A data protection bill is ready for consideration by the Filipino House of Representatives.  If made law, H.B. 1554 would be the first comprehensive data protection law in the Philippines.  The new legislation, intended to align with APEC principles, incorporates familiar fair processing principles, such as collecting personal data for a specified purpose, controls on the excessive collection of personal data, data retention limitations, and a requirement to adopt reasonable data security measures for personal information. 

A few significant aspects of the legislation include the following:

  • The bill adopts the familiar all-encompassing definition of “personal information” to cover any data that can be used alone or in conjunction with other data to identify an individual and also sets forth enhanced protection measures for “sensitive personal information,” which includes social security numbers, health records, licenses and tax return data.  The current bill includes the possibility of civil and criminal penalties.
  • Under the proposed law, incidents compromising the security of sensitive personal data are required to be reported to a newly established Privacy Commissioner and to affected individuals.  Notice may be required for breaches involving ordinary personal data if the nature of the data is such that it could “be used to enable identity fraud” or if the Privacy Commissioner determines that the breach is “likely to give rise to a real risk of serious harm to any affected data subject.”