Senate bill seeks to punish identity theft,
misuse of personal info by firms

Sen. Loren Legarda has filed a bill seeking to penalize the rapidly emerging crime of "identity theft," and to compel firms that handle a great deal of restricted personal information, such as banks and credit card issuers, to build in adequate precautions to prevent any breach of the right of privacy of individuals.

Under Senate Bill 1371, identity theft is defined as "fraud committed using the sensitive personal information of another individual, with the intent to commit, or to aid or abet any unlawful activity that constitutes a violation of any existing laws and results in economic loss to that individual."

As proposed by the bill, "sensitive personal information" would refer to an individual's first name and surname in combination with other details, such as those that relate to, but not limited to, an individual's financial account, credit standing, health condition, and family tree.

The most common kinds of identity theft involve the stealing of another person's information in order to defraud the government, such as through the diversion of pension checks; to deceitfully obtain credit, mostly from card issuers; or to make false insurance claims.

Under Legarda's bill, identity thieves would be punished with up to 10 years in prison, or a fine of as much as P500,000, or both.

The same penalty would apply to persons or the officers and directors of firms that "misappropriate" sensitive personal information, once it is proved that the misuse became injurious to the person with whom the facts pertained.

In pushing the bill's swift congressional approval, Legarda invoked the Constitution, which she said, "distinctly protects the right to privacy."

"Based on the zones of privacy established by the Bill of Rights, every person clearly enjoys the right to be let alone, or the right to determine what, how much, to whom and when information about himself/herself may be disclosed," Legarda stressed.

"Congress must now safeguard the right to privacy, which has become vulnerable to invasion and manipulation by corrupt individuals and entities that take advantage of new technology, including the spread of electronic databases," she said.

An electronic database is a computerized collection of information produced to bring such facts together in one place or through one source so that these may be accessed by authorized persons.

Among the biggest generators of sensitive electronic databases are banks, credit card issuers and telecommunication service providers that, by the nature of their business, have to maintain large amounts of up-to-date customer or user personal details.

Legarda's bill requires all entities that maintain sensitive personal information bases to develop and enforce reasonable security procedures against "any unauthorized access, destruction, use, modification or disclosure."

They would also be required to establish prompt notification procedures once an individual's personal information is violated, threatened or compromised.

The bill does not only cover private firms, but also public institutions with large repositories of personal data, such as the Social Security System, Government Service Insurance System, the Passport Office and the Land Transportation Office.

In the United States, a number of financial institutions have lost customer databases as a result of staff negligence, the unauthorized reproduction and sharing of files or high-tech theft by computer hackers. The losses have rendered millions of people exposed to identity theft.