INTERNATIONAL SCHOOL OF ASIA AND THE PACIFIC-KALINGA

Bulanao Norte, Tabuk City

COLLEGE OF ACCOUNTANCY
LEARNING MODULE

Subject : BUSINESS REGULATIONS AND LEGAL ISSUES

Period : FINALS
FY : SECOND SEMESTER SY 2019-2020
Time Frame : 15 hours (3 hrs lec/week)

LECTURE CONTENT:

TOPIC1 : DATA PRIVACY ACT OF 2012

REPUBLIC ACT NO. 10173

AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN
INFORMATION AND COMMUNICATIONS SYSTEMS IN THE
GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS
PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER
PURPOSES

Section 3. Definition of Terms. – Whenever used in this Act, the following

terms shall have the respective meanings hereafter set forth:
(a) Commission shall refer to the National Privacy Commission created
by virtue of this Act.
(b) Consent of the data subject refers to any freely given, specific,
informed indication of will, whereby the data subject agrees to the
collection and processing of personal information about and/or relating
to him or her. Consent shall be evidenced by written, electronic or
recorded means. It may also be given on behalf of the data subject by
an agent specifically authorized by the data subject to do so.
(c) Data subject refers to an individual whose personal information is
processed.
(d) Direct marketing refers to communication by whatever means of any
advertising or marketing material which is directed to particular
individuals.
(e) Filing system refers to any act of information relating to natural or
juridical persons to the extent that, although the information is not
processed by equipment operating automatically in response to
instructions given for that purpose, the set is structured, either by
reference to individuals or by reference to criteria relating to individuals,
in such a way that specific information relating to a particular person is
readily accessible.
(f) Information and Communications System refers to a system for
generating, sending, receiving, storing or otherwise processing
BUSINESS REGULATIONS AND LEGAL ISSUES Page 1 of 27
ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 electronic data messages or electronic documents and includes the
computer system or other similar device by or which data is recorded,
transmitted or stored and any procedure related to the recording,
transmission or storage of electronic data, electronic message, or
electronic document.
(g) Personal information refers to any information whether recorded in a
material form or not, from which the identity of an individual is apparent
or can be reasonably and directly ascertained by the entity holding the
information, or when put together with other information would directly
and certainly identify an individual.
(h) Personal information controller refers to a person or organization
who controls the collection, holding, processing or use of personal
information, including a person or organization who instructs another
person or organization to collect, hold, process, use, transfer or disclose
personal information on his or her behalf. The term excludes:
(1) A person or organization who performs such functions as
instructed by another person or organization; and
(2) An individual who collects, holds, processes or uses personal
information in connection with the individual’s personal, family or
household affairs.
(i) Personal information processor refers to any natural or juridical
person qualified to act as such under this Act to whom a personal
information controller may outsource the processing of personal data
pertaining to a data subject.
(j) Processing refers to any operation or any set of operations
performed upon personal information including, but not limited to, the
collection, recording, organization, storage, updating or modification,
retrieval, consultation, use, consolidation, blocking, erasure or
destruction of data.
(k) Privileged information refers to any and all forms of data which
under the Rides of Court and other pertinent laws constitute privileged
communication.
(l) Sensitive personal information refers to personal information:
(1) About an individual’s race, ethnic origin, marital status, age,
color, and religious, philosophical or political affiliations;
(2) About an individual’s health, education, genetic or sexual life
of a person, or to any proceeding for any offense committed or
alleged to have been committed by such person, the disposal of
such proceedings, or the sentence of any court in such
proceedings;
(3) Issued by government agencies peculiar to an individual
which includes, but not limited to, social security numbers,
previous or cm-rent health records, licenses or its denials,
suspension or revocation, and tax returns; and
(4) Specifically established by an executive order or an act of
Congress to be kept classified.

BUSINESS REGULATIONS AND LEGAL ISSUES Page 2 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
Section 4. Scope. – This Act applies to the processing of all types of personal
information and to any natural and juridical person involved in personal
information processing including those personal information controllers and
processors who, although not found or established in the Philippines, use
equipment that are located in the Philippines, or those who maintain an office,
branch or agency in the Philippines subject to the immediately succeeding
paragraph: Provided, That the requirements of Section 5 are complied with.
This Act does not apply to the following:
(a) Information about any individual who is or was an officer or
employee of a government institution that relates to the position or
functions of the individual, including:
(1) The fact that the individual is or was an officer or employee of
the government institution;
(2) The title, business address and office telephone number of the
individual;
(3) The classification, salary range and responsibilities of the
position held by the individual; and
(4) The name of the individual on a document prepared by the
individual in the course of employment with the government;
(b) Information about an individual who is or was performing service
under contract for a government institution that relates to the services
performed, including the terms of the contract, and the name of the
individual given in the course of the performance of those services;
(c) Information relating to any discretionary benefit of a financial nature
such as the granting of a license or permit given by the government to
an individual, including the name of the individual and the exact nature
of the benefit;
(d) Personal information processed for journalistic, artistic, literary or
research purposes;
(e) Information necessary in order to carry out the functions of public
authority which includes the processing of personal data for the
performance by the independent, central monetary authority and law
enforcement and regulatory agencies of their constitutionally and
statutorily mandated functions. Nothing in this Act shall be construed as
to have amended or repealed Republic Act No. 1405, otherwise known
as the Secrecy of Bank Deposits Act; Republic Act No. 6426, otherwise
known as the Foreign Currency Deposit Act; and Republic Act No.
9510, otherwise known as the Credit Information System Act (CISA);
(f) Information necessary for banks and other financial institutions under
the jurisdiction of the independent, central monetary authority or Bangko
Sentral ng Pilipinas to comply with Republic Act No. 9510, and Republic
Act No. 9160, as amended, otherwise known as the Anti-Money
Laundering Act and other applicable laws; and
(g) Personal information originally collected from residents of foreign
jurisdictions in accordance with the laws of those foreign jurisdictions,

BUSINESS REGULATIONS AND LEGAL ISSUES Page 3 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 including any applicable data privacy laws, which is being processed in
the Philippines.

Section 5. Protection Afforded to Journalists and Their Sources. – Nothing in

this Act shall be construed as to have amended or repealed the provisions of
Republic Act No. 53, which affords the publishers, editors or duly accredited
reporters of any newspaper, magazine or periodical of general circulation
protection from being compelled to reveal the source of any news report or
information appearing in said publication which was related in any confidence
to such publisher, editor, or reporter.

