SlideShare a Scribd company logo

Group 5 Banking Laws Semi Finals.pptx

Download as PPTX, PDF
S
StephenQuijano3

Banking Laws for Accounting

Business
1 of 29
BANKING LAWS: 2.4 Accountability of Transfer of Information 2.5 Penalties for Violation Group 5 Osin, Riche Osorio, Marian Quiao, Stephenjon Repolidon, Margaret
Questions; 1. Is there a general Accountability obligation for Data Privacy? 2. What are the 5 pillars of data privacy accountability and compliance? 3. Is a Data Protection Officer (DPA) accountable for it's compliance from the PIC or PIP on the Data Privacy Act? 4. Does an organization always need your consent about sharing your personal data without permission? 5. How does the data privacy Act protect individuals from violations? 6. What if the offender is a partnership, corporation, or any juridical person? 7. What are the issues of NPC regarding the Circular on Administrative Fines for data privacy infractions of the PIC or PIP and explain? 8. What are the administrative violations of a PIC or PIP regarding data privacy? 9. What are the amount of fine if the PIC or PIP shall be subject to an administrative violation of data privacy? 10. What will happen if a PIC or PIP that refuses to pay the administrative fine regarding the Circular of data privacy infractions?
Answers; 1. Is there a general Accountability obligation for Data Privacy? Yes, the Personal information Controllers and Personal Information Processors must implement reasonable and appropriate organizational, physical, and technical security measures for the protection of personal data. 2. What are the 5 pillars of data privacy accountability and compliance? (1) Appoint a data protection officer. (2) Conduct a privacy impact assessment to identify capabilities, threats, and risks. (3) Develop a privacy management programme. (4) Implement data privacy governance to ensure proper execution of security measures. (5) Prepare data breach protocols. 3. Is a Data Protection Officer (DPA) accountable for it's compliance from the PIC or PIP on the Data Privacy Act? Yes, a Data Protection Officer shall be accountable for ensuring the compliance by the PIC or PIP with the Data Privacy Act, its Implementing Rules and Regulations (IRR), issuances by the National Privacy Commission (NPC), and other applicable laws and regulations relating to privacy and data protection.
Answers; 4. Does an organization always need your consent about sharing your personal data without permission? No. Organizations don't always need your consent to use your personal data, because anyone can use it without consent if they have a valid reason. 5. How does the data privacy Act protect individuals from violations? The right to erasure or blocking: Under the law, you have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data. 6. What if the offender is a partnership, corporation, or any juridical person? Answer: The law says that the penalty shall be imposed upon the responsible officers, as the case may be, who participated in, or by their gross negligence, allowed the commission of the crime.
5 7. What are the issues of NPC regarding the Circular on Administrative Fines for data privacy infractions of the PIC or PIP and explain? Answer: Depending on whether the violation is grave or major, the NPC will impose administrative fines ranging from 0.5% to 3% and 0.25% to 2%, respectively, of the annual gross income of the PIC or PIP that committed the infraction. If a PIC or PIP has not been operating for more than one year, the base for computing administrative fines will be the entity’s total gross income at the time the violation was committed. 8. What are the administrative violations of a PIC or PIP regarding data privacy? (1) failure to register the true identity or contact details of the PIC, the data processing system, or information on automated decision making; or (2) failure to provide updated information as to the identity or contact details of the PIC, the data processing system, or information on automated decision making. Answers;
Answers; 9.What are the amount of fine if the PIC or PIP shall be subject to an administrative violation of data privacy? The PIC or PIP shall be subject to an administrative fine of not less than Fifty Thousand Pesos (Php 50,000.00) but not exceeding Two Hundred Thousand Pesos (Php 200,000.00). 10. What will happen if a PIC or PIP that refuses to pay the administrative fine regarding the Circular of data privacy infractions? Answer: PICs or PIPs that refuse to pay the administrative fine under the circular may be subject to a Cease and Desist Order, other processes or reliefs as the Commission may be authorized to initiate pursuant to Section 7 of the Data Privacy Act, and appropriate contempt proceedings under the Rules of Court.
REPUBLIC ACT NO. 10173 Accountability for Transfer of Personal Information Section 21 Principle of Accountability - The personal information controller is accountable for complying with the requirements of this Act and shall use contractual or other reasonable means to provide a comparable level of protection while the information are being processed by a third party. - The personal information controller shall designate an individual or individuals who are accountable for the organization’s compliance with this Act. The identity of the individual(s) so designated shall be made known to any data subject upon request.. DATA PRIVACY ACT - It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.
Accountability for violation of the Act, the Rules and Other Issuances of the Commission A.) Any natural or juridical person, or other body involved in the processing of personal data, who fails to comply with Act, the Rules, and other issuances of the commission, shall be liable for such violation, and shall be subject to its corresponding sanction, penalty, or fine, without prejudice to any civil or criminal liability, as may be applicable.
B.) In cases where a data subject files a complaint for violation of his or her rights as data subjects, and for any injury suffered as a result of the processing of his or her personal data, the Commission may award indemnity on the basis of the applicable provisions of the New Civil Code. C.) In case of criminal acts and their corresponding personal penalties, the person who committed the unlawful act or omission shall be recommended for prosecution by the commission based on substantial evidence. 9 Accountability for violation of the Act, the Rules and Other Issuances of the Commission (Cont.)
DATA BREACH NOTIFICATION A.) The Commission and affected data subjects shall be notified by the personal information controller within 72 hours upon knowledge of, or when there is reasonable belief by the personal information controller or personal information processor that, a personal data breach requiring notification has occurred. B.) Notification of personal data breach shall be required when sensitive personal information or any other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the Commission believes that such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject.
DATA BREACH NOTIFICATION(Cont.) C.) Depending on the nature of the incident, or if there is delay or failure to notify, the Commission may investigate the circumstances surrounding the personal data breach. Investigation may include on- site examination of systems and procedures.
Contents of Notification The notification shall at least describe the nature of the breach, the personal data possibly involved, and the measures taken by the entity to address the breach. The notification shall also include measures taken to reduce the harm or negative consequences of the breach, the representatives of the personal information controller, including their contact details, from whom the data subject can obtain additional information about the breach, and any assistance to be provided to the affected data subjects.
