Republic Act No. 10173

DISCLAIMER: I AM NOT A LAWYER. WHATEVER I WRITE IN THIS ARTICLE IS IN  ACCORDANCE TO MY OWN UNDERSTANDING AND INTERPRETATION OF THE LAW.

Topic: “Is the act of a person, ‘A’, disclosing the mobile number of ‘B’, to a third person, ‘C’, without B’s consent, considered a violation of Republic Act No. 10173?”

 

The Question is couched in a General Manner. Therefore, I have to Qualify my Answer.

 

  1. YES, A is Liable.

    If “B” is a Data Subject as defined in Section 3 (c) and “A” is a Personal information controller (except No.1 and 2 of (h) Section 3), or a Personal information processor as described in Sec. 4, or an Official, Employee or Agent in the Government or in the Private Sectors that are covered by the Act, or an Entity as described under Section 6 of RA No. 10173, save for the exceptions among others under(a-g) in Section 4, and Section 5.

 

The Philippines recently joined the club of over 80 countries around the world with comprehensive data privacy laws.  The Data Privacy Act of 2012 (Republic Act No. 10173) was signed into law on August 15, 2012 and will take effect 15 days after its publication in a newspaper of general circulation. The act is expected to boost investor confidence in the Philippines, especially in the business process outsourcing space where the confidentiality and security of data and information are top concerns; yet the Act does not impose any direct obligations on service providers.

 

The Act seeks to “Protect the fundamental human right of privacy of communication while ensuring the free flow of information to promote innovation and growth” and borrows from two statutory models, namely (i) the “European Union Directive on the protection of individuals with regards to the processing of personal data and on the free movement of such data”; and (ii) the APEC Data Privacy Framework. In doing so, it adopts the fair information principles on which most countries’ data privacy laws are based.

 

The following are the Salient features of the Data Privacy Act of 2012;

 

  1. It applies to processing of personal information (section 3g) and sensitive personal information (section 3l).

  2. Created the National Privacy Commission to monitor the implementation of this law.

    (section 7)

  3. Gave parameters on when and on what premise can data processing of personal information be allowed. Its basic premise is when a data subject has given direct consent.

    (section 12 and 13)

  4. Companies who subcontract processing of personal information to 3rd party shall have full liability and can’t pass the accountability of such responsibility. (section 14)

  5. Data subject has the right to know if their personal information is being processed. The person can demand information such as the source of info, how their personal information is being used, and copy of their information. One has the right to request removal and destruction of one’s personal data unless there is a legal obligation that required for it to be kept or processed. (section 16 and 18)

  6. If the data subject has already passed away or became incapacitated (for one reason or another), their legal assignee or lawful heirs may invoke their data privacy rights.

    (section 17)

  1. Personal information controllers must ensure security measures are in place to protect the personal information they process and be compliant with the requirements of this law. (section 20 and 21)

  2. In case a personal information controller systems or data got compromised, they must notify the affected data subjects and the National Privacy Commission. (section 20)

  3. Heads of government agencies must ensure their system compliance to this law (including security requirements). Personnel can only access sensitive personal information off-site, limited to 1000 records, in government systems with proper authority and in a secured manner. (section 22)

  4. Government contractors who have existing or future deals with the government that involves accessing of 1000 or more records of individuals should register their personal information processing system with the National Privacy Commission. (section 25)

  5. Provided penalties (up to 5 million as per sec. 33) on the processing of personal information and sensitive personal information based on the following acts:- unauthorized processing

    (sec.25)
    -negligence(sec.26)
    -improper disposal (sec. 27)
    – unauthorized purposes (sec. 28)
    – unauthorized access or intentional breach (sec. 29)
    – concealment of security breaches (sec. 30)
    – malicious (sec. 31) and unauthorized disclosure (sec. 32)

    -If at least 100 persons are harmed, the maximum penalty shall apply (section 35).

  1. For public officers (working in government), an accessory penalty consisting in the disqualification to occupy public office for a term double the term of criminal penalty imposed shall he applied. (sec. 36).

