Data Privacy and

Protection in Criminal
Justice in the IT Era
Data privacy Protection
• legal and regulatory measures that safeguard
individuals' personal information from
unauthorized access, use, disclosure, or
destruction. These principles are governed
primarily by the Data Privacy Act of 2012
(Republic Act No. 10173).
Data Privacy
• The right of individuals to control how their
personal information is collected, processed, and
used. It ensures that personal data is handled in
a lawful and transparent manner, with the
individual’s consent and protection.
 Key Elements under the Data
Privacy Act of 2012
•Consent and Transparency: Personal data can only be processed with the
individual’s consent, and individuals must be informed about how their data
will be used.
•Data Subject Rights: Individuals have the right to access, correct, and
request the deletion of their personal data.
•Accountability: Organizations are required to implement security measures
to protect personal information and appoint a Data Protection Officer (DPO).
•Security of Personal Data: Organizations must ensure that personal data is
safeguarded through secure storage, encryption, and limited access only to
authorized personnel.
•Breach Notification: In case of a data breach, organizations are obligated
to inform the National Privacy Commission (NPC) and affected individuals.
Importance of data privacy in
the criminal justice system.
• The importance of data privacy in the
criminal justice system cannot be
overstated, as it plays a critical role in
ensuring the protection of individuals'
rights, the integrity of investigations, and
the security of sensitive information.
Reasons why data privacy is crucial
in this sector:
• Right to Privacy: Individuals, including suspects, victims, and
witnesses, have the right to have their personal information handled
with confidentiality. Protecting this data prevents violations of their
fundamental rights, as guaranteed by laws such as the Data Privacy
Act of 2012.
• Prevention of Discrimination: Misuse of personal information can
lead to unfair treatment or profiling, especially in cases involving
sensitive data like criminal records or personal history.
Maintaining the Integrity of Investigations
• Preserving Confidentiality: Investigations often
involve sensitive information about ongoing cases.
Unauthorized disclosure of such data can compromise
the investigation, tamper with evidence, and alert
suspects prematurely.
• Preventing Evidence Tampering: Strict data privacy
measures help to ensure that critical case information
remains confidential and untampered, protecting the
chain of custody and maintaining the validity of
evidence in court.
Security of Sensitive Data
• Protection from Cyber Threats: Criminal justice systems
increasingly rely on digital records and databases. Without
robust data privacy practices, these systems are vulnerable
to cyberattacks, hacking, or data breaches, leading to the
exposure of critical law enforcement data.
• Prevention of Identity Theft: Personal information, if
exposed, can be used for malicious activities such as identity
theft or fraud, affecting both victims and those involved in
criminal proceedings.
Ensuring Public Trust
•Accountability and Transparency: Adhering to strict data
privacy regulations helps build trust between the criminal
justice system and the public. Citizens need to be confident
that their personal data will be used responsibly and ethically.
•Fair Justice Process: Ensuring data privacy supports a fair
judicial process by protecting individuals from being prejudiced
by leaked or misused information before trial.
Adhering to Legal Obligations:
• Data privacy laws like the Data Privacy Act
(Philippines) and international regulations such
as the General Data Protection Regulation
(GDPR) set strict guidelines for handling
personal data. Ensuring compliance helps avoid
legal penalties and protects the rights of data
subjects.
 Challenges in the IT Era
•Increasing digitization of records and case files.
•Cybersecurity threats (e.g., hacking, data
breaches).
•Balancing transparency and confidentiality.
 The Data Privacy Act of 2012 aims to protect the
privacy of individuals and regulate the collection,
storage, and processing of personal information. It is
enforced by the National Privacy Commission (NPC)
and applies to both public and private entities. Key
provisions include:
1.Data Subject Rights: Individuals have the right to access, correct, and
delete their personal data.
2.Data Collection and Processing: Data must be collected for legitimate
purposes, with the individual’s informed consent, and processed fairly
and lawfully.
3.Data Security: Organizations are required to implement measures like
encryption, data access controls, and risk management protocols to
protect personal data from breaches and unauthorized access.
4.Accountability and Compliance: Organizations must appoint Data
Protection Officers (DPOs) and ensure compliance with the law through
regular audits and breach reporting.
Best Practices for Data Protection
•Encryption of sensitive data.
•Use of secure networks and systems.
•Access control and authentication.
•Regular security audits and staff training.
Technology’s Role in Protecting Data

•AI and machine learning in threat detection.

