RFTB DPA

DATA PRIVACY ACT CPALE Syllabus 1. Discuss definitions 2. Discuss the scope of application 3. Describe the data privacy principles 4. Illustrate processing of personal data 5. Identify the security measures for protection of personal data 6. Determine the rights of data subject 7. Apply data breach notification 8. Discus outsourcing and subcontracting agreements 9. Determine registration and compliance requirements 1 DATA PRIVACY ACT CPALE Syllabus Introduction to the Data Privacy National Privacy Commission Structure of the Data Privacy Act 1. Discuss definitions 2. Discuss the scope of application 3. Describe the data privacy principles 4. Illustrate processing of personal data 5. Identify the security measures for protection of personal data 6. Determine the rights of data subject 7. Apply data breach notification 8. Discus outsourcing and subcontracting agreements 9. Determine registration and compliance requirements 2 Introduction to Data Privacy 3 4 Loss of Trust Loss of Selfdetermin ation Discrimination Harassment Damaged Reputation Loss of Autonomy Lost of Money Stigmatization 5 1. 2. 3. Protects the privacy of individuals while ensuring free flow of information to promote innovation and growth; Regulates the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of personal data; and Ensures that the Philippines complies with international standards set for data protection through National Privacy Commission (NPC). 6 ▪ More than 900,000 (3%) clients of Philippine-based pawnshop Cebuana Lhuillier were affected by a data breach at the beginning of 2019. ▪ On March 27, 2016, hackers under the banner "Anonymous Philippines" hacked into the website of the COMELEC and defaced it. 55 million registered voters are at risk due to the data breach according to security firm, Trend Micro potentially surpassing the Office of Personnel Management data breach which affected 20 million people. ▪ Online lenders barred from harvesting borrowers’ phone and social-media contact list, says Privacy Commission. ▪ In April 2019, it was revealed that two datasets from Facebook apps had been exposed to the public internet. The information related to more than 530 million Facebook users and included phone numbers, account names, and Facebook IDs. 7 In 2019, the number of phishing cybercrime incidents in the Philippines was highest for those within the National Capital region, amounting to approximately 58.2 thousand victims. “While the law provides protection to your personal information, as a data subject, you still need to be vigilant at all times”. 8 Personal data breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed. Types of Data Breach – Confidentiality, Integrity and Availability. Processing – Transmitted, Stored, or otherwise processed. Risk or Exposure 1. Accidental or unlawful destruction and loss 2. Alteration of personal data 3. Unauthorized disclosure of, or access Availability breach Integrity breach Confidentiality breach 9 An availability breach resulting from loss, accidental or unlawful destruction of personal data; An integrity breach resulting from alteration of personal data; and/or A confidentiality breach resulting from the unauthorized disclosure of or access to personal data. National Privacy Commission 10 11 ▪ An independent body mandated to administer and implement the act, and to monitor and ensure compliance of the country with international standards set for personal data protection. ▪ Coordinate with other government agencies and the private sector on efforts to formulate and implement plans and policies to strengthen the protection of personal information in the country. 12 a. b. c. d. e. f. g. Rule Making Advisory Public Education Compliance and Monitoring Complaints and Investigations Enforcements Other Functions – Administrative Issuances 1) Discuss the Definitions 14 ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ Consent of the Data Subject Data Subject Data Processing System Filing System Information and Communication System Processing Personal Breach Personal Data Personal Information Personal Information controller Personal Information processor Privileged Information Sensitive Personal Information 15 Data subject refers to an individual whose personal information is processed. (Sec. 3 (c), R.A. 10173) 16 Refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf. The term excludes: (1) A person or organization who performs such functions as instructed by another person or organization; and (2) An individual who collects, holds, processes or uses personal information in connection with the individual’s personal, family or household affairs. (Sec. 3 (h), R.A. 10173) 17 ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ NBI GSIS SSS DFA PSA BIR PRC LTO Are the above exclusive? 18 Refers to any natural or juridical person qualified to act as such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject. (Sec. 3 (i), R.A. 10173) Example: Executive Search, BPO, Health Service Provider, Cloud Computing Service 19 The Data Privacy Act is a law that seeks to protect all forms of information, be it private, personal, or sensitive. It is meant to cover both natural and juridical persons involved in the processing of personal information. 20 1. 2. 