D’ feasibility of E-governance Without Data Protection.

Remember when our government wanted us to have an ID system to properly identify legitimate citizens from the terrorists who assume fake identities, I was skeptical if it will be of help. There are yet no data protection laws and system in this country. People shouldn’t just hand over all of their sensitive information to the nearest government agency and be comfortable in knowing that their personal information are protected. It’s hard enough for one government agency to protect their own records of information, let alone have all the records of a person be consolidated and be contained in one database, but accessed by many agencies and from many points. Their proposed biometrics is not the cure, if the problem lies in the misuse of information. Yes we may be able to identify the person and be protected from him. But who and what will protect this individual person from having his financial, home address, and other personal and private information misused?

Recently in London, the child benefit records of 25 million individuals were lost. The British already have data protection laws and a reliable system which can accommodate a very large amount of database handling these vital information, still they were too late in finding out the loss of the benefits records and have yet come out with an investigation report or prosecution. As of the last count the discs containing all the information are now priced at 1.5 billion pounds to criminals. It is understood that one identity in the black market is priced at 60 pounds. The information obtained can be used in fraud of the rightful owner, businesses and even the government institutions. Identity theft will certainly be easier to do and be harder to trace. It fails to fulfill the aim of properly identifying the legitimate citizens with lawful transactions, we may now have fraudsters who are virtually unidentifiable. And to put hold all the transactions of known lost information will be disastrous to legitimate dealings. It will be no better, but far worse than the present system.

In London, what were stolen were the downloaded files recorded in discs. If that were the case here in the Philippines, the culprits can only be criminally liable for the theft of the discs but not of the full extent for the data in those discs. Data such as personal information of an individual is not the property to be stolen or robbed contemplated by our laws although. Nor can it be the protected material that infringes on intellectual property rights contemplated by the crime of piracy under RA 8292 which is the E-commerce Act.

If they sell the information, and it comes in the possession of a person, it is not even considered fencing. Although the information is of value[1] , its value is only in the black market, and it is not the thing contemplated by law to be fenced. It is also not copyright infringement, because there is no copyright over this kind of information. The use of the information is not prohibited as long as you don’t assume the identities or steal from the owners of which you can now be liable for fraud. This can even be used in evidence. Even if there are confidentiality issues as long as the other party was able to obtain the document containing the information from another source, it will be admitted.

If for example, the thief subject to the penalty of fine and imprisonment of hacking in RA 8298 merely copies the information from a database, sells these personal information to telemarketers, and the telemarketers use the information for target advertising, there is really no material injury for the owners. It is the government that can prosecute against the hacking by the unauthorized access and interference of it's databases. The individuals however may only have the damages from the breach of their privacy and human relations.

[1] ... any article, item, object or anything of value which he knows, or should be known to him, to have been derived from the proceeds of the crime of robbery or theft