Section 6. Extraterritorial Application. – This Act applies to an act done or

practice engaged in and outside of the Philippines by an entity if:
(a) The act, practice or processing relates to personal information about
a Philippine citizen or a resident;
(b) The entity has a link with the Philippines, and the entity is processing
personal information in the Philippines or even if the processing is
outside the Philippines as long as it is about Philippine citizens or
residents such as, but not limited to, the following:
(1) A contract is entered in the Philippines;
(2) A juridical entity unincorporated in the Philippines but has
central management and control in the country; and
(3) An entity that has a branch, agency, office or subsidiary in the
Philippines and the parent or affiliate of the Philippine entity has
access to personal information; and
© The entity has other links in the Philippines such as, but not limited to:
(1) The entity carries on business in the Philippines; and
(2) The personal information was collected or held by an entity in
the Philippines.

CHAPTER III
PROCESSING OF PERSONAL INFORMATION

Section 11. General Data Privacy Principles. – The processing of personal

information shall be allowed, subject to compliance with the requirements of
this Act and other laws allowing disclosure of information to the public and
adherence to the principles of transparency, legitimate purpose and
proportionality.
Personal information must, be:
(a) Collected for specified and legitimate purposes determined and
declared before, or as soon as reasonably practicable after collection,
and later processed in a way compatible with such declared, specified
and legitimate purposes only;
(b) Processed fairly and lawfully;
(c) Accurate, relevant and, where necessary for purposes for which it is
to be used the processing of personal information, kept up to date;

BUSINESS REGULATIONS AND LEGAL ISSUES Page 4 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 inaccurate or incomplete data must be rectified, supplemented,
destroyed or their further processing restricted;
(d) Adequate and not excessive in relation to the purposes for which
they are collected and processed;
(e) Retained only for as long as necessary for the fulfillment of the
purposes for which the data was obtained or for the establishment,
exercise or defense of legal claims, or for legitimate business purposes,
or as provided by law; and
(f) Kept in a form which permits identification of data subjects for no
longer than is necessary for the purposes for which the data were
collected and processed: Provided, That personal information collected
for other purposes may lie processed for historical, statistical or
scientific purposes, and in cases laid down in law may be stored for
longer periods: Provided, further, That adequate safeguards are
guaranteed by said laws authorizing their processing.
The personal information controller must ensure implementation of personal
information processing principles set out herein.

Section 12. Criteria for Lawful Processing of Personal Information. – The

processing of personal information shall be permitted only if not otherwise
prohibited by law, and when at least one of the following conditions exists:
(a) The data subject has given his or her consent;
(b) The processing of personal information is necessary and is related
to the fulfillment of a contract with the data subject or in order to take
steps at the request of the data subject prior to entering into a contract;
(c) The processing is necessary for compliance with a legal obligation to
which the personal information controller is subject;
(d) The processing is necessary to protect vitally important interests of
the data subject, including life and health;
(e) The processing is necessary in order to respond to national
emergency, to comply with the requirements of public order and safety,
or to fulfill functions of public authority which necessarily includes the
processing of personal data for the fulfillment of its mandate; or
(f) The processing is necessary for the purposes of the legitimate
interests pursued by the personal information controller or by a third
party or parties to whom the data is disclosed, except where such
interests are overridden by fundamental rights and freedoms of the data
subject which require protection under the Philippine Constitution.

Section 13. Sensitive Personal Information and Privileged Information. – The

processing of sensitive personal information and privileged information shall
be prohibited, except in the following cases:
(a) The data subject has given his or her consent, specific to the
purpose prior to the processing, or in the case of privileged information,
all parties to the exchange have given their consent prior to processing;

BUSINESS REGULATIONS AND LEGAL ISSUES Page 5 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 (b) The processing of the same is provided for by existing laws and
regulations: Provided, That such regulatory enactments guarantee the
protection of the sensitive personal information and the privileged
information: Provided, further, That the consent of the data subjects are
not required by law or regulation permitting the processing of the
sensitive personal information or the privileged information;
(c) The processing is necessary to protect the life and health of the data
subject or another person, and the data subject is not legally or
physically able to express his or her consent prior to the processing;
(d) The processing is necessary to achieve the lawful and
noncommercial objectives of public organizations and their
associations: Provided, That such processing is only confined and
related to the bona fide members of these organizations or their
associations: Provided, further, That the sensitive personal information
are not transferred to third parties: Provided, finally, That consent of the
data subject was obtained prior to processing;
(e) The processing is necessary for purposes of medical treatment, is
carried out by a medical practitioner or a medical treatment institution,
and an adequate level of protection of personal information is ensured;
or
(f) The processing concerns such personal information as is necessary
for the protection of lawful rights and interests of natural or legal
persons in court proceedings, or the establishment, exercise or defense
of legal claims, or when provided to government or public authority.

Section 14. Subcontract of Personal Information. – A personal information

controller may subcontract the processing of personal
information: Provided, That the personal information controller shall be
responsible for ensuring that proper safeguards are in place to ensure the
confidentiality of the personal information processed, prevent its use for
unauthorized purposes, and generally, comply with the requirements of this
Act and other laws for processing of personal information. The personal
information processor shall comply with all the requirements of this Act and
other applicable laws.

Section 15. Extension of Privileged Communication. – Personal information

controllers may invoke the principle of privileged communication over
privileged information that they lawfully control or process. Subject to existing
laws and regulations, any evidence gathered on privileged information is
inadmissible.

CHAPTER IV
RIGHTS OF THE DATA SUBJECT

Section 16. Rights of the Data Subject. – The data subject is entitled to:

BUSINESS REGULATIONS AND LEGAL ISSUES Page 6 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 (a) Be informed whether personal information pertaining to him or her
shall be, are being or have been processed;
(b) Be furnished the information indicated hereunder before the entry of
his or her personal information into the processing system of the
personal information controller, or at the next practical opportunity:
(1) Description of the personal information to be entered into the
system;
(2) Purposes for which they are being or are to be processed;
(3) Scope and method of the personal information processing;
(4) The recipients or classes of recipients to whom they are or
may be disclosed;
(5) Methods utilized for automated access, if the same is allowed
by the data subject, and the extent to which such access is
authorized;
(6) The identity and contact details of the personal information
controller or its representative;
(7) The period for which the information will be stored; and
(8) The existence of their rights, i.e., to access, correction, as well
as the right to lodge a complaint before the Commission.
Any information supplied or declaration made to the data subject on
these matters shall not be amended without prior notification of data
subject: Provided, That the notification under subsection (b) shall not
apply should the personal information be needed pursuant to
a subpoena or when the collection and processing are for obvious
purposes, including when it is necessary for the performance of or in
relation to a contract or service or when necessary or desirable in the
context of an employer-employee relationship, between the collector
and the data subject, or when the information is being collected and
processed as a result of legal obligation;
(c) Reasonable access to, upon demand, the following:
(1) Contents of his or her personal information that were
processed;
(2) Sources from which personal information were obtained;
(3) Names and addresses of recipients of the personal
information;
(4) Manner by which such data were processed;
(5) Reasons for the disclosure of the personal information to
recipients;
(6) Information on automated processes where the data will or
likely to be made as the sole basis for any decision significantly
affecting or will affect the data subject;
(7) Date when his or her personal information concerning the data
subject were last accessed and modified; and
(8) The designation, or name or identity and address of the
personal information controller;