Delay of Notification - Notification may be delayed only to the extent necessary to determine the scope of the breach. To prevent further disclosures, or to restore reasonable integrity to the information and communications system. - In evaluating if notification is unwarranted, the Commission may take into account compliance by the personal information controller with this section and existence of good faith in the acquisition of personal data.
- The Commission may exempt a personal information controller from notification where, in its reasonable judgment, such notification would not be in the public interest, or in the interest of the affected data subjects. - The Commission may authorize postponement of notification where it may hinder the progress of a criminal investigation related to a serious breach. 14 Delay of Notification
Breach Report - The personal information controller shall notify the Commission by submitting a report, whether written or electronic, containing the required contents of notification. The report shall also include the name of a designated representative of the personal information controller, and his or her contact details. - All security incidents and personal data breaches shall be documented through written reports, including those not covered by the notification requirements.
Enforcement of the Data Privacy Act - Pursuant to the mandate of the Commission to administer and implement the Act, and to ensure the compliance of personal information controllers with its obligations under the law, the Commission requires the following: A.) Registration of personal data processing systems operating in the country that involves accessing or requiring sensitive personal information.
B.) Notification of automated processing operations where the processing becomes the sole basis of making decisions. C.) Annual report of the summary of documented security incidents and personal data breaches. D.) Compliance with other requirements that may be provided in other issuances of the Commission. 17 Enforcement of the Data Privacy Act (Cont.)
Registration of Personal Data Processing Systems A.) The contents of registration shall include: 1. The name and address of the personal information controller or personal information processor 2. The purpose or purposes of the processing, and whether processing is being done under an outsourcing or subcontracting agreement; 3. A description of the category or categories of data subjects, and of the data or categories of data relating to them; 4. The recipients or categories of recipients to whom the data might be disclosed; 5. Proposed transfers of personal data outside the Philippines;
Registration of Personal Data Processing Systems(Cont.) 6. A general description of privacy and security measures for data protection; 7. Brief description of the data processing system; 8. Copy of all policies relating to data governance, data privacy, and information security; 9. Attestation to all certifications attained that are related to information and communications processing; and 10. Name and contact details of the compliance or data protection officer, which shall immediately be updated in case of changes. B.) The procedure for registration shall be in accordance with the rules and other issuances of the commission.
Notification of Automated Processing Operations The notification shall include the following information: 1. Purpose of processing; 2. Categories of personal data to undergo processing; 3. Category or categories of data subject; 4. Consent forms or manner of obtaining consent; 5. The recipients or categories of recipients to whom the data are to be disclosed;
6. The length of time the data are to be stored; 7. Methods and logic utilized for automated processing; 8. Decisions relating to the data subject that would be made on the basis of processed data; 9. Names and contract details of the compliance or data protection officer. No decision with legal effects concerning a data subject shall be made solely on the basis of automated processing without the consent of the data subject. 21 Notification of Automated Processing Operations (Cont.)
Violations, Jurisdiction, Penalties, and Immunity Any person who performs or cause the performance of the following acts shall be liable: - Refusal to accept application or request with complete requirements being submitted by an applicant or requesting party without due cause; - Imposition of additional requirements other than those listed in the Citizen’s Charter;"(c) Imposition of additional costs not reflected in the Citizen’s Charter; - Failure to give the applicant or requesting party a written notice on the disapproval of an application or request;
Violations, Jurisdiction, Penalties, and Immunity(Cont.) - Failure to render government services within the prescribed processing time on any application or request without due cause; - Failure to attend to applicants or requesting parties who are within the premises of the office or agency concerned prior to the end of official working hours and during lunch break. - Failure or refusal to issue official receipts; and - Fixing and/or collusion with fixers in consideration of economic and/or other gain or advantage.
Penalties and Liabilities. Any violations of the preceding actions will warrant the following penalties and liabilities. • Criminal liability - shall also be incurred through the commission of bribery, extortion, or when the violation was done deliberately and maliciously to solicit favor in cash or in kind. In such cases, the pertinent provisions of the Revised Penal Code and other special laws shall apply. • Civil and Criminal Liability - Not Barred. The finding of administrative liability under this Act shall not be a bar to the filing of criminal, civil or other related charges under existing laws arising from the same act or omission as herein enumerated.
• Administrative Jurisdiction. - The administrative jurisdiction on any violation of the provisions of this Act shall be vested in either the CSC, or the Office of the Ombudsman as determined by appropriate laws and issuances." 25 Penalties and Liabilities. (Cont.)
Immunity, Discharge of Co- Respondent/Accused to be a Witness. Any public official or employee or any person having been charged with another offense under this Act and who voluntarily gives information pertaining to an investigation or who willingly testifies therefore, shall be exempt from prosecution in the case/s where his/her information and testimony are given. The discharge may be granted and directed by the investigating body or court upon the application or petition of any of the respondent/accused-informant and before the termination of the investigation:
Immunity, Discharge of Co- Respondent/Accused to be a Witness.(Cont.) Provided, That: A.) There is absolute necessity for the testimony of the respondent/accused- informant whose discharge is requested; B.) There is no other direct evidence available for the proper prosecution of the offense committed, except the testimony of said respondent/accused- informant;" C.) The testimony of said respondent can be substantially corroborated in its material points;"
D.) The respondent/accused-informant has not been previously convicted of a crime involving moral turpitude; and the said respondent/accused-informant does not appear to be the most guilty. Evidence adduced in support of the discharge shall automatically form part of the records of the investigation. Should the investigating body or court deny the motion or request for discharge as a witness, his/her sworn statement shall be inadmissible as evidence. 28 Immunity, Discharge of Co- Respondent/Accused to be a Witness.(Cont.)
THANK YOU FOR READING =)

