What is the main purpose of the Data Privacy Act of 2012 (RA 10173)?

The Data Privacy Act of 2012 aims to protect personal data by regulating its collection, processing, and handling, ensuring that individuals’ privacy rights are upheld.

The key principles of data privacy are Transparency, Legitimate Purpose, and Proportionality. Data monetization (selling personal data for profit) is a violation of privacy laws.

What government agency is responsible for enforcing the Data Privacy Act in the Philippines?

The National Privacy Commission (NPC) is the regulatory body responsible for enforcing the Data Privacy Act, ensuring compliance, and investigating data privacy violations.

What is considered "Personal Information" under the Data Privacy Act?

Personal Information refers to any data that can identify an individual, including names, addresses, phone numbers, and identification numbers.

What is "Sensitive Personal Information"?

Sensitive Personal Information includes details about an individual’s race, ethnicity, health, religious beliefs, political affiliations, or criminal history, which require higher protection levels.

Personal data should not be shared without the individual’s consent or a valid legal reason. Unauthorized disclosure violates the Data Privacy Act.

Phishing emails are designed to trick users into revealing sensitive data. Reporting them to IT security or the DPO helps prevent cyberattacks.