BUSINESS REGULATIONS AND LEGAL ISSUES Page 7 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 (d) Dispute the inaccuracy or error in the personal information and have
the personal information controller correct it immediately and
accordingly, unless the request is vexatious or otherwise unreasonable.
If the personal information have been corrected, the personal
information controller shall ensure the accessibility of both the new and
the retracted information and the simultaneous receipt of the new and
the retracted information by recipients thereof: Provided, That the third
parties who have previously received such processed personal
information shall he informed of its inaccuracy and its rectification upon
reasonable request of the data subject;
(e) Suspend, withdraw or order the blocking, removal or destruction of
his or her personal information from the personal information controller’s
filing system upon discovery and substantial proof that the personal
information are incomplete, outdated, false, unlawfully obtained, used
for unauthorized purposes or are no longer necessary for the purposes
for which they were collected. In this case, the personal information
controller may notify third parties who have previously received such
processed personal information; and
(f) Be indemnified for any damages sustained due to such inaccurate,
incomplete, outdated, false, unlawfully obtained or unauthorized use of
personal information.

Section 17. Transmissibility of Rights of the Data Subject. – The lawful heirs

and assigns of the data subject may invoke the rights of the data subject for,
which he or she is an heir or assignee at any time after the death of the data
subject or when the data subject is incapacitated or incapable of exercising
the rights as enumerated in the immediately preceding section.

Section 18. Right to Data Portability. – The data subject shall have the right,
where personal information is processed by electronic means and in a
structured and commonly used format, to obtain from the personal information
controller a copy of data undergoing processing in an electronic or structured
format, which is commonly used and allows for further use by the data subject.
The Commission may specify the electronic format referred to above, as well
as the technical standards, modalities and procedures for their transfer.

Section 19. Non-Applicability. – The immediately preceding sections are not

applicable if the processed personal information are used only for the needs of
scientific and statistical research and, on the basis of such, no activities are
carried out and no decisions are taken regarding the data
subject: Provided, That the personal information shall be held under strict
confidentiality and shall be used only for the declared purpose. Likewise, the
immediately preceding sections are not applicable to processing of personal
information gathered for the purpose of investigations in relation to any
criminal, administrative or tax liabilities of a data subject.

BUSINESS REGULATIONS AND LEGAL ISSUES Page 8 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 CHAPTER VI
ACCOUNTABILITY FOR TRANSFER OF PERSONAL INFORMATION

Section 21. Principle of Accountability. – Each personal information controller

is responsible for personal information under its control or custody, including
information that have been transferred to a third party for processing, whether
domestically or internationally, subject to cross-border arrangement and
cooperation.
(a) The personal information controller is accountable for complying with
the requirements of this Act and shall use contractual or other
reasonable means to provide a comparable level of protection while the
information are being processed by a third party.
(b) The personal information controller shall designate an individual or
individuals who are accountable for the organization’s compliance with
this Act. The identity of the individual(s) so designated shall be made
known to any data subject upon request.

CHAPTER VII
SECURITY OF SENSITIVE PERSONAL
INFORMATION IN GOVERNMENT

Section 22. Responsibility of Heads of Agencies. – All sensitive personal

information maintained by the government, its agencies and instrumentalities
shall be secured, as far as practicable, with the use of the most appropriate
standard recognized by the information and communications technology
industry, and as recommended by the Commission. The head of each
government agency or instrumentality shall be responsible for complying with
the security requirements mentioned herein while the Commission shall
monitor the compliance and may recommend the necessary action in order to
satisfy the minimum standards.

Section 23. Requirements Relating to Access by Agency Personnel to

Sensitive Personal Information. – (a) On-site and Online Access – Except as
may be allowed through guidelines to be issued by the Commission, no
employee of the government shall have access to sensitive personal
information on government property or through online facilities unless the
employee has received a security clearance from the head of the source
agency.
(b) Off-site Access – Unless otherwise provided in guidelines to be issued by
the Commission, sensitive personal information maintained by an agency may
not be transported or accessed from a location off government property unless
a request for such transportation or access is submitted and approved by the
head of the agency in accordance with the following guidelines:
(1) Deadline for Approval or Disapproval – In the case of any request
submitted to the head of an agency, such head of the agency shall
approve or disapprove the request within two (2) business days after

BUSINESS REGULATIONS AND LEGAL ISSUES Page 9 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 the date of submission of the request. In case there is no action by the
head of the agency, then such request is considered disapproved;
(2) Limitation to One thousand (1,000) Records – If a request is
approved, the head of the agency shall limit the access to not more than
one thousand (1,000) records at a time; and
(3) Encryption – Any technology used to store, transport or access
sensitive personal information for purposes of off-site access approved
under this subsection shall be secured by the use of the most secure
encryption standard recognized by the Commission.
The requirements of this subsection shall be implemented not later than six (6)
months after the date of the enactment of this Act.

Section 24. Applicability to Government Contractors. – In entering into any

contract that may involve accessing or requiring sensitive personal information
from one thousand (1,000) or more individuals, an agency shall require a
contractor and its employees to register their personal information processing
system with the Commission in accordance with this Act and to comply with
the other provisions of this Act including the immediately preceding section, in
the same manner as agencies and government employees comply with such
requirements.

CHAPTER VIII
PENALTIES

Section 25. Unauthorized Processing of Personal Information and Sensitive

Personal Information. – (a) The unauthorized processing of personal
information shall be penalized by imprisonment ranging from one (1) year to
three (3) years and a fine of not less than Five hundred thousand pesos
(Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall
be imposed on persons who process personal information without the consent
of the data subject, or without being authorized under this Act or any existing
law.
(b) The unauthorized processing of personal sensitive information shall be
penalized by imprisonment ranging from three (3) years to six (6) years and a
fine of not less than Five hundred thousand pesos (Php500,000.00) but not
more than Four million pesos (Php4,000,000.00) shall be imposed on persons
who process personal information without the consent of the data subject, or
without being authorized under this Act or any existing law.

Section 26. Accessing Personal Information and Sensitive Personal

Information Due to Negligence. – (a) Accessing personal information due to
negligence shall be penalized by imprisonment ranging from one (1) year to
three (3) years and a fine of not less than Five hundred thousand pesos
(Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall
be imposed on persons who, due to negligence, provided access to personal
information without being authorized under this Act or any existing law.

BUSINESS REGULATIONS AND LEGAL ISSUES Page 10 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
(b) Accessing sensitive personal information due to negligence shall be
penalized by imprisonment ranging from three (3) years to six (6) years and a
fine of not less than Five hundred thousand pesos (Php500,000.00) but not
more than Four million pesos (Php4,000,000.00) shall be imposed on persons
who, due to negligence, provided access to personal information without being
authorized under this Act or any existing law.