•Cloud storage with enhanced security protocols.
•Blockchain for secure and immutable record
keeping.
•Secure data transfer technologies (e.g., VPNs).
Penalties for violating data privacy
laws
• can vary depending on the specific law or regulation
in question and the severity of the violation. Below
are examples of penalties for non-compliance with
data privacy laws in the Philippines and international
regulations like the GDPR (European Union) and CCPA
(California).
• In the Philippines, violations of the Data Privacy Act (Republic
Act No. 10173) can lead to both civil liabilities and criminal
penalties. The penalties are based on the nature of the
violation and whether it was intentional or due to negligence.
• Criminal Penalties:
• Unauthorized Processing of Personal Information:
• Fine: PHP 500,000 to PHP 4 million.
• Imprisonment: 1 to 3 years for personal information; 3 to 6 years for
sensitive personal information.
•Access Due to Negligence:
•Fine: PHP 500,000 to PHP 4 million.
•Imprisonment: 6 months to 2 years for personal information; 1 to 3 years for
sensitive personal information.
•Improper Disposal of Personal Data:
•Fine: PHP 500,000 to PHP 2 million.
•Imprisonment: 6 months to 3 years.
•Unauthorized Disclosure:
•Fine: PHP 500,000 to PHP 4 million.
•Imprisonment: 1 to 3 years for personal information; 3 to 5 years for sensitive
personal information.
•Malicious Disclosure:
•Fine: PHP 500,000 to PHP 1 million.
•Imprisonment: 1 to 3 years for personal information; 3 to 5 years for sensitive
personal information.
•Data Breach Notification Failure:
•Fine: PHP 500,000 to PHP 1 million.
•Imprisonment: 18 months to 5 years.
Civil Liabilities:

• In addition to criminal penalties, violators may be required to

pay damages to affected individuals for moral, actual, or
nominal damages due to the breach or misuse of their
personal data.
Intellectual property (IP)
• Copyright: This protects original works of authorship,
such as literary, musical, and artistic works. Copyright
gives the creator exclusive rights to reproduce,
distribute, and display their work. For example, books,
music, films, and software are all covered under
copyright law.
Copyright infringement
• occurs when a person or entity uses someone
else's copyrighted work without permission,
violating the exclusive rights granted to the
copyright holder. This can include a variety of
actions, such as:
•Reproducing the Work: Making copies of the copyrighted
material without authorization, such as photocopying a book or
duplicating software.
•Distributing the Work: Sharing copyrighted content without
permission, whether through physical means (like selling copies) or
digital platforms (like uploading to a website).
•Performing or Displaying the Work: Publicly performing a song,
showing a film, or displaying artwork without the owner's consent.
•Creating Derivative Works: Modifying or adapting a copyrighted
work to create something new (like a remix or a film adaptation)
without the original creator's permission.
• Copyright Infringement Examples:
1.Using a Movie Clip: If someone uses a short clip from a movie in a
video without permission from the copyright holder, that would be
considered copyright infringement.
2.Copying a Book: Photocopying a chapter from a book to distribute
to friends or for a class without the author’s permission is also
copyright infringement.
3.Unauthorized Image Use: Using a copyrighted photograph in a
blog post without permission from the photographer is an
infringement of copyright.
Piracy
• Piracy is a specific type of copyright
infringement that generally involves the
illegal copying and distribution of
copyrighted material, especially on a large
scale. It often refers to digital content.
• Piracy Examples:
1.Torrenting Movies: Downloading full movies from
torrent sites without permission is a clear example of
piracy, as it involves large-scale illegal distribution.
2.Cracked Software: Using or distributing software that
has been modified to bypass its licensing or activation
requirements is considered software piracy.
3.Streaming from Illegal Sites: Watching movies or TV
shows on unauthorized streaming websites that do not
have the rights to distribute that content is also piracy.
Fair Use
• is a legal doctrine that allows limited use of
copyrighted material without obtaining
permission from the copyright owner.
4 FACTORS OF FAIR USE

• AMOUNT – use small amount of work.

• PURPOSE – transform into something new.
• NATURE – use works that are nonfiction or
based on fact.
• EFFECT – The effect of new work shouldn't
affect the value of originalwork.
ACCEPTABLE
• EDUCATION
• CRITICIZING OR COMMENTING
• NEWS REPORTING
THANK YOU!