29 June 2020
More than two months ago, the Philippines was placed under a nationwide lockdown. Overnight, everything became digital. The traditional classroom set-up became virtual classes, while boardroom meetings, as well as informal gatherings, shifted to video conferencing meetings. Online apps for buying and selling are also utilized, and going cashless has become the preferred mode of payment.
With the rise of these online platforms, the threat to our personal data is also increasing. Recent news reported several cyber-related breaches, including fraudulent credit card transactions, identity thefts, and software stealing. Cybercriminals have taken advantage of the current health crisis and are attacking individuals, corporations, and even government organizations when their cyber defenses are most vulnerable.
Hacking is one of the most common types of cybercrimes. These hackers, specifically the black hat hackers, are responsible for taking advantage of the weaknesses of computer systems and maliciously infiltrate the same to illegally obtain some gain or benefits.
In the Philippines, we have several laws that punish the act of hacking.
Foremost is Republic Act No. 8792, or the Electronic Commerce Act of 2000, which defines hacking as the “unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic document.”
A person who is found guilty of hacking is “punished by a minimum fine of P100,000 and a maximum commensurate to the damage incurred and a mandatory imprisonment of six months to three years.”
Republic Act No. 11449, which expanded the Access Devices Regulations Act of 1998, likewise punishes hacking. A person found guilty of this act is punished by an “imprisonment for not less than six years and not more than 10 years and a fine of P500,000 or twice the value obtained by the offender, whichever is higher, without prejudice to the civil liability of the offender.” Moreover, hacking of a bank’s system is considered an economic sabotage, which is met with the harshest penalty of life imprisonment.
Under Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, offenses against confidentiality, integrity and availability of computer data and systems, including, 1.) illegal access to a computer system without right; 2.) illegal interception; 3.) data interference; and, 4.) system interference, are penalized. Any person found guilty of any of the above acts shall be “punished with imprisonment of prision mayor or a fine of at least P200,000 up to a maximum amount commensurate to the damage incurred or both.”
Finally, Republic Act No. 10173, or the Data Privacy Act of 2012, recognizes the role of information and communications technology in the modern world, and the need to protect and secure the rights of the data subject, particularly its right to privacy. The law punishes unauthorized processing of personal and sensitive personal information, as well as unauthorized access or intentional breach of security data systems where personal and sensitive information is stored. A person found violating the provisions of the Data Privacy Act will be subject to imprisonment and/or a fine.
With the government’s policy encouraging everyone to stay, learn, or work from home, focus on one’s cybersecurity is essential. Being online opens new doors for cybercriminals to exploit our vulnerabilities. Thus, it is timely and apt to know and understand the laws that protect our rights against hacking.
For further information, please contact:
accra@accralaw.com