Section 27. Improper Disposal of Personal Information and Sensitive

Personal Information. – (a) The improper disposal of personal information
shall be penalized by imprisonment ranging from six (6) months to two (2)
years and a fine of not less than One hundred thousand pesos
(Php100,000.00) but not more than Five hundred thousand pesos
(Php500,000.00) shall be imposed on persons who knowingly or negligently
dispose, discard or abandon the personal information of an individual in an
area accessible to the public or has otherwise placed the personal information
of an individual in its container for trash collection.
b) The improper disposal of sensitive personal information shall be penalized
by imprisonment ranging from one (1) year to three (3) years and a fine of not
less than One hundred thousand pesos (Php100,000.00) but not more than
One million pesos (Php1,000,000.00) shall be imposed on persons who
knowingly or negligently dispose, discard or abandon the personal information
of an individual in an area accessible to the public or has otherwise placed the
personal information of an individual in its container for trash collection.

Section 28. Processing of Personal Information and Sensitive Personal

Information for Unauthorized Purposes. – The processing of personal
information for unauthorized purposes shall be penalized by imprisonment
ranging from one (1) year and six (6) months to five (5) years and a fine of not
less than Five hundred thousand pesos (Php500,000.00) but not more than
One million pesos (Php1,000,000.00) shall be imposed on persons processing
personal information for purposes not authorized by the data subject, or
otherwise authorized under this Act or under existing laws.
The processing of sensitive personal information for unauthorized purposes
shall be penalized by imprisonment ranging from two (2) years to seven (7)
years and a fine of not less than Five hundred thousand pesos
(Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall
be imposed on persons processing sensitive personal information for
purposes not authorized by the data subject, or otherwise authorized under
this Act or under existing laws.

Section 29. Unauthorized Access or Intentional Breach. – The penalty of

imprisonment ranging from one (1) year to three (3) years and a fine of not
less than Five hundred thousand pesos (Php500,000.00) but not more than
Two million pesos (Php2,000,000.00) shall be imposed on persons who
knowingly and unlawfully, or violating data confidentiality and security data

BUSINESS REGULATIONS AND LEGAL ISSUES Page 11 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
systems, breaks in any way into any system where personal and sensitive
personal information is stored.

Section 30. Concealment of Security Breaches Involving Sensitive Personal

Information. – The penalty of imprisonment of one (1) year and six (6) months
to five (5) years and a fine of not less than Five hundred thousand pesos
(Php500,000.00) but not more than One million pesos (Php1,000,000.00) shall
be imposed on persons who, after having knowledge of a security breach and
of the obligation to notify the Commission pursuant to Section 20(f),
intentionally or by omission conceals the fact of such security breach.

Section 31. Malicious Disclosure. – Any personal information controller or

personal information processor or any of its officials, employees or agents,
who, with malice or in bad faith, discloses unwarranted or false information
relative to any personal information or personal sensitive information obtained
by him or her, shall be subject to imprisonment ranging from one (1) year and
six (6) months to five (5) years and a fine of not less than Five hundred
thousand pesos (Php500,000.00) but not more than One million pesos
(Php1,000,000.00).

Section 32. Unauthorized Disclosure. – (a) Any personal information

controller or personal information processor or any of its officials, employees
or agents, who discloses to a third party personal information not covered by
the immediately preceding section without the consent of the data subject,
shall he subject to imprisonment ranging from one (1) year to three (3) years
and a fine of not less than Five hundred thousand pesos (Php500,000.00) but
not more than One million pesos (Php1,000,000.00).
(b) Any personal information controller or personal information processor or
any of its officials, employees or agents, who discloses to a third party
sensitive personal information not covered by the immediately preceding
section without the consent of the data subject, shall be subject to
imprisonment ranging from three (3) years to five (5) years and a fine of not
less than Five hundred thousand pesos (Php500,000.00) but not more than
Two million pesos (Php2,000,000.00).

Section 33. Combination or Series of Acts. – Any combination or series of

acts as defined in Sections 25 to 32 shall make the person subject to
imprisonment ranging from three (3) years to six (6) years and a fine of not
less than One million pesos (Php1,000,000.00) but not more than Five million
pesos (Php5,000,000.00).

Section 34. Extent of Liability. – If the offender is a corporation, partnership or

any juridical person, the penalty shall be imposed upon the responsible
officers, as the case may be, who participated in, or by their gross negligence,
allowed the commission of the crime. If the offender is a juridical person, the
court may suspend or revoke any of its rights under this Act. If the offender is

BUSINESS REGULATIONS AND LEGAL ISSUES Page 12 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
an alien, he or she shall, in addition to the penalties herein prescribed, be
deported without further proceedings after serving the penalties prescribed. If
the offender is a public official or employee and lie or she is found guilty of
acts penalized under Sections 27 and 28 of this Act, he or she shall, in
addition to the penalties prescribed herein, suffer perpetual or temporary
absolute disqualification from office, as the case may be.

Section 35. Large-Scale. – The maximum penalty in the scale of penalties

respectively provided for the preceding offenses shall be imposed when the
personal information of at least one hundred (100) persons is harmed,
affected or involved as the result of the above mentioned actions.

Section 36. Offense Committed by Public Officer. – When the offender or the

person responsible for the offense is a public officer as defined in the
Administrative Code of the Philippines in the exercise of his or her duties, an
accessory penalty consisting in the disqualification to occupy public office for a
term double the term of criminal penalty imposed shall he applied.

Section 37. Restitution. – Restitution for any aggrieved party shall be

governed by the provisions of the New Civil Code.

TOPIC 2: E-COMMERCE ACT OF 2000

REPUBLIC ACT NO. 8792

June 14, 2000

AN ACT PROVIDING FOR THE RECOGNITION AND USE OF

ELECTRONIC COMMERCIAL AND NON-COMMERCIAL TRANSACTIONS
AND DOCUMENTS, PENALTIES FOR UNLAWFUL USE THEREOF, AND
FOR OTHER PURPOSES

PART II
ELECTRONIC COMMERCE IN GENERAL

CHAPTER I
GENERAL PROVISIONS
Section 3. Objective - This Act aims to facilitate domestic and international
dealings, transactions, arrangements agreements, contracts and exchanges
and storage of information through the utilization of electronic, optical and
similar medium, mode, instrumentality and technology to recognize the
authenticity and reliability of electronic documents related to such activities
and to promote the universal use of electronic transaction in the government
and general public.

BUSINESS REGULATIONS AND LEGAL ISSUES Page 13 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
Section 4. Sphere of Application - This Act shall apply to any kind of data
message and electronic document used in the context of commercial and non-
commercial activities to include domestic and international dealings,
transactions, arrangements, agreements contracts and exchanges and
storage of information.

