Thursday, February 7, 2013

Data Privacy Act: An Exception to Right to Access Information?

by Atty. Fel Lester G. Brillantes 


When a person requests for any official information, records or documents from government agencies, he/she shouldn’t be denied as this is mandated under Section 3, Rule IV of the implementing rules of R.A.6713 otherwise known as the Code of Conduct and Ethical Standards for Public Officials and Employees.

The reason is very simple: the State adopts and implements a policy of full public disclosure of all its transactions involving public interest. The usual practice of government agencies in the Philippines today is to require the request in writing specifically stating thereof the purpose(s) for which such information would be utilized. After the head of agency’s approval and payment of some reasonable fees, the official records or documents requested should now be made available under the rule on transparency of transactions and access to information. 



 Section 3. Every department, office or agency shall provide official information, records or documents to any requesting public, except if:

(a) such information, record or document must be kept secret in the interest of national defense or security or the conduct of foreign affairs.

(b) such disclosure would put the life and safety of an individual in imminent danger;

(c) the information, record or document sought falls within the concepts of established privilege or recognized exceptions as may be provided by law or settled policy or jurisprudence;

(d) such information, record or document compromises drafts or decisions, orders, rulings, policy, decisions, memoranda, etc;

(e) it would disclose information of a personal nature where disclosure would constitute a clearly unwarranted invasion of personal privacy;

f)  xxx

g) xxx

What information is of a personal nature that may not be generally revealed by the government without the consent of the data subject? Personal information that refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual cannot be accessed or processed as a rule. (paragraph g, section 3, of R.A. 10173 otherwise known as the DataPrivacy Act of 2012)

With the advent of the Data Privacy Act of 2012, the unauthorized processing of personal information and sensitive personal information are now punishable. Processing refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. (paragraph, section 3, of R.A. 10173)

(l) Sensitive personal information refers to personal information:

(1) About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;

(2) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;

(3) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or cm-rent health records, licenses or its denials, suspension or revocation, and tax returns; and

(4) Specifically established by an executive order or an act of Congress to be kept classified.

The exceptions to the general rule are found on Section 4 of RA No. 10173 which states that:

This Act does not apply to the following:

(a) Information about any individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual, including:

(1) The fact that the individual is or was an officer or employee of the government institution;

(2) The title, business address and office telephone number of the individual;

(3) The classification, salary range and responsibilities of the position held by the individual; and

(4) The name of the individual on a document prepared by the individual in the course of employment with the government;

(b) Information about an individual who is or was performing service under contract for a government institution that relates fellester.blogspot.com to the services performed, including the terms of the contract, and the name of the individual given in the course of the performance of those services;

(c) Information relating to any discretionary benefit of a financial nature such as the granting of a license or permit given by the government to an individual, including the name of the individual and the exact nature of the benefit;

(d) Personal information processed for journalistic, artistic, literary or research purposes;

(e) Information necessary in order to carry out the functions of public authority which includes the processing of personal data for the performance by the independent, central monetary authority and law enforcement and regulatory agencies of their constitutionally and statutorily mandated functions. Nothing in this Act shall be construed as to have amended or repealed Republic Act No. 1405, otherwise known as the Secrecy of Bank Deposits Act; Republic Act No. 6426, otherwise known as the Foreign Currency Deposit Act; and Republic Act No. 9510, otherwise known as the Credit Information System Act (CISA);

(f) Information necessary for banks and other financial institutions under the jurisdiction of the independent, central monetary authority or Bangko Sentral ng Pilipinas to comply with Republic Act No. 9510, and Republic Act No. 9160, as amended, otherwise known as the Anti-Money Laundering Act and other applicable laws; and

(g) Personal information originally collected from residents of foreign jurisdictions in accordance with the laws of those foreign jurisdictions, including any applicable data privacy laws, which is being processed in the Philippines.