Asian countries continue to focus on developing their data protection legislation.
The Philippines Congress recently finished its second reading of House Bill 1554 which will introduce a unified and special law relating to data protection and privacy. Singapore, which already has some sectoral laws and a voluntary data protection model code, is now calling for the introduction of formal data protection legislation for parliamentary debate in early 2012.
The Philippines draft bill seeks to establish fair practices and regulate the collection, use and protection of individuals’ private information as well as to promote the development of its business process outsourcing industry. Under the Filipino bill, businesses and government agencies would have to obtain an individual’s unambiguous consent to collect and use their personal data. The bill also sets out data breach notification requirements to the regulator and to affected individuals when there is a real risk of serious harm, including breaches that may enable identity fraud. The proposed bill defines personal information quite broadly as “any data that can be used alone or in conjunction with other data to identify an individual”, and provides additional protections for sensitive personal information. Under the bill, a national Privacy Commission would be created that has the power to implement and enforce data protection legislation, including the authority to impose civil fines for certain violations and to refer suspected intentional violations to the Philippines Government’s Justice Department for investigation and potential imposition of criminal penalties of up to three years imprisonment.