3. Personal Information Sensitive Personal Information Privileged Information 21 “Personal information” refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual; Marites Dela Cruz ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ Full name Gender Birthdate Mobile No. Address Birthplace Bank Account number Parents’ name 22 Sensitive personal information refers to personal information: 1. About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; 2. About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; 23 3. Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or cm-rent health records, licenses or its denials, suspension or revocation, and tax returns; and 4. Specifically established by an executive order or an act of Congress to be kept classified 24 Personal Sensitive Full name Marital Status Gender Race, Color, Age, Ethnic Origin Birthdate Health, Education, Genetic or Sexual Life Mobile No. Criminal Proceeding Information Address Religious, Philosophical or Political Affiliations Birthplace Government Issued Personal information, Tax returns Bank Account Number Parents’ name 25 Any and all forms of data which constitute privileged communication under the Rules of Court and laws. ▪ ▪ ▪ ▪ ▪ ▪ ▪ Attorney-Client Priest-Penitent Husband and Wife Physician-Patient Bank Deposits (RA 1405) Trade or Industrial Secret Statement in judicial proceedings 26 Information and Communication System – refers to a system for generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents and includes the computer system or other similar device by which data is recorded, transmitted or stored and any procedure related to the recording, transmission or storage of electronic data, electronic message, or electronic document. (Sec. 3 (f), DPA) Filing System – refers to any set of information relating to natural or juridical persons to the extent that, although the information is not proceed by equipment operating automatically in response to instructions given for the purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular person is readily accessible. 27 “Data Processing Systems” refers to the structure and procedure by which personal data is collected and further processed in an information and communications system or relevant filing system, including the purpose and intended output of the processing (IRR, Rule 1, Sec. 3 (e)). 2. Discuss the Scope of Application 28 29 SEC. 4. Scope. This Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those PIC and PIPs who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines subject to the immediately succeeding paragraph: Provided, That the requirements of Section 5 are complied with. 30 SEC. 6. Extraterritorial Application. – This Act applies to an act done or practice engaged in and outside of the Philippines by an entity if: (a) The act, practice or processing relates to personal information about a Philippine citizen or a resident; (b) The entity has a link with the Philippines, and the entity is processing personal information in the Philippines or even if the processing is outside the Philippines as long as it is about Philippine citizens or residents such as, but not limited to, the following: (1) A contract is entered in the Philippines; (2) A juridical entity unincorporated in the Philippines but has central management and control in the country; and (3) An entity that has a branch, agency, office or subsidiary in the Philippines and the parent or affiliate of the Philippine entity has access to personal information; and (c) The entity has other links in the Philippines such as, but not limited to: (1) The entity carries on business in the Philippines; and (2) The personal information was collected or held by an entity in the Philippines. 3. Describe the Data Privacy Principle 31 32 a. General Data Privacy Principles (DPA, Sec. 11) Transparency •Data Subject is Informed of •Nature, specific and legitimate purpose, extent of data processing risks, safeguards, identity of PI Controller •Rights and how exercised and •Information and communication easy to access and understand Legitimacy • • • • Consent Required Prior to collection and processing Processing compatible with declared purpose Purpose not contrary to law, morals, public policy PI is accurate, relevant, up to date; rectify or restrict processing if inaccurate Proportionality • • • • Processing is Fair and lawful; adequate, relevant, suitable, necessary Not excessive in relation to specified purpose PI processed only if purpose cannot be fulfilled by other means 33 ▪ Privacy Notice ▪ Privacy Policy ▪ Consent 34 ▪ Consent – the data subject agrees to the collection and processing of personal information - Freely given - Specific - Informed indication of will ▪ Evidenced by written, electronic or recorded means: - Signature - Opt-in box/clicking an icon - Sending a confirmation email - Oral confirmation 35 ▪ Collection: for declared, specified, and legitimate purpose ▪ Consent: Prior to collection, time-bound in relation to purpose ▪ Purpose and extent of collection: Is there automated processing for profiling or data sharing? ▪ Processing: fair, lawful, ensure data quality ▪ Personal Data not retained longer than necessary ▪ Authorized further processing: with adequate safeguards ▪ Only personal data that is necessary compatible with declared, specified, and legitimate purpose shall be collected Profiling – using personal data (through automated processing) to evaluate certain personal aspects, i.e., analyze or predicts aspects concerning the individual’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements. 