Recommended

Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018ProColombia
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
4514611.ppt
4514611.ppt4514611.ppt
4514611.pptssusera4419c
 
Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...
Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...
Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...MSL
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
20131008 agoria big data vs data protection
20131008 agoria big data vs data protection20131008 agoria big data vs data protection
20131008 agoria big data vs data protectionJos Dumortier
 

Recommended

Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018ProColombia
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
4514611.ppt
4514611.ppt4514611.ppt
4514611.pptssusera4419c
 
Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...
Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...
Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...MSL
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
20131008 agoria big data vs data protection
20131008 agoria big data vs data protection20131008 agoria big data vs data protection
20131008 agoria big data vs data protectionJos Dumortier
 
2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness WorkshopPaul Jacobson
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Getting The Deal Through: Data Protection and Privacy 2016
Getting The Deal Through: Data Protection and Privacy 2016Getting The Deal Through: Data Protection and Privacy 2016
Getting The Deal Through: Data Protection and Privacy 2016Matheson Law Firm
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)BenjaminShalevSalovi
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxssuser36d167
 
SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013- Mark - Fullbright
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!catherinecoulter
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!catherinecoulter
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...Dr. Oliver Massmann
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesCaroline Boscher
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINALImraan Kharwa
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About PrivacyNow Dentons
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!Now Dentons
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 

