top of page
SPECIAL ARTICLE - “MUNTIK NA AKONG MAMATAY KAYA DESERVE KO ‘TO!” - HEART-IG _iamhearte.jpg

Tungkulin ng credit card company sa kanilang mga kliyente

  • Persida Acosta
  • May 2, 2020
  • 2 min read

Dear Chief Acosta,

Ako ay credit card holder. Sa loob ng ilang buwan ay may mga irregular transaction sa card ko na agad ko namang ipinaalam sa aking credit card company. Bilang tugon ay agad nila itong itinama mula sa aking statement of account. Napag-alaman ko na ang data processing system ng nasabing kompanya ay na-hack, anim na buwan na ang nakalilipas, ngunit kagabi ko lang ito nalaman nang mapanood ko sa balita. Ano ba ang tungkulin ng nasabing credit card company sa ganitong pangyayari? – Karla

Dear Karla,

Ang inyong credit card company, bilang personal information controller ay may tungkulin na pangalagaan ang inyong personal na impormasyon at ingatan ang seguridad nito, alinsunod sa Republic Act (R.A.) No.10173 o mas kilala bilang “Data Privacy Act of 2012.” Kaugnay nito, nakasaad sa Section 20 (f) ng nasabing batas at sa Section 38 ng kaakibat na Implementing Rules and Regulations (IRR) ang tungkulin ng personal information controller sa pagkakataong magkaroon ng anomalya sa mga personal na impormasyon sa ilalim ng kanilang pangangalaga:

“SEC. 20. Security of Personal Information.

(f) The personal information controller shall promptly notify the Commission and affected data subjects when sensitive personal information or other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the Commission believes that such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject. The notification shall at least describe the nature of the breach, the sensitive personal information possibly involved, and the measures taken by the entity to address the breach. Notification may be delayed only to the extent necessary to determine the scope of the breach, to prevent further disclosures, or to restore reasonable integrity to the information and communications system.

xxx xxx xxx

Section 38. Data Breach Notification.

a. The Commission and affected data subjects shall be notified by the personal information controller within seventy-two (72) hours upon knowledge of, or when there is reasonable belief by the personal information controller or personal information processor that, a personal data breach requiring notification has occurred.”

Ayon sa batas, ang inyong credit card company, bilang personal information controller ay may tungkulin na ipagbigay-alam sa Data Privacy Commission at sa inyo bilang data subject, ang anumang anomalya o breach of security na naganap kung saan ang inyong personal na impormasyon ay maaaring makuha ng ibang tao.

Nawa ay nasagot namin ang inyong katanungan. Nais naming ipaalala sa inyo na ang opinyon na ito ay nakabase sa inyong mga naisalaysay sa inyong liham at sa pagkakaintindi namin dito. Maaaring maiba ang opinyon kung mayroong karagdagang impormasyon na ibibigay. Mas mainam kung personal kayong sasangguni sa isang abogado.

Comments


Disclaimer : The views and opinions expressed on this website or any comments found on any articles herein, are those of the authors or columnists alike, and do not necessarily reflect nor represent the views and opinions of the owner, the company, the management and the website.

RECOMMENDED
bottom of page