4. Illustrate Processing of Personal Data 36 37 Refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. (Sec. 3 (j), R.A. 10173) 38 1. 2. 3. 4. 5. Creation and Collection Storage and Transmission Usage and Distribution Retention Disposal and Destruction 39 “Data Processing Systems” refers to the structure and procedure by which personal data is collected and further processed in an information and communications system or relevant filing system, including the purpose and intended output of the processing (IRR, Rule 1, Sec. 3 (e)). 40 a. b. c. d. General Principles Sensitive and Privileged Information Subcontracting Privileged Communication 41 a. General Principles The processing of personal data shall be allowed subject to adherence to the principles of transparency, legitimate purpose, and proportionality. (TLP) (Section 18, R.A. 10173) 42 The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists: a. The data subject has given his or her consent; b. The processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract; c. The processing is necessary for compliance with a legal obligation to which the personal information controller is subject; 43 d. The processing is necessary to protect vitally important interests of the data subject, including life and health; e. The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate; or f. The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution. 44 b. Sensitive and Privileged Information The processing of SPI and PI shall be prohibited, except in the following cases: a. The data subject has given his or her consent, specific to the purpose prior to the processing, or in the case of privileged information, all parties to the exchange have given their consent prior to processing; b. The processing of the same is provided for by existing laws and regulations: Provided, That such regulatory enactments guarantee the protection of the sensitive personal information and the privileged information: Provided, further, That the consent of the data subjects are not required by law or regulation permitting the processing of the sensitive personal information or the privileged information; 45 b. Sensitive and Privileged Information c. The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing; d. The processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations: Provided, That such processing is only confined and related to the bona fide members of these organizations or their associations: Provided, further, That the sensitive personal information are not transferred to third parties: Provided, finally, That consent of the data subject was obtained prior to processing; 46 b. Sensitive and Privileged Information e. The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured; or f. The processing concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority. (Section 13, R.A. 10173) 47 ▪ No. Consent is just one criterion for lawful processing of both personal and sensitive personal information. ▪ Consent will not always be the most appropriate basis for processing personal data. ▪ PICs should choose the lawful basis the most closely reflects the true nature of the relationship with the individual and the purpose of the processing. 48 Personal Information (Ex. Name, Address, Phone Number, E-mail address) Sensitive Personal Information (Ex. Heald, Education, Govt. Issued Nos.) Consent of the Data Subject Consent of the Data Subject Necessary to the fulfillment of a contract Public organizations and their associations limited to members with consent Legal Obligations (Reporting Requirements) Laws and regulations, with safeguards Protect vitally important interests of the data subject, including life and health Protect life and health of any person, where data subject physically or legally unable to consent National emergency, to comply with the Protection of lawful rights and interests of requirements of public order and safety, or to fulfill natural or legal persons in court functions of public authority proceedings, legal claims, provided to government authority Legitimate Interest Medical Treatment Purpose 49 Personal Information Sensitive Personal Information Consent Consent Law and Regulations Law and Regulations Protect Life Protect Life Contract Medical Treatment Legal Obligation Court Proceedings, Legal Claims Public Order and Safety Legitimate Interest 50 ▪ ▪ ▪ ▪ ▪ SEC AMLC Insurance Commission BIR Credit Information Commission 51 d. Privileged Communication Rule: - Personal information controllers cannot be compelled to disclose data in their possession, subject to existing laws and regulations. - Any evidence gathered on privileged information is inadmissible as evidence. (Section 15, R.A. 10173) ▪ ▪ ▪ ▪ ▪ ▪ ▪ Attorney-Client Priest-Penitent Husband and Wife Physician-Patient Ban Deposits (RA 1405) Trade or Industrial Secret Statement in judicial proceedings 52 1. The PIC should collect personal information for specified and legitimate purposes determined and declared before, or a soon as reasonably practicable after collection 2. The PIC should collect and process personal information adequately and not excessively 3. The PIC should process personal information fairly and lawfully, and in accordance with the rights of a data subject 4. The PIC should retain personal information only for as long as necessary for the fulfillment of the purposes for which the data was obtained. The information should be kept in a form which permits identification of data subjects for no longer than is necessary. 