Section 5. Definition of Terms - For the purposes of this Act, the following
terms are defined, as follows:
(a) "Addressee" refers to a person who is intended by the originator to
receive the electronic data message or electronic document. The term
does not include a person acting as an intermediary with respect to that
electronic data message or electronic data document.
(b) "Computer" refers to any device or apparatus which, by electronic,
electro-mechanical, or magnetic impulse, or by other means, is capable
of receiving, recording, transmitting, storing, processing, retrieving, or
producing information, data, figures, symbols or other modes of written
expression according to mathematical and logical rules or of performing
any one or more of these functions.
(c) "Electronic Data Message" refers to information generated, sent,
received or stored by electronic, optical or similar means.
(d) "Information and Communications System" refers to a system
intended for and capable of generating, sending, receiving, storing, or
otherwise processing electronic data messages or electronic documents
and includes the computer system or other similar device by or in which
data is recorded or stored and any procedures related to the recording
or storage of electronic data message or electronic document.
(e) "Electronic Signature" refers to any distinctive mark, characteristic
and/or sound in electronic form, representing the identity of a person
and attached to or logically associated with the electronic data message
or electronic document or any methodology or procedures employed or
adopted by a person and executed or adopted by such person with the
intention of authenticating or approving an electronic data message or
electronic document.
(f) "Electronic Document" refers to information or the representation of
information, data, figures, symbols or other modes of written
expression, described or however represented, by which a right is
established or an obligation extinguished, or by which a fact may be
prove and affirmed, which is receive, recorded, transmitted, stored,
processed, retrieved or produced electronically.
(g) "Electronic Key" refers to a secret code which secures and defends
sensitive information that cross over public channels into a form
decipherable only with a matching electronic key.
(h) "Intermediary" refers to a person who in behalf of another person
and with respect to a particular electronic document sends, receives
and/or stores provides other services in respect of that electronic data
message or electronic document.

BUSINESS REGULATIONS AND LEGAL ISSUES Page 14 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 (i) "Originator" refers to a person by whom, or on whose behalf, the
electronic document purports to have been created, generated and/or
sent. The term does not include a person acting as an intermediary with
respect to that electronic document.
(j) "Service provider" refers to a provider of -
i. On-line services or network access or the operator of facilities
therefor, including entities offering the transmission, routing, or
providing of connections for online communications, digital or
otherwise, between or among points specified by a user, of
electronic documents of the user's choosing; or
ii. The necessary technical means by which electronic documents
of an originator may be stored and made accessible to
designated or undesignated third party.
Such service providers shall have no authority to modify or alter the content of
the electronic data message or electronic document received or to make any
entry therein on behalf of the originator, addressee or any third party unless
specifically authorized to do so, and who shall retain the electronic document
in accordance with the specific request or as necessary for the purpose of
performing the services it was engaged to perform.

CHAPTER II
LEGAL RECOGNITION OF ELECTRONIC WRITING
OR DOCUMENT AND DATA MESSAGES

Section 6. Legal Recognition of Electronic Data Messages - Information shall

not be denied legal effect, validity or enforceability solely on the grounds that it
is in the data message purporting to give rise to such legal effect, or that it is
merely referred to in that electronic data message.

Section 7. Legal Recognition of Electronic Documents - Electronic documents

shall have the legal effect, validity or enforceability as any other document or
legal writing, and -
(a) Where the law requires a document to be in writing, that requirement
is met by an electronic document if the said electronic document
maintains its integrity and reliability and can be authenticated so as to
be usable for subsequent reference, in that -
i. The electronic document has remained complete and unaltered,
apart from the addition of any endorsement and any authorized
change, or any change which arises in the normal course of
communication, storage and display; and
ii. The electronic document is reliable in the light of the purpose
for which it was generated and in the light of all relevant
circumstances.
(b) Paragraph (a) applies whether the requirement therein is in the form
of an obligation or whether the law simply provides consequences for
the document not being presented or retained in its original from.

BUSINESS REGULATIONS AND LEGAL ISSUES Page 15 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 (c) Where the law requires that a document be presented or retained in
its original form, that requirement is met by an electronic document if -
i. There exists a reliable assurance as to the integrity of the
document from the time when it was first generated in its final
form; and
ii. That document is capable of being displayed to the person to
whom it is to be presented: Provided, That no provision of this Act
shall apply to vary any and all requirements of existing laws on
formalities required in the execution of documents for their
validity.
For evidentiary purposes, an electronic document shall be the functional
equivalent of a written document under existing laws.
This Act does not modify any statutory rule relating to admissibility of
electronic data massages or electronic documents, except the rules relating to
authentication and best evidence.

Section 8. Legal Recognition of Electronic Signatures. - An electronic

signature on the electronic document shall be equivalent to the signature of a
person on a written document if that signature is proved by showing that a
prescribed procedure, not alterable by the parties interested in the electronic
document, existed under which -
(a) A method is used to identify the party sought to be bound and to
indicate said party's access to the electronic document necessary for
his consent or approval through the electronic signature;
(b) Said method is reliable and appropriate for the purpose for which the
electronic document was generated or communicated, in the light of all
circumstances, including any relevant agreement;
(c) It is necessary for the party sought to be bound, in or order to
proceed further with the transaction, to have executed or provided the
electronic signature; and
(d) The other party is authorized and enabled to verify the electronic
signature and to make the decision to proceed with the transaction
authenticated by the same.

Section 9. Presumption Relating to Electronic Signatures - In any

proceedings involving an electronic signature, it shall be presumed that -
(a) The electronic signature is the signature of the person to whom it
correlates; and
(b) The electronic signature was affixed by that person with the intention
of signing or approving the electronic document unless the person
relying on the electronically signed electronic document knows or has
noticed of defects in or unreliability of the signature or reliance on the
electronic signature is not reasonable under the circumstances.

Section 10. Original Documents. -

BUSINESS REGULATIONS AND LEGAL ISSUES Page 16 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 (1) Where the law requires information to be presented or retained in its
original form, that requirement is met by an electronic data message or
electronic document if;
(a) the integrity of the information from the time when it was first
generated in its final form, as an electronic data message or
electronic document is shown by evidence aliunde or otherwise;
and
(b) where it is required that information be resented, that the
information is capable of being displayed to the person to whom it
is to be presented.
(2) Paragraph (1) applies whether the requirement therein is in the form
of an obligation or whether the law simply provides consequences for
the information not being presented or retained in its original form.
(3) For the purpose of subparagraph (a) of paragraph (1):
(a) the criteria for assessing integrity shall be whether the
information has remained complete and unaltered, apart from the
addition of any endorsement and any change which arises in the
normal course of communication, storage and display ; and
(b) the standard of reliability required shall be assessed in the
light of purposed for which the information was generated and in
the light of all the relevant circumstances.

