Philippines Appoints Privacy Commission in Time for Mass Electoral Data Hack

(2016) 141 Privacy Laws & Business International Report, 22-23

3 Pages Posted: 17 Aug 2016

See all articles by Graham Greenleaf

Graham Greenleaf

University of New South Wales, Faculty of Law

Date Written: May 30, 2016

Abstract

The Philippines Data Privacy Act 2012 (DP Act) was signed into law by President Benigno Aquino on 15 August 2012, and (in theory) came into effect 15 days after its publication (s. 45). The Act remained dormant, because until a National Privacy Commission (NPC) was appointed, and made Implementing Rules and Regulations (IRR), very few of its provisions were enforceable, and none were enforced. After nearly four years, the NPC has finally been appointed, and has taken up its role at a time of change of Presidents, combined with a massive data breach at the country’s electoral commission (Comelec). Less than four months before the expiry of his Presidential term, Aquino finally appointed the three-person Commission, each for a three year term. Just after the NPC’s appointment, the Commission on Elections (Comelec) website was hacked and defaced, and its database containing personal identifiable information of 55 million voters was copied and posted online. This article surveys this changed landscape, and the implications for businesses of the delayed coming into force of the Philippines’ law.

The NPC must make implementing rules and regulations (IRRs) within 90 days of its appointment, by early June 2016, and it will be another year before businesses and agencies must comply. The significance of the IRRs, the powers of the Commission, and the implications for businesses, are explained.

Keywords: privacy, data protection, Philippines, Asia, DPA, Privacy Commission

Suggested Citation

Greenleaf, Graham, Philippines Appoints Privacy Commission in Time for Mass Electoral Data Hack (May 30, 2016). (2016) 141 Privacy Laws & Business International Report, 22-23. Available at SSRN: https://ssrn.com/abstract=2824419

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
Australia
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)

HOME PAGE: http://www2.austlii.edu.au/~graham

Register to save articles to
your library

Register

Paper statistics

Downloads
54
Abstract Views
461
rank
373,171
PlumX Metrics