     

    A telephone or mobile number of a Person may fall under the definition of Personal information in Sec. 3 (g). This is so because we live in a World where there is an exponential growth of diverse forms of technological progress as Kurzweil describes it. At present, Majority if not all of the people World wide owns a telephone or a mobile/cellphone. Today, Many of us consider owning cellphones as a necessity to make our lives a lot easier in so many ways. Before, cellphones are used to reach people faster by simply calling their mobile number. As time goes by, mobile phones have gone through a lot of technology innovations and ‘for calling’ is no longer the only feature it provides.

    While people may be electronically reached by simply dialing, People may also be located or traced, and/or Identified just by knowing their Mobile Number. In the given scenario, If the mobile number of B is a post-paid number assigned by Telecommunication Companies to their customers, then B’s Identity, Personal Information or Data may easily be Revealed or Identified. Therefore, The act of A in giving B’s number to a third person without B’s consent is a violation of the Data Privacy Act of 2012, except if A is exempted under the Act, or under any provisions of other Laws.

     

    On the other side of the coin;

 

  1. NO, A is not Liable.

    If A is neither a personal information processor, nor a personal information controller or not anyone of those people or does not belong to those Government or Private Sectors or Entities provided for by the Data Privacy Act as Persons who may be held liable for any violation under Republic Act No. 10173, Then A is not Liable under the said Act in disclosing B’s number to a third person without B’s consent.

     

    Generally, It is not illegal per se to give out someones’ cellphone number to a third person without the first person’s consent. If the information is meant to be public, like listed in a phone book/yellow pages, then anyone has access to it. Or in the given scenario, If B is a Common Friend of A and C, Then the act of A in giving B’s number to C may not be considered as Illegal. Anyone can give out your number to someone they please without asking you first. Originally, the persons who have your cell number are your Family, Friends, Relatives, some of your co-workers, classmates, employers/bosses, clients, customers, and others who are important to you or people whom you have some pecuniary interest. Sometimes, the person giving out your number to another person meant you no harm or maybe that person never thought that their act of giving it away without asking you first will cause you damage,danger or will be inconvenient for you. If that is the case, then maybe its okay if the result is harmless or beneficial to the parties. But most of the time, It is not okay because of the negative effects it may bring to the person whose number was given away without her/his consent. Most of the time, these so called negative effects are the results of a person’s Negligence, and Lack of Foresight.

    There is No lawsuit that I’m aware of for giving out a phone number unless the parties actually had some agreement (like a nondisclosure or confidentiality agreement) that they would keep your phone number confidential. If you did have such an agreement, it is possible that you might be able to sue for breach of contract. Though even then, unless you have suffered some tangible injury (e.g. The number was given out to a stalker or harasser of yours, who then used it to stalk/harass you; the phone number was somehow used to steal your identify and run up charges in your name; etc.), There is nothing to sue for. That is, the law, does not allow people to recover compensation just because someone else did something wrong; instead, the law compensates for injury. So no injury and just be annoyed or upset or having to talk to people you would rather not talk to is not an injury in the eyes of the law. Regular individuals may not have any privacy policy. Nothing to sue for.

    For those People who are working (White,Blue,Pink collar jobs), Majority of the companies and establishments have a privacy policy contract between employer/s and employee/s and all the information and provisions stipulated therein are considered off limits to others not a party to the contract. Violation of the Privacy Policy Contract may ripe into a Law suit absence or failure of Settlement or other modes of Alternative Dispute Resolutions between the contracting parties. Now, with the Republic Act No. 10173 or the Data Privacy Act of 2007 in Effect, Individual’s Personal Information and Communication System in the Government and the Private Sector are now Protected.

    We are currently living in the so-called information age which can be described as an era were economic activities are mainly information based (an age of informationalization). This is due to the development and use of technology. The main characteristics of this era can be summarized as a rise in the number of knowledge workers, a world that has become more open in the sense of communication (global village/Gutenberg galaxy) and internationalization (trans-border flow of data). This paradigm shift brings new ethical and juridical problems which are mainly related to issues such as the right of access to information, the right of privacy which is threatened by the emphasis on the free flow of information. Although technology has a major impact on the gathering, storage, retrieval and dissemination of information its main ethical impact relates to accessibility/inaccessibility and the manipulation of information. It creates the possibility of wider as well as simultaneous access to information. By implication, it becomes easier to access a person’s private information by more people.

