 5rotetion of

5ersonal infor6ation against any aidental or unlawful destrution, alteration and dislosure, as well as

against any other unlawful 5roessing.

;/< "he 5ersonal infor6ation ontroller shall i65le6ent reasona/le and a55ro5riate 6easures to 5rotet

5ersonal infor6ation against na tural dangers suh as aidental loss or destrution, and hu6an dangerssuh as unlawful aess, fraudulent 6isuse, unlawful destrution, alteration and onta6ination.

;< "he deter6ination of the a55ro5riate level of seurity under this setion 6ust ta0e into aount the

nature of the 5ersonal infor6ation to /e 5roteted, the ris0s re5resented /y the 5roessing, the si7e of the

organi7ation and o65le?ity of its o5erations, urrent data 5rivay /est 5raties and the ost of seurity

i65le6entation. u/=et to guidelines as the o66ission 6ay issue fro6 ti6e to ti6e, the 6easures

i65le6ented 6ust inlude:

;%< afeguards to 5rotet its o65uter networ0 against aidental, unlawful or unauthori7ed usage or

interferene with or hindering of their funtioning or availa/ilityA

;3< ! seurity 5oliy with res5et to the 5roessing of 5ersonal infor6ationA

;(< ! 5roess for identifying and aessing reasona/ly foreseea/le vulnera/ilities in its o65uter

networ0s, and for ta0ing 5reventive, orretive and 6itigating ation against seurity inidents that an

lead to a seurity /reahA and

;C< Regular 6onitoring for seurity /reahes and a 5roess for ta0ing 5reventive, orretive and

6itigating ation against seurity inidents that an lead to a seurity /reah.

;d< "he 5ersonal infor6ation ontroller 6ust further ensure that third 5arties 5roessing 5ersonal

infor6ation on its /ehalf shall i65le6ent the seurity 6easures re@uired /y this 5rovision.

;e< "he e65loyees, agents or re5resentatives of a 5ersonal infor6ation ontroller who are involved in the

5roessing of 5ersonal infor6ation shall o5erate and hold 5ersonal infor6ation under strit

onfidentiality if the 5ersonal infor6ation are not intended for 5u/li dislosure. "his o/ligation shall

ontinue even after leaving the 5u/li servie, transfer to another 5osition or u5on ter6ination of

e65loy6ent or ontratual relations.

;f< "he 5ersonal infor6ation ontroller shall 5ro65tly notify the o66ission and affeted data su/=ets

when sensitive 5ersonal infor6ation or other infor6ation that 6ay, under the iru6stanes, /e used to

ena/le identity fraud are reasona/ly /elieved to have /een a@uired /y an unauthori7ed 5erson, and the

5ersonal infor6ation ontroller or the o66ission /elieves ;/at suh unauthori7ed a@uisition is li0ely to

give rise to a real ris0 of serious har6 to any affeted data su/=et. "he notifiation shall at least desri/e

the nature of the /reah, the sensitive 5ersonal infor6ation 5ossi/ly involved, and the 6easures ta0en /y

the entity to address the /reah. #otifiation 6ay /e delayed only to the e?tent neessary to deter6ine the

so5e of the /reah, to 5revent further dislosures, or to restore reasona/le integrity to the infor6ation

and o66uniations syste6.

;%< In evaluating if notifiation is unwarranted, the o66ission 6ay ta0e into aount o65liane /y the

5ersonal infor6ation ontrolle r with this setion and e?istene of good faith in the a@uisition of 5ersonal

infor6ation.

;3< "he o66ission 6ay e?e65t a 5ersonal infor6ation ontroller fro6 notifiation where, in its

reasona/le =udg6ent, suh notifiation would not /e in the 5u/li interest or in the interests of the

affeted data su/=ets.

;(< "he o66ission 6ay authori7e 5ost5one6ent of notifiation where it 6ay hinder the 5rogress of ari6inal investigation related to a serious /reah.

*!P"ER I

!$U#"!BILI"H F$R "R!#FER $F PER$#!L I#F$RM!"I$#

E. 3%. Principle of &ccountability. Eah 5ersonal infor6ation ontroller is res5onsi/le for 5ersonal

infor6ation under its ontrol or ustody, inluding infor6ation that have /een transferred to a third 5arty

for 5roessing, whether do6estially or internationally, su/=et to ross-/order arrange6ent and

oo5eration.

;a< "he 5ersonal infor6ation ontroller is aounta/le for o65lying with the re@uire6ents of this !t

and shall use ontratual or other reasona/le 6eans to 5rovide a o65ara/le level of 5rotetion while the

infor6ation are /eing 5roessed /y a third 5arty.

;/< "he 5ersonal infor6ation ontroller shall designate an individual or individuals who are aounta/le

for the organi7ations o65liane with this !t. "he identity of the individual;s< so designated shall /e

6ade 0nown to any data su/=et u5on re@uest.