Section 11. Authentication of Electronic Data Messages and Electronic

Documents. - Until the Supreme Court by appropriate rules shall have so
provided, electronic documents, electronic data messages and electronic
signatures, shall be authenticated by demonstrating, substantiating and
validating a claimed identity of a user, device, or another entity is an
information or communication system, among other ways, as follows;
(a) The electronic signature shall be authenticated by proof than a
letter , character, number or other symbol in electronic form
representing the persons named in and attached to or logically
associated with an electronic data message, electronic document, or
that the appropriate methodology or security procedures, when
applicable, were employed or adopted by such person, with the
intention of authenticating or approving in an electronic data message
or electronic document;
(b) The electronic data message or electronic document shall be
authenticated by proof that an appropriate security procedure, when
applicable was adopted and employed for the purpose of verifying the
originator of an electronic data message and/or electronic document, or
detecting error or alteration in the communication, content or storage of
an electronic document or electronic data message from a specific
point, which, using algorithm or codes, identifying words or numbers,
encryptions, answers back or acknowledgement procedures, or similar
security devices.

BUSINESS REGULATIONS AND LEGAL ISSUES Page 17 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
The supreme court may adopt such other authentication procedures, including
the use of electronic notarization systems as necessary and advisable, as well
as the certificate of authentication on printed or hard copies of the electronic
document or electronic data messages by electronic notaries, service
providers and other duly recognized or appointed certification authorities.
The person seeking to introduce an electronic data message or electronic
document in any legal proceeding has the burden of proving its authenticity by
evidence capable of supporting a finding that the electronic data message or
electronic document is what the person claims it be.
In the absence of evidence to the contrary, the integrity of the information and
communication system in which an electronic data message or electronic
document is recorded or stored may be established in any legal proceeding -
a.) By evidence that at all material times the information and
communication system or other similar device was operating in a
manner that did not affect the integrity of the electronic data message
and/or electronic document, and there are no other reasonable grounds
to doubt the integrity of the information and communication system,
b.) By showing that the electronic data message and/or electronic
document was recorded or stored by a party to the proceedings who is
adverse in interest to the party using it; or
c.) By showing that the electronic data message and/or electronic
document was recorded or stored in the usual and ordinary course of
business by a person who is not a party to the proceedings and who did
not act under the control of the party using the record.

Section 12. Admissibility and Evidential Weight of Electronic Data Message

or Electronic Document. - In any legal proceedings, nothing in the application
of the rules on evidence shall deny the admissibility of an electronic data
message or electronic document in evidence -
(a) On the sole ground that it is in electronic form; or
(b) On the ground that it is not in the standard written form, and the
electronic data message or electronic document meeting, and
complying with the requirements under Sections 6 or 7 hereof shall be
the best evidence of the agreement and transaction contained therein.
In assessing the evidential weight of an electronic data message or electronic
document, the reliability of the manner in which it was generated, stored or
communicated, the reliability of the manner in which its originator was
identified, and other relevant factors shall be given due regard.

Section 13. Retention of Electronic Data Message or Electronic Document. -

Notwithstanding any provision of law, rule or regulation to the contrary -
(a) The requirement in any provision of law that certain documents be
retained in their original form is satisfied by retaining them in the form of
an electronic data message or electronic document which -
(i) Remains accessible so as to be usable for subsequent
reference;

BUSINESS REGULATIONS AND LEGAL ISSUES Page 18 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 (ii) Is retained in the format in which it was generated, sent or
received, or in a format which can be demonstrated to accurately
represent the electronic data message or electronic document
generated, sent or received;
(iii) Enables the identification of its originator and addressee, as
well as the determination of the date and the time it was sent or
received.
(b) The requirement referred to in paragraph (a) is satisfied by using the
services of a third party, provided that the conditions set fourth in
subparagraph s (i), (ii) and (iii) of paragraph (a) are met.

Section 14. Proof by Affidavit. - The matters referred to in Section 12, on

admissibility and Section 9, on the presumption of integrity, may be presumed
to have been established by an affidavit given to the best of the deponent's
knowledge subject to the rights of parties in interest as defined in the following
section.

Section 15. Cross - Examination.

(1) A deponent of an affidavit referred to in Section 14 that has been
introduced in evidence may be cross-examined as of right by a party to
the proceedings who is adverse in interest to the party who has
introduced the affidavit or has caused the affidavit to be introduced.
(2) Any party to the proceedings has the right to cross-examine a
person referred to in section 11, paragraph 4, sub paragraph c.

CHAPTER III.
COMMUNICATION OF ELECTRONIC DATA MESSAGES OR
ELECTRONIC DOCUMENTS

Section 16. Formation of Validity of Electronic Contracts.

(1) Except as otherwise agreed by the parties, an offer, the acceptance
of an offer and such other elements required under existing laws for the
formation of contracts may be expressed in, demonstrated and proved
by means of electronic data messages or electronic documents and no
contract shall be denied validity or enforceability on the sole ground that
it is in the form of an electronic data message or electronic document,
or that any or all of the elements required under existing laws for the
formation of contracts is expressed, demonstrated and proved by
means of electronic data messages or electronic documents.
(2) Electronic transactions made through networking among banks, or
linkages thereof with other entities or networks, and vice versa, shall be
deemed consummated upon the actual dispensing of cash or the debit
of one account and the corresponding credit to another, whether such
transaction is initiated by the depositor or by an authorized collecting
party: Provided, that the obligation of one bank, entity, or person
similarly situated to another arising therefrom shall be considered

BUSINESS REGULATIONS AND LEGAL ISSUES Page 19 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 absolute and shall not be subjected to the process of preference of
credits.

Section 17. Recognition by Parties of Electronic Data Message or Electronic

Document. - As between the originator and the addressee of an electronic
data message or electronic document, a declaration of will or other statement
shall not be denied legal effect, validity or enforceability solely on the ground
that it is in the form of an electronic data message.