    Today, A cellphone or mobile number may be regarded as part of Personal Information of an Individual that may direct or acertain a person’s Identity which must also be protected under the Right to Privacy of a Person. Lets have a background of the word Privacy, Right, and Right to Privacy.

    1. Privacy:

    Privacy can be defined as an individual condition of life characterized by exclusion from publicity (Neetling et al., 1996, p. 36). The concept follows from the right to be left alone (Stair, 1992, p. 635; Shank, 1986, p. 12)1. Shank (1986, p. 13) states that such a perception of privacy set the course for passing of privacy laws in the United States for the ninety years that followed. As such privacy could be regarded as a natural right which provides the foundation for the legal right. The right to privacy is therefore protected under private law. The legal right to privacy is constitutionally protected in most democratic societies. This constitutional right is expressed in a variety of legislative forms. Examples include the Privacy Act (1974) in the USA, the proposed Open Democracy Act in South Africa (1996) and the Data Protection Act in England. During 1994 Australia also accepted a Privacy Charter containing 18 privacy principles which describe the right of a citizen concerning personal privacy as effected by handling of information by the state (Collier, 1994, p. 44-45). The Organization for Economic and Coordination and Development (OECD) also accepted in 1980 the Guidelines for the Protection of Privacy and Transborder Flow of Personal Data (Collier, 1994, p. 41). and the Data Privacy Act of 2012 in the Philippines.

Privacy is an important right because it is a necessary condition for other rights such as freedom and personal autonomy. There is thus a relationship between privacy, freedom and human dignity. Respecting a person’s privacy is to acknowledge such a person’s right to freedom and to recognize that individual as an autonomous human being.The duty to respect a person’s privacy is furthermore a prima facie duty. In other words, it is not an absolute duty that does not allow for exceptions. Two examples can be given. Firstly, the police may violate a criminal’s privacy by spying or by seizing personal documents (McGarry, 1993, p. 178)2 . A government also has the right to gather private and personal information from its citizens with the aim of ensuring order and harmony in society (Ware, 1993:205). The right to privacy (as an expression of individual freedom) is thus confined by social responsibility. Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes. Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm. When something is private to a person, it usually means there is something within them that is considered inherently special or personally sensitive. The degree to which private information is exposed therefore depends on how the public will receive this information, which differs between places and over time. Privacy partially intersects security, including for instance the concepts of appropriate use, as well as protection of information. Privacy may also take the form of bodily integrity. The right not to be subjected to unsanctioned invasion of privacy by the government, corporations or individuals is part of many countries’ privacy laws, and in some cases, constitutions. Almost all countries have laws which in some way limit privacy.

2. Right:

In an abstract sense, justice, ethical correctness, or harmony with the rules of law or the principles of morals. In a concrete legal sense, a power, privilege, demand, or claim possessed by a particular person by virtue of law. Each legal right that an individual possesses relates to a corresponding legal duty imposed on another. In constitutional law, rights are classified as natural, civil, and political. Natural rights are those that are believed to grow out of the nature of the individual human being and depend on her personality, such as the rights to life, liberty, privacy, and the pursuit of happiness. Civil rights are those that belong to every citizen of the state, and are not connected with the organization or administration of government. They include the rights of property, marriage, protection by law, freedom to contract, trial by jury, and the like. These rights are capable of being enforced or redressed in a civil action in a court. Political rights entail the power to participate directly or indirectly in the establishment or administration of government, such as the right of citizenship, the right to vote, and the right to hold public office.

