Jonathan de Santos reports:
Passing laws to protect data privacy should be made a priority, the chairman of the Senate committee on Science and Technology said.
Senator Edgardo Angara, who has filed a Data Privacy bill that penalizes the unauthorized use of personal information, said it “will require Filipino companies to adhere to international security standards in order to make the country’s information technology-business process outsourcing (IT-BPO) industry more secure and thus more attractive to foreign investors.”
[…]
“Personal information shall be stored and used only for as long as it is necessary to achieve the purpose for which it was processed and all related purposes, after which the personal information shall be deleted or blocked from a personal information base, unless otherwise provided by law,” the bill reads.
Unauthorized processing of personal data, without the consent of the subject, will carry a prison term of one year to three years and a fine of P500,000 to P2 million. If the information processed is sensitive, like in the case of medical records, the penalties are higher: three to six years in prison, and a fine of P500,000 to P4 million. Hacking into a database to gain access to personal info will, meanwhile, is punishable by one year to three years in prison and a fine of P500,000 to P2 million.
If a firm fails to report a breach in its security that has compromised personal data, will be fined from P500,000 to P1 million, while people who know about the breach but do not report it face a year and a half to five years in prison.
Read more on Sun Star.
That bill, if passed, would be way ahead of the U.S. in some respects.