5. The PIC should process accurate, relevant and up to date personal information. 6. The PIC must implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information. 53 1. The PIC must implement reasonable and appropriate TOP measures intended for the protection of personal information against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing. 2. The PIC shall implement reasonable and appropriate measures to protect personal information against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination. 3. The determination of the appropriate level of security under this section must take into account the nature of the personal information to be protected, the risks represented by the processing. 4. The PIC must further ensure that third parties processing personal information on its behalf shall implement the security measures required. 54 5. The employees, agents or representatives of a PIC who are involved in the processing of personal information shall operate and hold personal information under strict confidentiality if the personal information are not intended for public disclosure. 6. The PIC shall promptly notify the NPC and affected data subjects when sensitive personal information or other information that may, under the circumstances, be used to enable identify fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the NPC believes that such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject. 5. Identify the Security Measures for Protection of Personal Data 62 56 ORGANIZATIONAL Rule VI, S.26 Physical Rule VI, S. 27 Technical Rule VI, S. 28 • Designate compliance officers; designate a Data Protection Officer • Implement Data Protection Polices; supervise employees; contracts with PIPs ensure PIPs implement security measures • Maintain records of processing activities; data retention schedule • Limiting access to room, work station or facility • Office design and lay-out provides privacy to processing staff • Security against natural disaster, power disturbances, external access • Security policy for processing personal data • Safeguards to protect computer network against accidental, unauthorized, unlawful use, ability to restore access to data • Data encryption during storage, authentication process for access Subject to NPC Compliance Checks: Document Submission, On-Site Visit 6. Determine the Rights of the Subject 64 58 The rights of a data subject are as follows: CODE DAIF ✓ Right to Correct/Rectification ✓ Right to Object ✓ Right to Damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information ✓ Right to Erasure or blocking of his or her personal information from the personal information controller’s filing system 59 The rights of a data subject are as follows: CODE DAIF ✓ Right to data portability (Sec. 18, R.A. 10173) ✓ Right to reasonable access to his or her personal information that were processed ✓ Right to be Informed of whether personal information ✓ Right to be furnished the information before the entry of his or her personal information into the processing system of the personal information controller. Section 16, R.A. 10173) 7. Apply Data Breach Notification 67 61 Section 38. Data Breach Notification. a. The Commission and affected data subjects shall be notified by the personal information controller within seventy-two (72) hours upon knowledge of, or when there is reasonable belief by the personal information controller or personal information processor that, a personal data breach requiring notification has occurred. b. Notification of personal data breach shall be required when sensitive personal information or any other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the Commission believes that such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject. 62 Section 39. Contents of Notification. The notification shall at least describe the nature of the breach, the personal data possibly involved, and the measures taken by the entity to address the breach. The notification shall also include measures taken to reduce the harm or negative consequences of the breach, the representatives of the personal information controller, including their contact details, from whom the data subject can obtain additional information about the breach, and any assistance to be provided to the affected data subjects. 63 PIC’s Responsibilities in case of data Breach (IRR, Rule IX, Sec. 41 Document all security incidents and personal data breaches through written reports, including those not covered by the notification requirements. In the case of personal data breaches, include in the report the facts surrounding an incident, the effects of such incident, and the remedial actions taken by the personal information controller. 64 Security Incident Any event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity, and confidentiality of personal data. It includes incidents that may result in a personal data breach, if not for safeguards that have been put in place. 