*!P"ER II

EURI"H $F E#I"IE PER$#!L

I#F$RM!"I$# I# +$ER#ME#"


7/9

E 33. Responsibility of Heads of &gencies. 8 !ll sensitive 5ersonal infor6ation 6aintained /y the

govern6ent, its agenies and instru6entalities shall /e seured, as far as 5ratia/le, with the use of the

6ost a55ro5riate standard reogni7ed /y the infor6ation and o66uniations tehnology industry, and

as reo66ended /y the o66ission. "he head of eah govern6ent ageny or instru6entality shall /e

res5onsi/le for o65lying with the seurity re@uire6ents 6entioned herein while the o66ission shall

6onitor the o65liane and 6ay reo66end the neessary ation in order to satisfy the 6ini6u6

standards.

E. 3(. Re1uirements Relating to &ccess by &gency Personnel to Sensitive Personal %nformation. ;a<

$n-site and $nline !ess 8 E?e5t as 6ay /e allowed through guidelines to /e issued /y the

o66ission, no e65loyee of the govern6ent shall have aess to sensitive 5ersonal infor6ation on

govern6ent 5ro5erty or through online failities unless the e65loyee has reeived a seurity learane

fro6 the head of the soure ageny.

;/< $ff-site !ess 8 Unless otherwise 5rovided in guidelines to /e issued /y the o66ission, sensitive

5ersonal infor6ation 6aintained /y an ageny 6ay not /e trans5orted or aessed fro6 a loation off

govern6ent 5ro5erty unless a re@uest for suh trans5ortation or aess is su/6itted and a55roved /y the

head of the ageny in aordane with the following guidelines:

;%< 2eadline for !55roval or 2isa55roval 8 In the ase of any re@uest su/6itted to the head of an ageny,

suh head of the ageny shall a55rove or disa55rove the re@uest within two ;3< /usiness days after the

date of su/6ission of the re@uest. In ase there is no ation /y the head of the ageny, then suh re@uest

is onsidered disa55rovedA

;3< Li6itation to $ne thousand ;%,&&&< Reords 8 If a re@uest is a55roved, the head of the ageny shallli6it the aess to not 6ore than one thousand ;%,&&&< reords at a ti6eA and

;(< Enry5tion 8 !ny tehnology used to store, trans5ort or aess sensitive 5ersonal infor6ation for

5ur5oses of off-site aess a55roved under this su/setion shall /e seured /y the use of the 6ost seure

enry5tion standard reogni7ed /y the o66ission.

"he re@uire6ents of this su/setion shall /e i65le6ented not later than si? ;< 6onths after the date of

the enat6ent of this !t.

E. 3C. &pplicability to -overnment Contractors. 8 In entering into any ontrat that 6ay involve

aessing or re@uiring sensitive 5ersonal infor6ation fro6 one thousand ;%,&&&< or 6ore individuals, an

ageny shall re@uire a ontrator and its e65loyees to register their 5ersonal infor6ation 5roessing

syste6 with the o66ission in aordane with this !t and to o65ly with the other 5rovisions of this!t inluding the i66ediately 5reeding setion, in the sa6e 6anner as agenies and govern6ent

e65loyees o65ly with suh re@uire6ents.

*!P"ER III

PE#!L"IE

E. 3D. 2nauthoried Processing of Personal %nformation and Sensitive Personal %nformation. ;a<

"he unauthori7ed 5roessing of 5ersonal infor6ation shall /e 5enali7ed /y i65rison6ent ranging fro6

one ;%< year to three ;(< years and a fine of not less than Five hundred thousand 5esos ;Ph5D&&,&&&.&&<

/ut not 6ore than "wo 6illion 5esos ;Ph53,&&&,&&&.&&< shall /e i65osed on 5ersons who 5roess

5ersonal infor6ation without the onsent of the data su/=et, or without /eing authori7ed under this !t

or any e?isting law.

;/< "he unauthori7ed 5roessing of 5ersonal sensitive infor6ation shall /e 5enali7ed /y i65rison6ent

ranging fro6 three ;(< years to si? ;< years and a fine of not less than Five hundred thousand 5esos

;Ph5D&&,&&&.&&< /ut not 6ore than Four 6illion 5esos ;Ph5C,&&&,&&&.&&< shall /e i65osed on 5ersons

who 5roess 5ersonal infor6ation without the onsent of the data su/=et, or without /eing authori7ed

under this !t or any e?isting law.

E. 3. &ccessing Personal %nformation and Sensiti ve Personal %nformation !ue to *egligence. 8 ;a<

!essing 5ersonal infor6ation due to negligene shall /e 5enali7ed /y i65rison6ent ranging fro6 one;%< year to three ;(< years and a fine of not less than Five hundred thousand 5esos ;Ph5D&&,&&&.&&< /ut

not 6ore than "wo 6illion 5esos ;Ph53,&&&,&&&.&&< shall /e i65osed on 5ersons who, due to negligene,

5rovided aess to 5ersonal infor6ation without /eing authori7ed under this !t or any e?isting l aw.

