Philippines: Introduced amendments to the Data Privacy Act of 2012 including enhanced penalties and sanctions

On 1 July 2022, an amendment (HB No. 892) to the Data Privacy Act of 2012 (Republic Act No. 10173) was introduced into the Philippine Parliament. The amendment introduces increased penalties for the unauthorised processing, access, and disclosure of personal information, with fines ranging from PHP 1,000,000 to PHP 5,000,000 and imprisonment terms of three to six years, dependent on the nature of the violation. The Bill contains specific provisions pertaining to instances of negligence that result in unauthorised access, improper disposal of data, and intentional breaches of personal information systems. Furthermore, the Bill introduces additional penalties for the processing of personal data for unauthorised purposes and requires the reporting of security breaches. Corporations and other legal entities are held accountable for violations, with responsible officers subject to penalties. Additionally, the Bill specifies that foreign offenders will be deported after serving their sentence. Those entities that are already subject to the legislation will be permitted a period of six months in which to comply with the new requirements.