Section 18. Attribution of Electronic Data Message. -

(1) An electronic data message or electronic document is that of the
originator if it was sent by the originator himself.
(2) As between the originator and the addressee, an electronic data
message or electronic document is deemed to be that of the originator if
it was sent:
(a) by a person who had the authority to act on behalf of the
originator with respect to that electronic data message or
electronic document; or
(b) by an information system programmed by, or on behalf of the
originator to operate automatically.
(3) As between the originator and the addressee, an addressee is
entitled to regard an electronic data message or electronic document as
being that of the originator, and to act on that assumption, if:
(a) in order to ascertain whether the electronic data message or
electronic document was that of the originator, the addressee
properly applied a procedure previously agreed to by the
originator for that purpose; or
(b) the electronic data message or electronic document as
received by the addressee resulted from the actions of a person
whose relationship with the originator or with any agent of the
originator enabled that person to gain access to a method used
by the originator to identify electronic data messages as his own.
(4) Paragraph (3) does not apply:
(a) as of the time when the addressee has both received notice
from the originator that the electronic data message or electronic
document is not that of the originator, and has reasonable time to
act accordingly; or
(b) in a case within paragraph (3) sub-paragraph (b), at any time
when the addressee knew or should have known, had it
exercised reasonable care of used any agreed procedure, that
the electronic data message or electronic document was not that
of the originator.
(5) Where an electronic data message or electronic document is that of
the originator or is deemed to be that of the originator, or the addressee
is entitled to act on that assumption, then, as between the originator and
the addressee, the addressee is entitled to regard the electronic data

BUSINESS REGULATIONS AND LEGAL ISSUES Page 20 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 message or electronic document as received as being what the
originator intended to send, and to act on that assumption. The
addressee is not so entitled when it knew or should have known, had it
exercised treasonable care or used any agreed procedure, that the
transmission resulted in any error in the electronic data message or
electronic document as received.
(6) The addressee is entitled to regard each electronic data message or
electronic document received as a separate electronic data message or
electronic document and to act on that assumption, except to the extent
that it duplicates another electronic data message or electronic
document and the addressee knew or should have known, had it
exercised reasonable care or used any agreed procedure, that the
electronic data message or electronic document was a duplicate.

Section 19. Error on Electronic Data Message or Electronic Document. - The

addressee is entitled to regard the electronic data message or electronic
document received as that which the originator intended to send, and to act on
that assumption, unless the addressee knew or should have known, had the
addressee exercised reasonable care or used the appropriate procedure -
(a) That the transmission resulted in any error therein or in the
electronic document when the electronic data message or electronic
document enters the designated information system, or
(b) That electronic data message or electronic document is sent to an
information system which is not so designated by the addressee for the
purposes.

Section 20. Agreement on Acknowledgement of Receipt of Electronic Data

Messages or Electronic Documents. - The following rules shall apply where,
on or before sending an electronic data message or electronic document, the
originator and the addressee have agreed, or in that electronic document or
electronic data message, the originator has requested, that receipt of the
electronic document or electronic data message be acknowledged:
a.) Where the originator has not agreed with the addressee that the
acknowledgement be given in a particular form or by a particular
method, an acknowledgement may be given by or through any
communication by the addressee, automated or otherwise, or any
conduct of the addressee, sufficient to indicate to the originator that the
electronic data message or electronic document has been received.
b.) Where the originator has stated that the effect or significance of the
electronic data message or electronic document is conditional on
receipt of the acknowledgement thereof, the electronic data message or
electronic document is treated as though it has never been sent, until
the acknowledgement is received.
c.) Where the originator has not stated that the effect or significance of
the electronic data message or electronic document is conditional on
receipt of the acknowledgement, and the acknowledgement has not

BUSINESS REGULATIONS AND LEGAL ISSUES Page 21 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
 been received by the originator within the time specified or agreed or, if
no time has been specified or agreed, within the reasonable time, the
originator may give notice to the addressee stating that no
acknowledgement has been received and specifying a reasonable time
by which the acknowledgement must be received; and if the
acknowledgement is not received within the time specified in
subparagraph (c), the originator may, upon notice to the addressee,
treat the electronic document or electronic data as though it had never
been sent, or exercise any other rights it may have.

Section 21. Time of Dispatch of Electronic Data Messages or Electronic

Documents. - Unless otherwise agreed between the originator and the
addressee, the dispatch of an electronic data message or electronic document
occurs when it enters an information system outside the control of the
originator or of the person who sent the electronic data message or electronic
document on behalf of the originator.

Section 22. Time of Receipt of Electronic Data Messages or Electronic

Documents. - Unless otherwise agreed between the originator and the
addressee, the time of receipt of an electronic data message or electronic
document is as follows:
a.) If the addressee has designated an information system for the
purpose of receiving electronic data message or electronic document,
receipt occurs at the time when the electronic data message or
electronic document enters the designated information system: Provide,
however, that if the originator and the addressee are both participants in
the designated information system, receipt occurs at the time when the
electronic data message or electronic document is retrieved by the
addressee;
b.) If the electronic data message or electronic document is sent to an
information system of the addressee that is not the designated
information system, receipt occurs at the time when the electronic data
message or electronic document is retrieved by the addressee;
c.) If the addressee has not designated an information system, receipt
occurs when the electronic data message or electronic document enters
an information system of the addressee.
These rules apply notwithstanding that the place where the information
system is located may be different from the place where the electronic data
message or electronic document is deemed to be received.

Section 23. Place of Dispatch and Receipt of Electronic Data Messages or

Electronic
Documents. - Unless otherwise agreed between the originator and the
addressee, an electronic data message or electronic document is deemed to
be dispatched at the place where the originator has its place of business and
received at the place where the addressee has its place of business. This rule

BUSINESS REGULATIONS AND LEGAL ISSUES Page 22 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
shall apply even if the originator or addressee had used a laptop other
portable device to transmit or received his electronic data message or
electronic document. This rule shall also apply to determine the tax situs of
such transaction.
For the purpose hereof -
a. If the originator or addressee has more than one place of business,
the place of business is that which has the closest relationship to the
underlying transaction or, where there is no underlying transaction, the
principal place of business.
b. If the originator or the addressee does not have a place of business,
reference is to be made to its habitual residence; or
c. The "usual place of residence" in relation to a body corporate, means
the place where it is incorporated or otherwise legally constituted.

Section 24. Choice of Security Methods. - Subject to applicable laws and /or

rules and guidelines promulgated by the Department of Trade and Industry
with other appropriate government agencies, parties to any electronic
transaction shall be free to determine the type of level of electronic data
message and electronic document security needed, and to select and use or
implement appropriate technological methods that suit their need.

PART III
ELECTRONIC COMMERCE IN SPECIFIC AREAS
CHAPTER I.
CARRIAGE OF GOODS

Section 25. Actions Related to Contracts of Carriage of Goods. - Without

derogating from the provisions of part two of this law, this chapter applies to
any action in connection with, or in pursuance of, a contract of carriage of
goods, including but not limited to:
(a) (i) furnishing the marks, number, quantity or weight of goods;
(ii) stating or declaring the nature or value of goods;
(iii) issuing a receipt for goods;
(iv) confirming that goods have been loaded;
(b) (i) notifying a person of terms and conditions of the contract;
(ii) giving instructions to a carrier;
(c) (i) claiming delivery of goods;
(ii) authorizing release of goods;
(iii) giving notice of loss of, or damage to goods;
(d) giving any other notice or statement in connection with the
performance of the contract;
(e) undertaking to deliver goods to a named person or a person
authorized to claim delivery;
(f) granting, acquiring, renouncing, surrendering, transferring or
negotiating rights in goods;
(g) acquiring or transferring rights and obligations under the contract.