;/< !essing sensitive 5ersonal infor6ation due to negligene shall /e 5enali7ed /y i65rison6ent

ranging fro6 three ;(< years to si? ;< years and a fine of not less than Five hundred thousand 5esos

;Ph5D&&,&&&.&&< /ut not 6ore than Four 6illion 5esos ;Ph5C,&&&,&&&.&&< shall /e i65osed on 5ersons

who, due to negligene, 5rovided aess to 5ersonal infor6ation without /eing authori7ed under this !t

or any e?isting law.

E. 3'. %mproper !isposal of Personal %nformation and Sensitive Personal %nformation. ;a< "he

i65ro5er dis5osal of 5ersonal infor6ation shall /e 5enali7ed /y i65rison6ent ranging fro6 si? ;<

6onths to two ;3< years and a fine of not less than $ne hundred thousand 5esos ;Ph5%&&,&&&.&&< /ut not

6ore than Five hundred thousand 5esos ;Ph5D&&,&&&.&&< shall /e i65osed on 5ersons who 0nowingly or negligently dis5ose, disard or a/andon the 5ersonal infor6ation of an individual in an area aessi/le to

the 5u/li or has otherwise 5laed the 5ersonal infor6ation of an individual in its ontainer for trash

olletion.

/< "he i65ro5er dis5osal of sensitive 5ersonal infor6ation shall /e 5enali 7ed /y i65rison6ent ranging

fro6 one ;%< year to three ;(< years and a fine of not less than $ne hundred thousand 5esos

;Ph5%&&,&&&.&&< /ut not 6ore than $ne 6illion 5esos ;Ph5%,&&&,&&&.&&< shall /e i65osed on 5ersons

who 0nowingly or negligently dis5ose, disard or a/andon the 5ersonal infor6ation of an individual in an

area aessi/le to the 5u/li or has otherwise 5laed the 5ersonal infor6ation of an individual in its

ontainer for trash olletion.

E. 3. Processing of Personal %nformation and Sensitive Personal %nformation for 2nauthoried

Purposes. "he 5roessing of 5ersonal infor6ation for unauthori7ed 5ur5oses shall /e 5enali7ed /yi65rison6ent ranging fro6 one ;%< year and si? ;< 6onths to five ;D< years and a fine of not less than

Five hundred thousand 5esos ;Ph5D&&,&&&.&&< /ut not 6ore than $ne 6illion 5esos ;Ph5%,&&&,&&&.&&<

shall /e i65osed on 5ersons 5roessing 5ersonal infor6ation for 5ur5oses not authori7ed /y the data

su/=et, or otherwise authori7ed under this !t or under e?isting laws.

"he 5roessing of sensitive 5ersonal infor6ation for unauthori7ed 5ur5oses shall /e 5enali7ed /y

i65rison6ent ranging fro6 two ;3< years to seven ;'< years and a fine of not less than Five hundred

thousand 5esos ;Ph5D&&,&&&.&&< /ut not 6ore than "wo 6illion 5esos ;Ph53,&&&,&&&.&&< shall /e

i65osed on 5ersons 5roessing sensitive 5ersonal infor6ation for 5ur5oses not authori7ed /y the data

su/=et, or otherwise authori7ed under this !t or under e?isting laws.


8/9

E. 3G. 2nauthoried &ccess or %ntentional Breach. "he 5enalty of i65rison6ent ranging fro6 one

;%< year to three ;(< years and a fine of not less than Five hundred thousand 5esos ;Ph5D&&,&&&.&&< /ut

not 6ore than "wo 6illion 5esos ;Ph53,&&&,&&&.&&< shall /e i65osed on 5ersons who 0nowingly and

unlawfully, or violating data onfidentiality and seurity data syste6s, /rea0s in any way into any syste6

where 5ersonal and sensitive 5ersonal infor6ation is stored.

E. (&. Concealment of Security Breaches %nvolving Sensitive Personal %nformation. "he 5enalty of

i65rison6ent of one ;%< year and si? ;< 6onths to five ;D< years and a fine of not less than Five hundred

thousand 5esos ;Ph5D&&,&&&.&&< /ut not 6ore than $ne 6illion 5esos ;Ph5%,&&&,&&&.&&< shall /e

i65osed on 5ersons who, after having 0nowledge of a seurity /reah and of the o/ligation to notify the

o66ission 5ursuant to etion 3&;f


9/9

!55roved,

;gd.< FE#ICIANO 'E#MONTE (R)

Spea#er of the House

of Representatives

;gd.< ("AN PONCE ENRI#E

President of the Senate

"his !t whih is a onsolidation of enate Bill #o. 3GD and *ouse Bill #o. C%%D was finally 5assed /y

the enate and the *ouse of Re5resentatives on June , 3&%3.

;gd.< MARI#$N ') 'AR"A*$AP

Secretary -eneral

House of Representatives

;gd.< EMMA #IRIO*RE$ES

Secretary of the Senate

!55roved: A"G +, -.+-

Documents

Ra 10173 Data Privacy