3. Right to privacy:

The right to privacy is a human right and an element of various legal traditions which may restrain both government and private party action that threatens the privacy of individuals. Individual shall have full protection in person and in property is a principle as old as the common law; but it has been found necessary from time to time to define anew the exact nature and extent of such protection. Political, social, and economic changes entail the recognition of new rights, and the common law, in its eternal youth, grows to meet the new demands of society. Thus, in very early times, the law gave a remedy only for physical interference with life and property, for trespasses vi et armis. Then the “right to life” served only to protect the subject from battery in its various forms; liberty meant freedom from actual restraint; and the right to property secured to the individual his lands and his cattle. Later, there came a recognition of man’s spiritual nature, of his feelings and his intellect. Gradually the scope of these legal rights broadened; and now the right to life has come to mean the right to enjoy life, the right to be let alone; the right to liberty secures the exercise of extensive civil privileges; and the term “property” has grown to comprise every form of possession, intangible, as well as tangible. The general object in view is to protect the privacy of private life, and to whatever degree and in whatever connection a man’s life has ceased to be private, before the publication under consideration has been made, to that extent the protection is likely to be withdrawn. Since, then, the propriety of publishing the very same facts may depend wholly upon the person concerning whom they are published, no fixed formula can be used to prohibit obnoxious publications. Any rule of liability adopted must have in it an elasticity which shall take account of the varying circumstances of each case, a necessity which unfortunately renders such a doctrine not only more difficult of application, but also to a certain extent uncertain in its operation and easily rendered abortive. Besides, it is only the more flagrant breaches of decency and propriety that could in practice be reached, and it is not perhaps desirable even to attempt to repress everything which the nicest taste and keenest sense of the respect due to private life would condemn.

 

Indeed, if we extend our Judicial gaze we will find that the right of privacy is recognized and enshrined in several provisions of the Philippine Constitution.

 

It is expressly  recognized in section 3(1) of the Bill of Rights:

“Sec. 3. (1) the privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise as prescribed by law.”

Other facets of the right to privacy are protected in various provisions of the bill of rights, viz:

“Sec. 1. No person shall be deprived of life, liberty, or property without due process of law, nor shall any person be denied the equal protection of the laws.

Sec. 2. The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures of whatever nature and for any purpose shall be inviolable, and no search warrant or warrant of arrest shall issue except upon probable cause to be determined personally by the judge after examination under oath or affirmation of the complainant and the witnesses he may produce, and particularly describing the place to be searched and the persons or things to be seized.

X                                       x                                       x.

Sec. 6. The liberty of abode and of changing the same within the limits prescribed by law shall not be impaired except upon lawful order of the court. Neither shall the right to travel be impaired except in the interest of national security, public safety, or public health, as may be provided by law.

X                                       x                                       x.

Sec. 8. The right of the people, including those employed in the public and private sectors, to form unions, associations, or societies for purposes not contrary to law shall not be abridged.

Sec. 17. No person shall be compelled to be a witness against himself.”

 

Zones of privacy are likewise recognized and protected in our laws. The Civil Code provides that “every person shall respect the dignity, personality, privacy and peace of mind of his neighbors and other persons” and punishes as actionable torts several acts by a person of meddling and prying into the privacy of another. It also holds a public officer or employee or any private individual liable for damages for any violation of the rights and liberties of another person, and recognizes the privacy of letters and other private communications. The revised penal code makes a crime the violation of secrets by an officer, the revelation of trade and industrial secrets, and trespass to dwelling. Invasion of privacy is an offense in special laws like the anti-wiretapping law, the secrecy of bank deposit act and the intellectual property code. The rules of court on privileged communication likewise recognize the privacy of certain information.

 

The impact of the use of technology on the privacy of people manifests itself in a variety of areas. These areas include, inter alia the following:

  • The electronic monitoring of people in the workplace. This relates to personal information as discussed earlier. This is done by so-called electronic eyes. The justification by companies for the use of such technology is to increase productivity. Stair (1992, p. 655), however, in the discussion of this practice, clearly points out the ethical problem pertaining to the use of these technologies. According to him peoples’ privacy in the workplace are threatened by these devices. It can also lead to a feeling of fear and of all ways being watched – the so-called panopticon phenomenon.

  • The interception and reading of E-mail messages. This poses an ethical problem which relates to the private communication of an individual. It is technically possible to intercept E-mail messages, and the reading thereof is normally justified by companies because they firstly see the technology infrastructure (E-mail) as a resource belonging to the company and not the individual, and secondly messages are intercepted to check on people to see whether they use the facility for private reasons or to do their job.