More Related Content

Similar to Group 5 Banking Laws Semi Finals.pptx

2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness WorkshopPaul Jacobson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Getting The Deal Through: Data Protection and Privacy 2016
Getting The Deal Through: Data Protection and Privacy 2016Getting The Deal Through: Data Protection and Privacy 2016
Getting The Deal Through: Data Protection and Privacy 2016Matheson Law Firm
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)BenjaminShalevSalovi
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxssuser36d167
 
SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013- Mark - Fullbright
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!catherinecoulter
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!catherinecoulter
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...Dr. Oliver Massmann
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About PrivacyNow Dentons
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!Now Dentons
 

Similar to Group 5 Banking Laws Semi Finals.pptx (20)

2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Getting The Deal Through: Data Protection and Privacy 2016
Getting The Deal Through: Data Protection and Privacy 2016Getting The Deal Through: Data Protection and Privacy 2016
Getting The Deal Through: Data Protection and Privacy 2016
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
 
SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About Privacy
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!
 

Recently uploaded

Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 

Recently uploaded (20)

Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 

Group 5 Banking Laws Semi Finals.pptx

  • 1. BANKING LAWS: 2.4 Accountability of Transfer of Information 2.5 Penalties for Violation Group 5 Osin, Riche Osorio, Marian Quiao, Stephenjon Repolidon, Margaret
  • 2. Questions; 1. Is there a general Accountability obligation for Data Privacy? 2. What are the 5 pillars of data privacy accountability and compliance? 3. Is a Data Protection Officer (DPA) accountable for it's compliance from the PIC or PIP on the Data Privacy Act? 4. Does an organization always need your consent about sharing your personal data without permission? 5. How does the data privacy Act protect individuals from violations? 6. What if the offender is a partnership, corporation, or any juridical person? 7. What are the issues of NPC regarding the Circular on Administrative Fines for data privacy infractions of the PIC or PIP and explain? 8. What are the administrative violations of a PIC or PIP regarding data privacy? 9. What are the amount of fine if the PIC or PIP shall be subject to an administrative violation of data privacy? 10. What will happen if a PIC or PIP that refuses to pay the administrative fine regarding the Circular of data privacy infractions?
  • 3. Answers; 1. Is there a general Accountability obligation for Data Privacy? Yes, the Personal information Controllers and Personal Information Processors must implement reasonable and appropriate organizational, physical, and technical security measures for the protection of personal data. 2. What are the 5 pillars of data privacy accountability and compliance? (1) Appoint a data protection officer. (2) Conduct a privacy impact assessment to identify capabilities, threats, and risks. (3) Develop a privacy management programme. (4) Implement data privacy governance to ensure proper execution of security measures. (5) Prepare data breach protocols. 3. Is a Data Protection Officer (DPA) accountable for it's compliance from the PIC or PIP on the Data Privacy Act? Yes, a Data Protection Officer shall be accountable for ensuring the compliance by the PIC or PIP with the Data Privacy Act, its Implementing Rules and Regulations (IRR), issuances by the National Privacy Commission (NPC), and other applicable laws and regulations relating to privacy and data protection.
  • 4. Answers; 4. Does an organization always need your consent about sharing your personal data without permission? No. Organizations don't always need your consent to use your personal data, because anyone can use it without consent if they have a valid reason. 5. How does the data privacy Act protect individuals from violations? The right to erasure or blocking: Under the law, you have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data. 6. What if the offender is a partnership, corporation, or any juridical person? Answer: The law says that the penalty shall be imposed upon the responsible officers, as the case may be, who participated in, or by their gross negligence, allowed the commission of the crime.
  • 5. 5 7. What are the issues of NPC regarding the Circular on Administrative Fines for data privacy infractions of the PIC or PIP and explain? Answer: Depending on whether the violation is grave or major, the NPC will impose administrative fines ranging from 0.5% to 3% and 0.25% to 2%, respectively, of the annual gross income of the PIC or PIP that committed the infraction. If a PIC or PIP has not been operating for more than one year, the base for computing administrative fines will be the entity’s total gross income at the time the violation was committed. 8. What are the administrative violations of a PIC or PIP regarding data privacy? (1) failure to register the true identity or contact details of the PIC, the data processing system, or information on automated decision making; or (2) failure to provide updated information as to the identity or contact details of the PIC, the data processing system, or information on automated decision making. Answers;