BUSINESS REGULATIONS AND LEGAL ISSUES Page 23 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
Section 26. Transport Documents. - (1) Where the law requires that any
action referred to contract of carriage of goods be carried out in writing or by
using a paper document, that requirement is met if the action is carried out by
using one or more data messages or electronic documents.
(2) Paragraph (1) applies whether the requirement there in is in the form
of an obligation or whether the law simply provides consequences for
failing either to carry out the action in writing or to use a paper
document.
(3) If a right is to be granted to, or an obligation is to be acquired by,
one person and no person, and if the law requires that, in order to effect
this, the right or obligation must be conveyed to that person by the
transfer, or use of, a paper document, that requirement is met if the right
or obligation is conveyed by using one or more electronic data
messages or electronic documents unique;
(4) For the purposes of paragraph (3), the standard of reliability required
shall be assessed in the light of the purpose for which the right or
obligation was conveyed and in the light of all the circumstances,
including any relevant agreement.
(5) Where one or more data messages are used to effect any action in
subparagraphs (f) and (g) of Section 25, no paper document used to
effect any such action is valid unless the use of electronic data
message or electronic document has been terminated and replaced by
the used of paper documents. A paper document issued in these
circumstances shall contain a statement of such termination. The
replacement of the electronic data messages or electronic documents
by paper documents shall not affect the rights or obligation of the
parties involved.
(6) If a rule of laws is compulsorily applicable to a contract of carriage of
goods which is in, or is evidenced by, a paper document, that rule shall
not be inapplicable to such a contract of carriage of goods which is
evidenced by one or more electronic data messages or electronic
documents by reason of the fact that the contract is evidenced by such
electronic data messages or electronic documents instead of by a paper
document.

PART IV
ELECTRONIC TRANSACTIONS IN GOVERNMENT

Section 27. Government Use of Electronic Data Messages, Electronic

Documents and Electronic Signatures. - Notwithstanding any law to the
contrary, within two (2) years from the date of the effectivity of this Act, all
departments, bureaus, offices and agencies of the government, as well as all
government-owned and -controlled corporations, that pursuant to law require
or accept the filling of documents, require that documents be created, or
retained and/or submitted, issue permits, licenses or certificates of registration

BUSINESS REGULATIONS AND LEGAL ISSUES Page 24 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
or approval, or provide for the method and manner of payment or settlement
of fees and other obligations to the government, shall -
(a) accept the creation, filing or retention of such documents in the form
of electronic data messages or electronic documents;
(b) issue permits, licenses, or approval in the form of electronic data
messages or electronic documents;
(c) require and/or accept payments, and issue receipts acknowledging
such payments, through systems using electronic data messages or
electronic documents; or
(d) transact the government business and/or perform governmental
functions using electronic data messages or electronic documents, and
for the purpose, are authorized to adopt and promulgate, after
appropriate public hearing and with due publication in newspapers of
general circulation, the appropriate rules, regulations, or guidelines, to,
among others, specify -
1) the manner and format in which such electronic data
messages or electronic documents shall be filed, created,
retained or issued;
2) where and when such electronic data messages or electronic
documents have to signed, the use of an electronic signature, the
type of electronic signature required;
3) the format of an electronic data message or electronic
document and the manner the electronic signature shall be
affixed to the electronic data message or electronic document;
4) the control processes and procedures as appropriate to ensure
adequate integrity, security and confidentiality of electronic data
messages or electronic documents or records of payments;
5) other attributes required to electronic data messages or
electronic documents or payments; and
6) the full or limited use of the documents and papers for
compliance with the government requirements: Provided, that this
Act shall be itself mandate any department of the government,
organ of state or statutory corporation to accept or issue any
document in the form of electronic data messages or electronic
documents upon the adoption, promulgation and publication of
the appropriate rules, regulations or guidelines.

Section 28. RPWEB To Promote the Use of Electronic Documents or

Electronic Data Messages In Government and to the General Public. - Within
two (2) years from the effectivity of this Act, there shall be installed an
electronic online network in accordance with Administrative Order 332 and
House of Representatives Resolution 890, otherwise known as RPWEB, to
implement Part IV of this Act to facilitate the open, speedy and efficient
electronic online transmission, conveyance and use of electronic data
messages or electronic documents amongst all government departments,
agencies, bureaus, offices down to the division level and to the regional and

BUSINESS REGULATIONS AND LEGAL ISSUES Page 25 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
provincial offices as practicable as possible, government owned and
controlled corporations, local government units, other public instrumentalities,
universities, colleges and other schools, and universal access to the general
public.
The RPWEB network shall serve as initial platform of the government
information infrastructure (GII) to facilitate the electronic online transmission
and conveyance of government services to evolve and improve by better
technologies or kinds and electronic online wide area networks utilizing, but
not limited to, fiber optic, satellite, wireless and other broadband
telecommunication mediums or modes.
To facilitate the rapid development of the GII, the Department of
Transportation and Communications, National Telecommunications
Commission and the National Computer Center are hereby directed to
aggressively promote and implement a policy environment and regulatory
framework that shall lead to the substantial reduction of costs of including, but
not limited to, lease lines, land, satellite and dial-up telephone access, cheap
broadband and wireless accessibility by government departments, agencies,
bureaus, offices, government owned and controlled corporations, local
government units, other public instrumentalities and the general public, to
include the establishment of a government website portal and a domestic
internal exchange system to facilitate strategic access to government and
amongst agencies thereof and the general public and for the speedier flow of
locally generated internal traffic within the Philippines.
The physical infrastructure of cable and wireless system for cable TV and
broadcast excluding programming content and the management thereof shall
be considered as within the activity of telecommunications for the purpose of
electronic commerce and to maximize the convergence of ICT in the
installation of the GII.

Section 29. Authority of the Department of Trade and Industry and

Participating Entities. - The Department of Trade and Industry (DTI) shall
direct supervise the promotion and development of electronic commerce in the
country with relevant government agencies, without prejudice to the provisions
of Republic Act 7653 (Charter of Bangko Sentral ng Pilipinas) and Republic
Act No. 337, (General Banking Act) as amended.
Among others, the DTI is empowered to promulgate rules and regulations, as
well as provide quality standards or issue certifications, as the case may be,
and perform such other functions as may be necessary for the implementation
of this Act in the area of electronic commerce to include, but shall not limited
to, the installation of an online public information and quality and price
monitoring system for goods and services aimed in protecting the interests of
the consuming public availing of the advantages of this Act.

******END******

BUSINESS REGULATIONS AND LEGAL ISSUES Page 26 of 27

ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA
BUSINESS REGULATIONS AND LEGAL ISSUES Page 27 of 27
ISAP-ACCOUNTANCY ATTY. CHERRY ANN B. ASTUDILLO-BALONGGAY,CPA