Tibaldo: Social media and RP’s Data Privacy Act

IN 2012, Philippine Congress passed Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012. Five years after it was passed, the Act’s Implementing Rules and Regulations was put into effect mandating all entities to comply.
For this, I took references from the National Privacy Commission to further understand matters that I believe I must have taken offences or violated in the course of my early profession as a reporter.

According to R.A. 10173 or the Data Privacy Act of 2012, our personal data is treated almost literally in the same way as our own personal property. Thus, it should never be collected, processed and stored by any organization without our explicit consent, unless otherwise provided by law.

Information controllers usually solicit our consent through a privacy notice. Aside from protecting us against unfair means of personal data collection, this Act also requires personal information controllers (PICs) to notify us if our data have been compromised.

Also, as a subject for data collection, we have the right to be informed that our personal data will be, are being, or were, collected and processed.

The right to be informed is a most basic right as it empowers us as a data subject to consider other actions to protect our data privacy and assert our privacy rights.

In protecting our privacy, the Philippine Data Privacy Act explicitly require organizations to notify and furnish subjects with necessary information before they collect and process personal data into any processing system. As such, subjects or individuals must be given full description of the personal data to be entered into the system and notified on the exact purposes for which they will be processed such as direct marketing, statistical, scientific and others.

Data collectors must also tell us their basis for processing, scope and method of the personal data processing and to whom the data collected may be disclosed.

As a data subject, we also need to be informed of the existence of our rights and the duration for which your data will be kept.

Companies that collects data are required to register with the National Privacy Commission and comply with the provisions of the Data Privacy Act. The NPC, which was created to enforce RA 10173, will check whether companies have the elements the law requires such as: Data Protection Officer that conducts a Privacy Impact Assessment, Privacy Knowledge Management Program that implements a privacy and data protection policy and further, the exercise of a breach reporting procedure.

Browsing further into the online site of the National Privacy Commission, I encountered some tips on ways to love yourself online. Indeed data privacy starts with ourselves and we should ensure full protection online by, using strong passwords that are at least 12 characters long and contain a combination of upper and lower case letters, numbers, and if possible, symbols. Having different passwords on multiple accounts makes it harder for hackers to guess them.

The S after the HTTP stands for “Secure,” which means the data being sent between your browser and the site you are on is encrypted. Do not log in on personal accounts on free or public Wi-Fi.

Open networks make it very easy for people to peek into your activity and accounts, and the people you share the network with may also be using compromised devices.

One of the tip given is to install an Anti-Virus and keep it updated. Accordingly, new viruses are being created all the time, so simply installing an anti-virus program doesn’t cut it. It is important to update the programs to keep up with new and emerging threats.

There are third-party apps on popular sites such as Facebook that sends your personal data to at least 25 outside data companies if we click it, so it is definitely a good idea to ignore and remove permissions from unnecessary ones such as those providing fun ways to find games or see which celebrity you look like. Also, the more Facebook groups you join especially the big, open ones, the more likely you are vulnerable to identity thieves. With too many people’s names, birth dates, education, and work history available online, bogus accounts can easily duplicate a person you may know or want to be friends with. These bogus accounts can target you for identity theft, malicious links, or spam attacks.

The NPC advises users to update their Facebook Timeline and Tagging Settings by un-tagging from unwanted, unrelated, or embarrassing posts and even photos.

We do not have to be too public the NPC warns. “While sharing details about your life can be fun and exciting, there are just some things you should never, ever share on social media. Things like your home address, vacation details, ticket numbers, and the layout of your house should always be kept private”.
style="display:block; text-align:center;"


SunStar website welcomes friendly debate, but comments posted on this site do not necessarily reflect the views of the SunStar management and its affiliates. SunStar reserves the right to delete, reproduce or modify comments posted here without notice. Posts that are inappropriate will automatically be deleted.

Forum rules:

Do not use obscenity. Some words have been banned. Stick to the topic. Do not veer away from the discussion. Be coherent. Do not shout or use CAPITAL LETTERS!