Gemalto is now part of the Thales Group, find out more.

The Data Privacy Act of 2012 (Republic Act 10173)

Philippines banner


Gemalto’s portfolio of SafeNet Data Encryption, Hardware Security Modules and Key Management solutions provide persistent protection of sensitive data to meet the most stringent compliance mandates and regulations. So, in the event of a breach, the need to report a breach may be largely reduced when sensitive information are already encrypted and secure by strong key management.

The National Privacy Commission (NPC), formed as a result of the Philippines’ Data Privacy Act of 2012 (Republic Act 10173), lays forth a set of requirements designed to protect personal information in both government and private sector organizations. The regulation sets out a data privacy accountability and compliance framework that covers a wide range of issues such as governance, data security, training, third party affiliations and breach notification. September 9, 2017 was the Implementation of Rules and Regulation (IRR) deadline by which point organizations were to register their data processing systems with the NPC. The next implementation phase’s deadline, during which organizations will need to show progress toward compliance, is set for March 8, 2018.

What does the Data Privacy Act of 2012 mean?

The Data Privacy Act of 2012 requires organizations to appoint a Data Protection Officer (DPO), make their data processing transparent to their customers, and maintain the confidentiality, integrity and availability of their data. ‘Security incidents’ as defined by the law do not require notification. However, should a data breach occur and the following information applies, organizations will need to notify the NPC and customers. A breach will require notification if:

  1. The breached information must be sensitive personal information, or information that could be used for identity fraud, and
  2. There is a reasonable belief that unauthorized acquisition has occurred, and
  3. The risk to the data subject is real, and
  4. The potential harm is serious.

How to prepare your organization for the Data Privacy Act of 2012

Mitigating these 4 points will ensure that, even in the event of a data breach, organizations can reduce their notification obligations. The surest way to minimize your notification obligations is to ensure that the breach of customer information does not result in risk to the data subject. Security controls, such as data encryption and centralized key management, can keep customer data from external attacks not prevented by perimeter security, and from internal users capable of abusing their privileged access.

How to apply robust data encryption and key management to protect your data

To address the Privacy Act’s compliance requirements, organizations may need to employ one or more encryption method in either their on-premises or cloud environments, to protect the following:

Strong key management is necessary to protect encrypted data, so that in the event of a data breach the encrypted data is safe because the encryption keys are secured.

Organizations will also need a way to verify the legitimacy of user identities and digital transactions, and to prove compliance. It is critical that the security controls in place be demonstrable and auditable.

Gemalto offers the only complete data protection portfolio that works together to provide persistent protection and management of sensitive data, which can be mapped to the Privacy Act’s framework.

Addressing the Data Privacy Act of 2012 (Republic Act 10173)

Addressing the Data Privacy Act of 2012 (Republic Act 10173)

Download the eBook

Learn More About EU Regulations

Getting started with GDPR, Privacy and Applying Appropriate Security Controls - Webinar

Getting started with GDPR, Privacy and Applying Appropriate Security Controls - Webinar

Join (ISC)² and Gemalto in this on-demand webinar to find out what you should know about the new General Data Protection Regulation: background, what is changing, penalties for getting it wrong, security implication and more.

Watch our on-demand webinar
EU Flag Thumbnail - GDPR Compliance Call to Action

Prepare for GDPR

From the physical and virtual data center to the cloud, Gemalto helps organizations remain protected, compliant, and in control. Gemalto encryption and cryptographic key management products enable organizations to secure sensitive data in databases, applications, storage systems, virtualized platforms, and cloud environments.

Contact us for help addressing GDPR






* 电邮地址:  
* 名:  
* 姓:  
* 公司:  
* 手机:  
* 国家:  
* State (US Only):  
* Province (Canada/Australia Only):