In addition to the long-awaited SMS indicating that your Lazada or Shopee shipment is being delivered or the exclusive PIN that closes your transaction, some other type of SMS frequents our mobile phones these days: fraudulent SMS. Many other people who use cell phones to get spam ranging from prizes supposedly won to remote family members asking for monetary support. Lately, those text messages have even evolved to include the recipient’s name, which is obviously cause for concern.
It is a source of curiosity, even suspicion, how non-public knowledge, such as a person’s name, identity or main points of contact, is collected and abused, especially since subjects of knowledge under the Data Protection Act 2012 (“DPA”) have the right to be informed when non-public data concerning them is being processed or has been processed.
According to the DPA, non-public data of knowledge subjects shall only be collected for specific and valid purposes and processed in a manner consistent with those purposes. So, it is the duty of non-public data controllers to ensure that public data is not treated responsibly and is not disclosed or collected through unscrupulous individuals.
With respect to non-public data of knowledge topics, in particular their names, there is a legal duty on the part of readers and processors to act only in accordance with the valid and decided purposes for which a knowledge topic provides its information. or your data. In addition, ensuring the security of non-public data is the duty of non-public data readers. Measures shall be implemented to prevent accidental or unlawful disclosure as well as unlawful processing of non-public data. If non-public data controllers move nonpublic data for any purpose, the point of coverage imposed on nonpublic data must be maintained. With the legal duty imposed on entities that process non-public data of individuals, a maximum of diligence will have to be exercised and appropriate sanctions will have to be imposed for non-compliance with the criteria of the law.
The DPA itself provides that sanctions are imposed on those responsible for and in charge of the processing of non-public data that do not comply with the obligations imposed on them by law. Criminal penalties and fines are imposed on those who violate the provisions of the CEC. Unauthorized processing of non-public data, or processing without the consent of a subject of knowledge, is punishable by one to 3 years and a fine of not less than PhP 500,000 but not more than PhP 2,000,000. The processing of non-public data for unauthorized purposes is punishable by one year and six months to five years and a fine of not less than PhP 500,000 but not more than PhP 1,000,000. Unauthorized disclosure, or disclosure to a third party of non-public data without the consent of the user concerned, without malice or in good faith, would possibly be punishable by a penalty of one to three years and a fine of not less than PhP 500,000 but not more than PHP1,000,000.
If the offender is a legal person, the penalty should be imposed on the guilty officials who participated, or even through their gross negligence, allowed the commission of the crime. The DPA may be suspended or revoked. The law goes even further by punishing crimes committed on a large scale, or when the private information of at least a hundred other people is involved. The maximum penalty is imposed when the offence is committed. on a giant scale.
With the above, how did those SMS scams come about?Note that “contract search forms” were imposed at the height of the pandemic, when the public submitted non-public data in the hope that it would only be used for the determined goal of tracking the spread of COVID-19. Online grocery shopping and cash movement apps with an increasing number of users have led the public to provide their non-public data. With the rise of those platforms where other people provide their non-public data, a violation of knowledge privacy can lead to many knowledge subjects having their non-public data used for misplaced purposes. The proliferation of SMS scams can be traced here, as it is transparent that the non-public data of the Americans involved has been accessed illegally. It is certain that the people involved do not knowingly provide their data or consent to receive spam that seeks to profit from them by adding them in a scam designed to component with their money.
Due to the growing public fear about using your non-public data in this way, as well as the unfortunate scenario where other people are scammed for their money through SMS phishing, the appropriate government agencies will need to ensure the security of non-public data and enforce existing laws. The National Privacy Commission and the Ministry of Trade and Industry have issued notices warning the public about spam messages that seek to lie to others into believing they have been hired through an imaginary employer with whom they have not implemented or have won an abundant amount that would embarrass the lottery cash prize.
Not only is the public warned to take extra precautions not to fall victim to SMS phishing, but the National Telecommunications Commission also invites telecom operators themselves to use their success to warn the public about these SMS scams. Order Memorandum No. 006-09-2022, the NTC even directed cell phone manufacturers, distributors, and resellers to educate the public on cell phone coverage features.
Are those promises enough? Given the provisions of the law that list day-to-day jobs and sanction violations, entities that care for non-public data of the public deserve to be more diligent in ensuring the security of the data entrusted to them. Ensure the confidentiality of data sent by the public, especially those that are the first to suffer and will likely fall victim to harmless, but in fact highly harmful, text messages.
This article is for informational and educational purposes only. It is not available and does not constitute legal or legal advice.
For information, please contact:
Mary Clarence Angela T. Protacio, Accra Law
ctprotacio@accralaw. com
Terms of use | Privacy Statement © 2022 Conventus Law. All rights reserved.