  • The merging of databases which contains personal information. This is also known as databanking (Frocht & Thomas, 1994, p. 24). By this is meant the integration of personal information from a variety of databases into one central database. The problem here does not in the first place arise from the integration of the information as such. The main problems include the fact that the individual is not aware of personal information being integrated into a central database, that the individual does not know the purpose/s for which the integration is effected, or by whom or for whose benefit the new database is constructed and whether the information is accurate. In order to counter these problems relating to privacy and the merging of databases the American Congress passed the Computer Matching and Privacy Protection Act in the 1980s (Benjamin, 1991, p. 11).

  • Closely related to the merging of files is the increasing use of buying cards (“frequent-shopper cards”) by retail stores. Inside such a card a computer chip is buried that records every item purchased along with a variety of personal information of the buyer (Branscomb, 1995, p. 19). This information obtained from the card enables marketing companies to do targeted marketing to specific individuals because the buying habits as well as other personal information of people are known.

  • Another major threat to privacy is the raise of so called hackers and crackers which break into computer systems (Benjamin, 1991, p. 7). This coincides with the shift in ethical values and the emergence of the cyberpunk culture with the motto of “information wants to be free”.

  • The development of software that makes the decoding of digital information (which can be private information) virtually impossible also poses serious legal as well as ethical questions because it can protect criminals. A good example is the development of software called Pretty Good Privacy by P Zimmerman in 1991. According to an article in the IT Review (1996, p. 22) he has developed the most complex algorithm ever invented which makes the decoding of digital information virtually impossible. It can thus be concluded that the use of technology in the processing of information, poses important questions with regard to a person’s right to privacy. This right is directly linked to the right to freedom and human autonomy.

These problems relate mainly to the accessibility of information and the manipulation thereof. This is of specific relevance to the information professional who deals with private and personal information. Practical guidelines in the handling of these problems can be formulated according to the norms of freedom, truth and human rights.

Obscene or harassing phone calls can be one of the most stressful and frightening invasions of privacy a person experiences. And unwanted phone calls, while a minor problem when compared with threatening calls, can still be a major inconvenience. Fortunately, there are steps you can take to help put an end to these unwelcome intrusions.

2. What makes a phone call harassing?

When someone calls and uses obscene or threatening language against you, or even heavy breathing or silence to intimidate you, you are receiving a harassing call. It is against the law in California and other States to make obscene or threatening calls. In the Philippines, It may be a ground for unjust vexation.

3. How often do i have to get these calls to make it harassment?

Just one unwelcome call can be harassing in other States but In the Philippines, It must be done several times.

4. Who should i contact when i get harassing calls?

Local phone companies have varying policies on whether to call the phone company or the police first. Some recommend that you first call the phone company’s business office and explain the problem. A representative will connect you with the “annoyance desk.” Other phone companies may require you to file a formal complaint with local law enforcement before they will deal with the matter. For serious threats, if life or property are threatened, or if calls are obscene, you should call the police and file a report. These are some among many others of the negative things or effects of unwanted phone calls from person not authorized to have your number.

 

On the positive side, In cases of emergency. Like when something bad happens, (ex. Accident) and the third person is needed, required, needs to be informed, ect. It is Okay to give the third person’s number to the one requiring it without the third person’s consent because somehow, it is excused. On the candid side, If the person on whom your number was given to without your consent is your crush and He/She did not ask it directly to you bacause of whatever reasons then I’m sure you would’nt mind. Now I can finally say that giving another person’s number to a third person absent consent on the person who owns the number may be considered as a violation of Privacy Right but as long as there is no Law that punishes the act done, then it is pressumed that no Law has been violated. Situations and consequences must be considered in a case to case basis whether to see it as wrong or right.

 

Sources:

  1. Http://digitalfilipino.com/salient-features-of-data-privacy-act-of-2012-republic-act-10173/

  2. Http://en.wikipedia.org/wiki/privacy

  3. https://www.privacyrights.org/fs/fs3-hrs2.HTM

  4. Http://sc.judiciary.gov.ph/jurisprudence/1998/jul1998/127685.HTM

  5. Http://anothercommonman.wordpress.com/2012/11/21/philippines-joins-elites-with-data-privacy-act-of-2012/

  6. http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html

  7. http://web.simmons.edu/~chen/nit/NIT’96/96-025-Britz.html

 

Advertisements

One thought on “Republic Act No. 10173

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s