• Email: adm@admprivacy.com
  • Phone +63 (02) 366-1167
  • Mobile (0917) 100 4848

  • Data Privacy Act (RA 10173) Bar Review Notes (2019)

        To all the 2019 bar examinees, or if you have friends/colleagues who are taking the bar examination this year, we would like to share with you our Data Privacy Act Bar Review Notes (2019). The Data Privacy Act is included in the coverage of Mercantile Law for the 2019 Bar Exam. Feel free to share. Don't forget to like our page for updates on materials and future lectures. https://attyarneldmateo.files.wordpress.com/2019/06/data-privacy-act-bar-review-notes-2019.pdf

    View this Post

  • Mobile Number Portability Act of 2019

      Mobile Number Portability Act of 2019 By: Atty. Arnel D. Mateo and Edielle Anne S. Obnamia, ADM & Partners Data Privacy and Consulting Inc.   Republic Act 11202 or the Mobile Number Portability Act (Act), approved by the Philippine President last February 8, 2019, provides for mobile number portability (MNP) which allows mobile subscribers to retain an existing mobile number despite having moved from one mobile service to another, or to change the type of subscription from postpaid to prepaid or vice versa for free. Thus, if your mobile number is locked in with Globe and you want to switch to Smart, you may do so free of charge upon complying with the requirements. Even your handset which is locked-in with a network may be unlocked upon request. Aside from that, the law mandates the non-imposition of interconnection fees and charges in domestic calls and SMS. The Act promotes data portability, which is one of the rights of a data subject under the Data Privacy Act. Said right allows the data subject to manage his personal data in his private devise, and to transfer the same from one personal information controller to another.  Further, the information collected from the subscriber is subject to the rights of the data subject to erasure and blocking, to rectify, and to access. The principles governing this Act are: consumer welfare and encouragement of competition among mobile service providers. Mobile number portability represents an opportunity to rebalance relationship between mobile service providers and consumers in a vibrant economy and have well-served consumer sector. To achieve this purpose, the law imposes obligations to Public Telecommunication Entities (PTEs). PTEs refer to any authorized public telecommunication entities that offer mobile telecommunication services for a fee. These include PTEs who have their own network infrastructure, i.e. Smart and Globe, including also Virtual Network Operators, who operate under their own brand name, but do not have their own infrastructure and relies on another PTE’s infrastructure; much like TM is with Globe.  Under this Act, the following are the specific obligations of PTEs: 1.      To provide MNP free of charge and set up mechanism for its implementation; 2.      To unlock upon demand and still completely free of charge mobile handsets for those compliant with the requirements of  MNP; 3.      To provide subscribers information on MNP including its features, process and application and the cutover period of the porting process; 4.      To maintain confidentiality of information and adhere to the Data Privacy Act of 2012; and 5.      To facilitate the porting of the process not only of their network, but also the porting process of the Virtual Network Operators that they are hosting. In case of violations of the Act, the National Telecommunication Commission (NTC) is authorized to impose fines ranging from P10,000.00 up to P1,000,000.00 and revocation of the PTEs franchise depending on the number of violations committed. NTC can also award the subscriber damages up to P40,000.00.

    View this Post

  • ADM & Partners reaps awards at 1st Datos Privados

    CONGRATULATIONS ADM & PARTNERS DATA PRIVACY AND CONSULTING INC for achieving eight recognitions (out of 11) during the NADPOP'S 1ST DATOS Privados. Congratulations to all other awardees such as PLDT, Microsoft, Unionbank, Quisumbing Torres, Accenture, etc. SILVER AWARDS:1. INSTITUTIONAL: SOLUTIONS PROVIDERS — Data Privacy Solutions Firm: ADM (Sole Awardee) 2. INSTITUTIONAL: SOLUTIONS PROVIDERS — Empowerment & Enablement: ADM (Next to TUV) 3. INDIVIDUAL: EMPOWERMENT & ENABLEMENT — Arnel D. MATEO (Next to Dondi Mapa) BRONZE AWARDS:1. INSTITUTIONAL: FIVE PILLARS (Corporate Governance) — ADM and Partners Data Privacy and Consulting Inc. (ADM)2. INDIVIDUAL: FIVE PILLARS (Corporate Governance) — Arnel D. Mateo3. INSTITUTIONAL: SOLUTIONS PROVIDERS — Data Privacy Law Firm: ADM (Tied with Quisumbing Torres) 4. CAMPAIGNS & EVENTS — DATA PRIVACY AWARENESS: 7 Privacy Tips for Data Subjects - ADM (Next to Microsoft) 5. TECHNOLOGY SOLUTIONS: DATA PRIVACY MANAGEMENT — Data Privacy PORTAL - ADM  