  • 6. Answers; 9.What are the amount of fine if the PIC or PIP shall be subject to an administrative violation of data privacy? The PIC or PIP shall be subject to an administrative fine of not less than Fifty Thousand Pesos (Php 50,000.00) but not exceeding Two Hundred Thousand Pesos (Php 200,000.00). 10. What will happen if a PIC or PIP that refuses to pay the administrative fine regarding the Circular of data privacy infractions? Answer: PICs or PIPs that refuse to pay the administrative fine under the circular may be subject to a Cease and Desist Order, other processes or reliefs as the Commission may be authorized to initiate pursuant to Section 7 of the Data Privacy Act, and appropriate contempt proceedings under the Rules of Court.
  • 7. REPUBLIC ACT NO. 10173 Accountability for Transfer of Personal Information Section 21 Principle of Accountability - The personal information controller is accountable for complying with the requirements of this Act and shall use contractual or other reasonable means to provide a comparable level of protection while the information are being processed by a third party. - The personal information controller shall designate an individual or individuals who are accountable for the organization’s compliance with this Act. The identity of the individual(s) so designated shall be made known to any data subject upon request.. DATA PRIVACY ACT - It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.
  • 8. Accountability for violation of the Act, the Rules and Other Issuances of the Commission A.) Any natural or juridical person, or other body involved in the processing of personal data, who fails to comply with Act, the Rules, and other issuances of the commission, shall be liable for such violation, and shall be subject to its corresponding sanction, penalty, or fine, without prejudice to any civil or criminal liability, as may be applicable.
  • 9. B.) In cases where a data subject files a complaint for violation of his or her rights as data subjects, and for any injury suffered as a result of the processing of his or her personal data, the Commission may award indemnity on the basis of the applicable provisions of the New Civil Code. C.) In case of criminal acts and their corresponding personal penalties, the person who committed the unlawful act or omission shall be recommended for prosecution by the commission based on substantial evidence. 9 Accountability for violation of the Act, the Rules and Other Issuances of the Commission (Cont.)
  • 10. DATA BREACH NOTIFICATION A.) The Commission and affected data subjects shall be notified by the personal information controller within 72 hours upon knowledge of, or when there is reasonable belief by the personal information controller or personal information processor that, a personal data breach requiring notification has occurred. B.) Notification of personal data breach shall be required when sensitive personal information or any other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the Commission believes that such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject.
  • 11. DATA BREACH NOTIFICATION(Cont.) C.) Depending on the nature of the incident, or if there is delay or failure to notify, the Commission may investigate the circumstances surrounding the personal data breach. Investigation may include on- site examination of systems and procedures.
  • 12. Contents of Notification The notification shall at least describe the nature of the breach, the personal data possibly involved, and the measures taken by the entity to address the breach. The notification shall also include measures taken to reduce the harm or negative consequences of the breach, the representatives of the personal information controller, including their contact details, from whom the data subject can obtain additional information about the breach, and any assistance to be provided to the affected data subjects.
  • 13. Delay of Notification - Notification may be delayed only to the extent necessary to determine the scope of the breach. To prevent further disclosures, or to restore reasonable integrity to the information and communications system. - In evaluating if notification is unwarranted, the Commission may take into account compliance by the personal information controller with this section and existence of good faith in the acquisition of personal data.
  • 14. - The Commission may exempt a personal information controller from notification where, in its reasonable judgment, such notification would not be in the public interest, or in the interest of the affected data subjects. - The Commission may authorize postponement of notification where it may hinder the progress of a criminal investigation related to a serious breach. 14 Delay of Notification
  • 15. Breach Report - The personal information controller shall notify the Commission by submitting a report, whether written or electronic, containing the required contents of notification. The report shall also include the name of a designated representative of the personal information controller, and his or her contact details. - All security incidents and personal data breaches shall be documented through written reports, including those not covered by the notification requirements.
  • 16. Enforcement of the Data Privacy Act - Pursuant to the mandate of the Commission to administer and implement the Act, and to ensure the compliance of personal information controllers with its obligations under the law, the Commission requires the following: A.) Registration of personal data processing systems operating in the country that involves accessing or requiring sensitive personal information.
  • 17. B.) Notification of automated processing operations where the processing becomes the sole basis of making decisions. C.) Annual report of the summary of documented security incidents and personal data breaches. D.) Compliance with other requirements that may be provided in other issuances of the Commission. 17 Enforcement of the Data Privacy Act (Cont.)
