Sept 25, 2012: Philippines has made the Data Privacy Act of 2012 into law which is designed to ensure the security and integrity of the personal information shared by the investors. By adopting the law, the country aims to attract more investors to the nations’ Information Technology and Business Process Management (BPM) industries. The Data Privacy Act or Republic Act 10173 signed by the president requires the public and private entities to preserve the secret nature of the data collected.
This is yet another attempt by the authorities in Philippines to boost the growth of its BPM industry. The authorities earlier this year signed the code of ethics between sourcing companies in the country to ensure the welfare of the BPM employees. They have also joined hands with the companies to train college graduates to develop the skill required by the BPM industry.
It is estimated that the business process management industry in Philippines will generate revenue of $25 billion by 2016 and generate about 4 million employments in the country. As per industry experts from Philippines, Data Privacy Act of 2012 will play a significant role in achieving the estimated figure.
The new law declared by Philippines states that even though free flow of information is necessary to ignite innovation and growth, it is necessary that personal information should be protected and secured. The law also entitles the creation of National Privacy Commission to ensure that the nation comply with the international standards of data protection.
Main elements of the law are discussed below:
- The law gives details about the procedures to be followed in collecting, processing and handling of information.
- The law asks the collectors, holders and processors to follow transparency, legitimacy and proportionality in their respective activities.
- Accuracy, relevance and essential of personal data should be analyzed at the stage of collection itself.
- Any inaccurate data should be corrected; supplemented and further processing should be restricted.
- Storage of information should be limited to the period of purpose for which it was collected.
- The information collected can be processed only if law permits and the person who provided the information have given the consent in writing. However, the law states that the processing can be done if it is a necessity.
- If the provider of information finds that the data stored is incomplete, outdated, false, unlawful, used for unauthorized purposes, the provider can demand the withdrawal or removal of the information from the system.
- The provider of the information can sue the parties who had made unauthorized use of the information.
The implementation and monitoring of the law is assigned to a three member National Privacy Commission. With this move, it seems like the authorities in Philippines are set to take all possible measures to boost the growth of BPM industry in the country.