    View this Post


          ADM & PARTNERS AT THE PHILIPPINE INTERNATIONAL CYBERSECURITY CONFERENCE 2018 By: Jayson M. Martinez   ADM and Partners Data Privacy & Consulting Services,Inc. participated in the recently conducted Philippine International Cybersecurity Conference held on October 25 and 26, 2018 at The Grand Regal Hotel in the heart of Davao City. The conference was a 2-day event which tackled topics involving the Philippines’ Road to resiliency, commitment in strengthening the country’s Cybersecurity, as well as possible threats that may pose serious risks in nation-building. The conference was attended by more than 400 delegates from different field and industries, local and international, and was welcomed with parade of colors and well defined exhibits. DICT Assistant Secretary in Cyber security, Asec. Allan S. Cabanlong discussed the mission and vision of the DICT and its National Security Strategy in pursuit of Philippine Development Plan 2017-2022 and the National Security Policy 2017-2022. Some of the key salient topics of the conference which cover some points pertaining to Data Privacy are: The Philippine Cyber Threat Landscape & National Cybersecurity Strategy by Engr. George Tardio, The Digital Certificate for the National ID System by Usec. Lisa Grace S. Bernales, and The Digital Consumer Protection by ASec. Carlos Mayorico E.Caliwara. Engr. George Tardio asserted that the possibility of making the Philippines a cyber resilient nation would be possible by crafting a National Security Strategy Policy and Plans and establish NCERT or the National Computer Emergency Response Team to counter the threats and possibilities of data breach. The Digital Certificate for the National ID System, on the other hand, was met with approval but still with uncertainty. The idea of having a mobile I.D. installed in mobile phones and electronic gadgets for public and private identification purposes really expedites the processing of applications of all citizens and resident aliens, but some are still hesitant to do so because of privacy concerns. The PSA assured that the personal data in their system will not be compromised as it will only be released upon sufficient consent and authorization from the data subject. Citizens and resident alien, meanwhile, would still have to wait as this Mobile I.D. proposition will still need proof of concept with Phil Post which will start on December. Moving on to a more economic approach, Asec. Carlos Mayorico Caliwara from Legal Affairs DICT discussed about the Digital Consumer Protection, online scam in the online market and Redress Mechanism. He addressed the significance and establishment of effective Digital Consumer Protection to prevent data breaches as personal information were always provided by the consumers to online stores to avail warranty. As we progress and subject our industrial and economic sectors to the cyber space, the more we are getting prone to cyber attacks, such assault may not only affect a single department but may inflict huge serious damage involving  the processing of personal data in wide array of private and national services. In this modern age, keen adherence and strong partnership with the international and local sectors will be the key to fortify our defenses against these threats.

