What Are the Different Laws in the Philippines Related to Cyber Security

/em /por

The Prevention of Cybercrime Act of 2012, officially registered as Republic Act No. 10175, is a law of the Philippines passed on September 12, 2012. It aims to address legal issues related to online interactions and the Internet in the Philippines. Cybercrime offences included in the bill include cybersquatting,, child pornography, identity theft, illegal access to data and defamation. [1] If the information recovered is personal data, the Republic Act 2012 (“DPA”) penalizes unauthorized access or intentional violation by persons who, knowingly and unlawfully or in violation of the confidentiality of data and security data systems, in any way interfere in a system that stores personal and sensitive data. Is there a legal mechanism that allows you to request access or retrieval of the copy of the data accessed without authorization? Is there a legal mechanism that allows you to obtain information about who may have accessed your data without permission and/or how it was used? The Cybercrime Act contains provisions that oblige a service provider to protect computer data (integrity of traffic data and subscriber information). Content data is retained at the request of law enforcement authorities requesting its retention. The retained data will then be accessed or disclosed after a court order (search warrant) for the disclosure or transmission of subscriber information, traffic data or relevant data in the possession or control of the service provider has been secured. In turn, the disclosed information may disclose information about the data accessed, who accessed the information, and how the information was subsequently used. If the data unlawfully accessed, retrieved or copied is personal data, the DPA (among other responsibilities of a controller/service provided for personal data) requires the controller/service provider for the personal data to inform the data subject accordingly. The notification shall at least describe the nature of the infringement, the personal data likely to be affected and the measures taken to remedy the infringement. Are there any restrictions on the use of information or documentation obtained in connection with a data breach in legal proceedings? We are not aware of any laws or regulations that expressly restrict the use of information or documentation obtained in connection with a data breach. Anton Piller1 orders are not accepted in the Philippines.

However, as we saw in the first paragraph of the previous question, the Cybercrime Act requires a service provider to maintain the integrity of traffic data and subscriber information with respect to communication services (the law requires retention of at least six months). At the request of a law enforcement authority, content data may also be retained. Is it possible to maintain confidentiality with regard to the legal steps necessary to access the data or information? The Cybercrime Act requires service providers to retain traffic data (any computer data that is not the content of the communication, including but not limited to origin, destination, route, time, date, size, duration or type of underlying communication service) for a period of six months from the date of the data transaction. Law enforcement authorities may order a one-time extension of a further six months under the conditions laid down by law. In this procedure, the service provider (who has been ordered to keep the computer data) is required by law to keep the order and its compliance confidential. If it is later determined that the proceedings are to be initiated in another court (e.g. .B. if it is established that the offender is domiciled there), can you terminate the proceedings in that court so as not to be prevented from initiating proceedings on the same matter for the application of res judicata, double risk or any other similar principle? It may be argued that judicial proceedings in another jurisdiction should not affect the remedies available to persons within the jurisdiction of Philippine law. In this context, proceedings in another jurisdiction should not, strictly speaking, affect jurisdiction (or proceedings, if they have already been initiated) in the Philippines.

In the same reasoning, the legal concepts of res judicata or double endangerment should not apply. Is there an obligation in your jurisdiction to protect personal data? Yes. The DPA requires personal data controllers to take appropriate and appropriate organisational, physical and technical measures to protect personal data against accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing. In addition, controllers of personal data must take appropriate and appropriate measures to protect personal data against natural risks such as accidental loss or destruction and human risks such as unlawful access, fraudulent use, unlawful destruction, alteration and contamination. Does the law in your jurisdiction restrict or impose conditions on the transfer of personal or other information to other foreign jurisdictions? The DPA states that any person responsible for personal data is responsible for information submitted to a third party for international processing. .