  • 18. Registration of Personal Data Processing Systems A.) The contents of registration shall include: 1. The name and address of the personal information controller or personal information processor 2. The purpose or purposes of the processing, and whether processing is being done under an outsourcing or subcontracting agreement; 3. A description of the category or categories of data subjects, and of the data or categories of data relating to them; 4. The recipients or categories of recipients to whom the data might be disclosed; 5. Proposed transfers of personal data outside the Philippines;
  • 19. Registration of Personal Data Processing Systems(Cont.) 6. A general description of privacy and security measures for data protection; 7. Brief description of the data processing system; 8. Copy of all policies relating to data governance, data privacy, and information security; 9. Attestation to all certifications attained that are related to information and communications processing; and 10. Name and contact details of the compliance or data protection officer, which shall immediately be updated in case of changes. B.) The procedure for registration shall be in accordance with the rules and other issuances of the commission.
  • 20. Notification of Automated Processing Operations The notification shall include the following information: 1. Purpose of processing; 2. Categories of personal data to undergo processing; 3. Category or categories of data subject; 4. Consent forms or manner of obtaining consent; 5. The recipients or categories of recipients to whom the data are to be disclosed;
  • 21. 6. The length of time the data are to be stored; 7. Methods and logic utilized for automated processing; 8. Decisions relating to the data subject that would be made on the basis of processed data; 9. Names and contract details of the compliance or data protection officer. No decision with legal effects concerning a data subject shall be made solely on the basis of automated processing without the consent of the data subject. 21 Notification of Automated Processing Operations (Cont.)
  • 22. Violations, Jurisdiction, Penalties, and Immunity Any person who performs or cause the performance of the following acts shall be liable: - Refusal to accept application or request with complete requirements being submitted by an applicant or requesting party without due cause; - Imposition of additional requirements other than those listed in the Citizen’s Charter;"(c) Imposition of additional costs not reflected in the Citizen’s Charter; - Failure to give the applicant or requesting party a written notice on the disapproval of an application or request;
  • 23. Violations, Jurisdiction, Penalties, and Immunity(Cont.) - Failure to render government services within the prescribed processing time on any application or request without due cause; - Failure to attend to applicants or requesting parties who are within the premises of the office or agency concerned prior to the end of official working hours and during lunch break. - Failure or refusal to issue official receipts; and - Fixing and/or collusion with fixers in consideration of economic and/or other gain or advantage.
  • 24. Penalties and Liabilities. Any violations of the preceding actions will warrant the following penalties and liabilities. • Criminal liability - shall also be incurred through the commission of bribery, extortion, or when the violation was done deliberately and maliciously to solicit favor in cash or in kind. In such cases, the pertinent provisions of the Revised Penal Code and other special laws shall apply. • Civil and Criminal Liability - Not Barred. The finding of administrative liability under this Act shall not be a bar to the filing of criminal, civil or other related charges under existing laws arising from the same act or omission as herein enumerated.
  • 25. • Administrative Jurisdiction. - The administrative jurisdiction on any violation of the provisions of this Act shall be vested in either the CSC, or the Office of the Ombudsman as determined by appropriate laws and issuances." 25 Penalties and Liabilities. (Cont.)
  • 26. Immunity, Discharge of Co- Respondent/Accused to be a Witness. Any public official or employee or any person having been charged with another offense under this Act and who voluntarily gives information pertaining to an investigation or who willingly testifies therefore, shall be exempt from prosecution in the case/s where his/her information and testimony are given. The discharge may be granted and directed by the investigating body or court upon the application or petition of any of the respondent/accused-informant and before the termination of the investigation:
  • 27. Immunity, Discharge of Co- Respondent/Accused to be a Witness.(Cont.) Provided, That: A.) There is absolute necessity for the testimony of the respondent/accused- informant whose discharge is requested; B.) There is no other direct evidence available for the proper prosecution of the offense committed, except the testimony of said respondent/accused- informant;" C.) The testimony of said respondent can be substantially corroborated in its material points;"
  • 28. D.) The respondent/accused-informant has not been previously convicted of a crime involving moral turpitude; and the said respondent/accused-informant does not appear to be the most guilty. Evidence adduced in support of the discharge shall automatically form part of the records of the investigation. Should the investigating body or court deny the motion or request for discharge as a witness, his/her sworn statement shall be inadmissible as evidence. 28 Immunity, Discharge of Co- Respondent/Accused to be a Witness.(Cont.)