Catalan, Caryl S.

CED-11-501A

Referring to Republic Act 10173 or the Data Privacy Act of 2012 focusing on
the rights of the data subject and the penalties, provide comprehensive
explanation/responses to the following questions.

1. Is sending (to another person) a screenshot of a conversation a violation

of RA 10173? Why and why not?
➔ Sending a screenshot of a conversation is not a violation of RA 10173 unless the
message contains sensitive or personal information is shared without consent
and
➔
2. When is collecting data or information from an individual allowed (as
mentioned in RA 10173)? What is the process to be undertaken?
➔ Processing of personal information is allowed only for legal and legitimate
purposes, with consent, and is necessary to protect the life and health of the data
subject or another person. The data subject must be informed about the purpose
or processing details and ensure the confidentiality of any personal or sensitive
information collected at all times.
➔
3. How can an individual violate the data privacy law? What are the
penalties?
➔ An individual can be in violation of data privacy laws if they engage in any of the
following actions. First, if they process personal information or sensitive personal
information without authorization, it can be considered a breach of privacy.
Additionally, if they access personal information and sensitive personal
information due to negligence, such as not properly securing or protecting the
data, it can also be a violation. Another violation can occur if personal information
and sensitive personal information is improperly disposed of, potentially allowing
unauthorized access to the data. Furthermore, if personal information and
sensitive personal information is processed for unauthorized purposes, it can be
a breach of privacy laws. Other violations include unauthorized access or
intentional breach of data security, concealing security breaches involving
sensitive personal information, malicious disclosure of data, and unauthorized
disclosure of personal information. The extent of liability for these violations will
depend on the specific laws and regulations in place, but they can result in legal
consequences for the individual responsible.
 ➔ The responsible person should be penalized by imprisonment within the range of
6 months to 6 years and a fine of not less than one hundred thousand pesos
(100,000.00) up to no more than five million pesos (5,000,000.00)
➔
4. What is the impact of the Data Privacy Law during the COVID-19
pandemic in terms of emergency response?
➔ The Data Privacy Act is a key instrument in the Philippines' COVID-19
response, safeguarding individuals' personal data and privacy rights. It
permits the government to gather and process personal data for contact
tracing and public health initiatives, while enforcing stringent security
protocols to prevent unauthorized access or disclosure. This act fosters
public trust in data sharing practices during the pandemic, as it ensures
responsible and consensual handling of personal information. It also
empowers individuals by giving them control over their personal data,
including the rights to access, correct, and delete their information.
Adherence to the Data Privacy Act is essential for all entities involved in
the pandemic response to avoid legal consequences and uphold
individuals' privacy rights. The act guarantees that data subjects are
informed about the purpose, scope, and risks associated with their
personal information's collection and processing.

Reference:

https://www.bworldonline.com/opinion/2021/06/01/372570/the-significance-
of-the-data-privacy-act-in-the-covid-19-response/
https://privacy.gov.ph/data-privacy-act/#w25