8. Discuss Outsourcing and Subcontracting Agreements 65 66 Subcontracting PIP Data Sharing PIC PIC shall be responsible for ensuring that proper safeguards are in place to ▪ Ensure the confidentiality of the personal information processed; ▪ Prevent its use for unauthorized purposes; and ▪ Generally; comply with the requirements of the DPA and other laws for processing of personal information. PIC 67 Section 43. Subcontract of Personal Data. A personal information controller may subcontract or outsource the processing of personal data: Provided, that the PIC shall use contractual or other reasonable means to ensure that proper safeguards are in place, to ensure the CIA of the personal data processed, prevent its use for unauthorized purposes, and generally, comply with the requirements of the Act, these Rules, other applicable laws for processing of personal data, and other issuances of the Commission. 68 Section 44. Agreements for Outsourcing. Processing by a PIP shall be governed by a contract or other legal act that binds the personal information processor to the personal information controller. a. The contract or legal act shall set out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects, the obligations and rights of the personal information controller, and the geographic location of the processing under the subcontracting agreement. 69 b. The contract or other legal act shall stipulate, in particular, that the personal information processor shall: 1. Process the personal data only upon the documented instructions of the personal information controller, including transfers of personal data to another country or an international organization, unless such transfer is authorized by law; 2. Ensure that an obligation of confidentiality is imposed on persons authorized to process the personal data; 3. Implement appropriate security measures and comply with the Act, these Rules, and other issuances of the Commission; 70 4. Not engage another processor without prior instruction from the personal information controller: Provided, that any such arrangement shall ensure that the same obligations for data protection under the contract or legal act are implemented, taking into account the nature of the processing; 5. Assist the personal information controller, by appropriate technical and organizational measures and to the extent possible, fulfill the obligation to respond to requests by data subjects relative to the exercise of their rights; 6. Assist the personal information controller in ensuring compliance with the Act, these Rules, other relevant laws, and other issuances of the Commission, taking into account the nature of processing and the information available to the personal information processor; 71 7. At the choice of the personal information controller, delete or return all personal data to the personal information controller after the end of the provision of services relating to the processing: Provided, that this includes deleting existing copies unless storage is authorized by the Act or another law; 8. Make available to the personal information controller all information necessary to demonstrate compliance with the obligations laid down in the Act, and allow for and contribute to audits, including inspections, conducted by the personal information controller or another auditor mandated by the latter; 9. Immediately inform the personal information controller if, in its opinion, an instruction infringes the Act, these Rules, or any other issuance of the Commission. 72 Section 45. Duty of personal information processor. The personal information processor shall comply with the requirements of the Act, these Rules, other applicable laws, and other issuances of the Commission, in addition to obligations provided in a contract, or other legal act with a personal information controller. 73 Other relevant principles or directives in the IRR: 1. A PIC is responsible for any personal data under its control or custody, including those outsourced or transferred to a PIP. (IRR S50) 2. Using appropriate contractual agreements, a PIC should ensure that its PIPs also implement the security measures required under the law. In fact, it must only deal with PIPs that provide sufficient guarantees to implement such measures, and ensure the protection of the rights of data subjects. (IRR, S26 (f); also: IRR S50(a). 3. When registering its data processing system, a PIC must ensure that its registration information indicates the recipients or categories of recipients (including personal information processors) of the data involved (IRR. S47(a)(4)), and, where applicable, whether the processing is being carried out pursuant to an outsourcing or sub-contracting agreement (IRR, S47(a)((2)). 4. An outsourcing contract, subcontracting agreement, or any similar document, including its implementation, is subject to the review of the Commission. (IRR S49(c)). 9. Determine Registration and Compliance Requirements 74 75 Rule XI Section 46 IRR page 39 76 When should you comply? IRR Section 67. Period for Compliance. Any natural or juridical person or other body involved in the processing of personal data shall comply with the personal data processing principles and standards of personal data privacy and security already laid out in the Act. Personal information controllers and Personal Information processors shall register with the Commission their data processing systems or automated processing operations, subject to notification, within one (1) year after the effectivity of these Rules. 