    View this Post

  • Summary of the Philippine Identification System Act

        Philippine Identification System Act (Republic Act 11055) Summary written by Atty. Arnel D. Mateo, President and CEO of ADM and Partners Data Privacy and Consulting Inc.   I.                    Purposes and Objectives of the law. The purpose of the law is to establish a single national identification system (PhilSys) for all citizens and residents of the Philippines.   It aims to achieve the following:   1.       to promote seamless delivery of services, 2.       to improve the efficiency, transparency, and targeted delivery of public and social services; 3.       to enhance administrative governance; 4.       to reduce corruption and curtail bureaucratic red tape; 5.       to avert fraudulent transactions and misrepresentations; 6.       to strengthen financial inclusion; 7.       to promote the ease of doing business.   The objective of the law is to establish a valid proof of identity as a means of simplifying public and private transactions. It seeks to eliminate the need to present other forms of identification when transacting with the government and the private sector. The PhilID shall be honoured and accepted, subject to authentication, in all transactions requiring proof or verification of citizens or residents aliens identity.   II.                  To whom shall the PhilID be issued. Under the law, a PhilID shall be issued to all citizens or residents aliens registered under the PhilSys.   III.                Contents of the PhilID. The PhilID will contain the following:   1.       PhilSys Number (PSN) 2.       Full name 3.       Sex 4.       Blood type 5.       Marital status (optional) 6.       Place of birth 7.       Front facing photograph 8.       Date of Birth 9.       Address 10.   QR Code which contains fingerprint information Mobile and email information are optional.   IV.                Fees. The issuance and renewal of PhilID for citizens shall be free of charge.   V.                  Registration is required. Every citizen or resident alien shall register personally with the registration centers enumerated under the law and other government agencies as may be assigned by the Philippine Statistics Authority (PSA).   VI.                Unlawful disclosure of information. Disclosure of information of persons registered with the PhilSys is prohibited. It can only be disclosed under the following circumstances:   1.       Consent is given by the registered person specific to the purpose prior to processing; 2.       Compelling interest of public health or safety so requires upon order of a competent court; 3.       When authorized or required by law.   VII.              Implementation of Security measures. The PSA shall implement reasonable and appropriate organizational, technical, and physical security measures to ensure that the information gathered for the PhilSys, including information stored in the PhilSys Registry, is protected from unauthorized access, use, disclosure and against accidental or intentional loss, destruction or damage.   VIII.            Violations and Penalties:   Violation Penalty Refusal to accept, recognize/acknowledge PhilID or PSN Fine of P500,000.00 Unlawful utilization of PhilID or PSN or use to commit fraudulent act Imprisonment   of    6months   to 2years or a fine of P50,000.00 to P500,000.00 Wilful submission of causing to be submitted a fictitious name or false information in the application, renewal, or updating in the PhilSys by any person         Imprisonment of 3years to 6years and a fine of P1,000,000.00 to P3,000,000.00 Unauthorized printing, preparation, or issuance of a PhilID by any person Wilful falsification, mutilation, alteration or tampering of the PhilID by any person Unauthorized possession of a PhilID or possession of a fake, falsified or altered PhilID Wilful transfer of the PhilID or the PSN to any other person Collection or use of personal data in violation of Section 12 (requirements for authentication)     Imprisonment of 6years to 10years imprisonment and a fine of P3,000,000.00 to P5,000,000.00 Use or disclosure of data in violation of Section 17 (unlawful disclosure) Unauthorized access of PhilSys or unauthorized processing   of data   Malicious disclosure of data or information by officials, employees or agents who have custody or responsibility of maintaining the PhilSys Imprisonment    of    10years   to 15years and fine of P5,000,000.00 to P10,000,000.00 Negligence of officials, employees or agents who have custody or responsibility of maintaining the PhilSys thereby facilitating unauthorized access. Imprisonment of 3years to 6years and   fine   of   P1,000,000.00    to P3,000,000.00  

    View this Post

  • Why register with the National Privacy Commission?

     Why register with the National Privacy Commission?   The Data Privacy Act of the Philippines (Republic Act 10173/DPA) and its Implementing Rules and Regulations (IRR) require Personal Information Controllers (PICs)  and Processors (PIPs) to register their Data Protection Officer (DPO) and Data Processing Systemwith the National Privacy Commission (NPC).   These privacy laws provide that if the PICs/PIPs fall under any of the following, they should register with the NPC:   1.        Have at least 250 employees; or 2.        Process sensitive personal information of at least 1,000 individuals; or 3.        Processing poses a risk to the rights of the data subject; or 4.        Processing of personal information is conducted in the regular course of business.   The registration of a Data Protection Officer is due last September 9, 2017, while the registration of a Data Processing System is due on March 8, 2018.   The designated DPO shall be accountable for ensuring the compliance by the PIC or PIP with the DPA, its IRR, issuances by the NPC, and other applicable laws and regulations relating to privacy and data protection.   The Data Processing System in a nutshell provides for the PIC/PIP’s purposes for processing of personal information, a general description of its privacy measures, and the policies relating to data governance, data privacy, and information security.   Registration of a DPO is required prior to the registration of the Data Processing System. Upon registration of a DPO, an access code will be given to the PIC/PIP that will allow it to register its Data Processing System. In the absence of a registered DPO, a PIP/PIC will not be able to register its Data Processing System.   In case of failure to comply with these registration requirements, the PIC/PIP will be exposing itself to the risk of committing acts which are considered violations of the privacy laws such as unauthorized processing of information and facilitating unauthorized access, among others. Acts which are considered violations of the privacy laws are punishable by imprisonment of 1 year to 6 years and a fine of P500,000.00 to P4,000,000.00. The PIC/PIP may also be prevented/restrained from processing personal information. These are on top of any damages that may be claimed by the data subject.   In response to the growing public awareness and regard for data protection, it is therefore expected that PICs/PIPs will comply with its obligations to register with the NPC. Considering that personal information has become a significant oil for commerce, compliance with the directives of the privacy laws will help PICs/PIPs to become more competitive and to gain more of its stakeholders’ trust and confidence.   Atty. Arnel D. Mateo President & CEO ADM and Partners Data Privacy and Consulting Inc. http://www.admprivacy.com    

    View this Post