Glyness Relox BSCPE5-3

Quiz3: 2 related cases in the Philippines that violates the IT laws. Cite
your sources if any.

DATA BREACHES: BEYOND INCONVENIENCES

December 19, 2018

Costing millions to settle, privacy-related offenses have never been more prevalent and
damaging as they are today. They are treated as violations of existing data protection
regulations, and usually lead to hefty fines for the erring organizations.
Take the case of ride-hailing company, UBER. After arriving at a $148 million
settlement to resolve its 2016 data breach, it was fined yet again by two European data
protection authorities that found the same breach to have violated their local privacy
laws. This shouldn’t come as a surprise. Under the European Union’s General Data
Protection Regulation (GDPR), organizations violating its provisions may be meted with
a penalty of up to 4% of the organization’s annual turnover.

In the Philippine context, a natural and juridical person involved in the processing of
personal data is subject to the Data Privacy Act of 2012 (DPA), which penalizes specific
acts it considers as unlawful or improper handling of personal data. Sanctions could
reach up to seven (7) years of prison time, and fines as high as five million pesos
(PhP5,000,000.00). For organizations, the penalties are imposed on the individuals
who actually participated in the crime, or allowed the same by their gross negligence.

Below are the activities prohibited under the DPA, including some examples:

Unauthorized processing of personal information and sensitive personal information. A

company that monitors its customers’ spending habits without informing them of such
surveillance activity may be seen as engaged in unauthorized processing of personal
data.

Accessing personal information and sensitive personal information due to negligence.

Personal data accessed by unauthorized persons due to an individual controller’s lack
of or failure to implement a clear data governance policy may be guilty of this.

Improper disposal of personal information and sensitive personal information. It is

illegal for personal data to be disposed of, discarded, or abandoned in a manner that
does not result its complete destruction (i.e., inaccessible). Consequently, an individual
must be aware that data disposal carried out simply by dumping papers into the trash
bin may be insufficient in some cases.
Processing of personal information and sensitive personal information for unauthorized
purposes. The use or processing of personal data for additional purposes unknown to
or unauthorized by so-called data subjects is also a violation of the DPA. This is the
case when client information intended for payment processing is used by a company in
sending out solicitation letters or promotional materials.

Unauthorized access or intentional breach. Activities that violate the confidentiality of

some personal data fall under this category. Hacking is a common example.

Malicious Disclosure. When information (even if untrue) about an individual is disclosed

in bad faith or with malice, the culprit may also be held liable under the DPA. This is
remarkably close to if not similar to the concept of libel.

Unauthorized Disclosure. Along the same line, disclosure or sharing of personal data
with other parties without the data subject’s knowledge and/or consent is also
considered a distinct crime. This occurs when patient cases or student grades are
casually discussed in elevators, cafeterias, social gatherings, and other public places.

Concealment of Security Breaches involving Sensitive Personal Information. An

organization that, even after becoming aware of a data breach that needs to be
reported to the National Privacy Commission, actively hides or conceals such incident,
is also considered to be in violation of the DPA.

It is imperative that individuals and organizations handling personal data keep this list in
mind and understand its implications on their business or activities. They need to figure
out how to act in accordance with the provisions of DPA, since, as shown by the
experience of their peers in other countries, even a small oversight could lead to very
serious consequences

http://m.ateneo.edu/mob1/news/24411/data-breaches%3A-beyond-
inconveniences
ABS-CBN files $8-M infringement suit against kissasian.com
By: Miguel R. Camus - 3 years ago

ABS-CBN Broadcasting Center

ABS-CBN Broadcasting Center in Quezon City (Photo by GRIG C.
MONTEGRANDE/Philippine Daily Inquirer)

Philippine media giant ABS-CBN Corp. filed an $8 million lawsuit against video
streaming website kissasian.com for illegally showing its content, a statement on Friday
showed.

ABS-CBN, via an international subsidiary, said it had filed a suit before a United States
Federal District Court for damages against kissasian.com for is alleged infringement of
trademarks and registered copyrights of 27 of its television shows and movies.

The lawsuit was filed in the US because the programs are registered with the US
Copyright Office, a spokesman said.

Contact information posted on kissasian.com led to a deactivated page on social media

platform Facebook.

As of this writing, the website were still allowing users to stream ABS-CBN’s various
shows and movies, which formed part of a library of over 60 titles from the Philippines.

The website is also a platform for free content from other countries, such as China,
Indonesia, Japan, Malaysia, Taiwan, Thailand, South Korea, and even North Korea.

North Korea only has one title listed – “Under the Sun,” a documentary that has drawn
international criticism for being a Pyongyang propaganda tool.

“We are stepping up our anti-piracy enforcement in 2017,” Elisha Lawrence, ABS-
CBN’s assistant vice president of global anti-piracy, said in the statement. “These pirate
sites often victimize our fans when they access these sites and are later attacked by
malware which steals their financial and personal data.”
In the same statement, ABS-CBN said it was awarded this week an amended default
judgment of nearly $11 million against 11 online streaming websites that the company
said regularly showcased pirated versions of its programming.

In his amended default judgment, US District Judge William P. Dimitrouleas ordered the
defendants to pay at least $1 million each in statutory damages.

The judge also ordered the defendants to stop advertising, promoting, performing,
copying, broadcasting, or distributing ABS-CBN’s copyrighted work, which includes a
variety of television programming.

Among the pirate websites, Freepinoychannel.com and Pnoytambayantv.com were

each ordered to pay $1.18 million in statutory damages, while Lambingan.to,
Pinoynetwork.to, and Tambaytayo.com were asked to pay $1.09 million each.

Pinoymovie.to was ordered to pay $1.24 million in statutory damages.

The sites provided on-demand streaming performances of full-length versions of TV

shows and movies through their sites, according to the suit.

ABS-CBN is seeking at least $2 million in statutory damages per counterfeit trademark

used, as well as triple the defendants’ profits from the alleged infringement. /atm

https://business.inquirer.net/224735/abs-cbn-files-8-m-infringement-suit-against-kissasian-
com/amp&ved=2ahUKEwiUz7iawJnpAhUJyzgGHSXEAiQQFjAAegQIAxAB&usg=AOv
Vaw3R7VGFQYrzfdbuSPBYsEgS&ampcf=1