77 Circular 16-01 – Period for Compliance SECTION 36. Transitory Period. Government agencies shall be given a period of one (1) year transitory period from the effectivity of these Rules to comply with the requirements provided herein. 78 How should you comply? R.A. 10173, Data Privacy Act of 2012  SEC. 20 (a) The personal information controller must implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing.  Sec. 21 (b) The personal information controller shall designate an individual or individuals who are accountable for the organization’s compliance with this Act. 79 Selection Considerations Minimum requirements – knowledge of privacy principles and practices – empowered to be a change agent Options – full-time or part-time (1 or 2) – supported by a team or a committee – full-blown task force or data protection office One size doesn’t fit all – low risk – medium risk – high risk 80 What’s your risk level? 81 What happens if we fail to comply?  Sec. 22. The head of each government agency or instrumentality shall be responsible for complying with the security requirements mentioned herein…  Sec. 34. Extent of Liability. If the offender is a corporation, partnership or any juridical person, the penalty shall be imposed upon the responsible officers, as the case may be, who  participated in, or  by their gross negligence, allowed the commission of the crime. Punishable Act Jail Term Fine (Pesos) Unauthorized processing 1y to 3y ꟷ 3y to 6y 500k to 4m Access due to negligence 1y to 3y ꟷ 3y to 6y 500k to 4m Improper disposal 6m to 2y ꟷ 3y to 6y 100k to 1m Unauthorized purposes 18m to 5y ꟷ 2y to 7y 500k to 2m 82 Intentional breach 1y to 3y 500k to 2m Concealing breach 18m to 5y 500k to 1m Malicious disclosure 18m to 5y 500k to 1m Unauthorized disclosure Combination of acts 1y to 3y ꟷ 3y to 5y 3y to 6y 500k to 2m 1m to 5m Compliance Checklist Designate accountable person (DPO) Conduct privacy impact assessment Rollout privacy & data protection policy Establish a breach management framework Initiate a privacy management program 83 84 1. 2. 3. 4. 5. Appoint your Data Protection Officer Conduct your Privacy Impact Assessment Create your Data Privacy Manual Implement Data Privacy and Security Measures Be ready in case of Data Breach 85 IP LAW LAW CPALE Syllabus 1. Discuss Patents 2. Discuss Trademark, Service Marks, and Trade Names 3. Discuss Copyright 1 Intellectual Property LAW (R.A. 8293) 2 3 ❑ Creations of the mind, such as: ▪ Inventions; ▪ Literary and artistic works ▪ Designs; and ▪ Symbols, names, images and designs used in commerce ❑ Legal rights which result from intellectual activities of an individual or organization in the industrial, scientific, literacy and artistic fields. 4 Article 14, Section 13, 1987 Constitution “The State shall protect and secure the exclusive rights of scientists, investors, artists, and other gifted citizens to their intellectual property and creations, particularly when beneficial to the people, for such period as may be provided by law’. 5 ❑ It is property therefore: a) Exclusive rights to do or prohibit b) May be assigned or licensed to others c) May be infringed ❑ Intangible Asset vs Object 6 Patents Utility Model Industrial Design Layout Design Copyright Trademarks Trade name Geographic Indications Trade Secret 7 ❑ R.A. 8293 – June 6, 1997 ❑ As amended by: a) RA 9502 (Patent Law Amendment) 8 A patent is a grant given by the government to investors/applicants/designers giving the exclusive right to use the invention, utility model and industrial design in the Philippines for a limited term in exchange for the disclosure. 9 ▪ ▪ ▪ ▪ ▪ Grant Territoriality Limited Rights Disclosure Conditional 10 ▪ Any technical solution of a problem in any field of human activity which is new, involves an inventive step and is industrially applicable shall be Patentable. ▪ It may be, or may relate to, a product, or process, or an improvement of any of the foregoing. (Sec. 21, IPC) 11 ▪ ▪ ▪ A product, such as a machine, a device, an article of manufacture, a composition of matter (food, medicine, disinfectant, ect), a microorganism; A process, such as a method of use, a method of manufacturing, a nonbiological process, a microbiological process; computer related inventions; An improvement of the any of the foregoing 12 1. 2. 3. Novelty – an invention shall not be considered new if it forms part of a prior art. (Sec. 23 IPC) Inventive Step – if, having regard to prior art, it is not obvious to a person skilled in the art at the time of the fling date or priority date of the application claiming the invention. (Sec. 26 IPC) Industrial Applicability – An invention that can be produced and used in any industry. This means an invention is not merely theoretical, but also has a practical purpose. 13 a. b. Everything which has been made available to the public anywhere in the world, before the filing date or the priority date of the application claiming the invention; and The whole contents of an earlier published Philippine application or application with earlier priority date of a different inventor. 14 The ultimate goal of a patent system is to bring new designs and technologies into the public through disclosure; hence ideas, once disclosed to the public without protection of a valid patent, are subject to appropriation without significant restrain (Pearl & Dean vs. Shoemart Inc., G.R. No. 148222, August 15, 2003) 15 General Rule: When a work has already been made available to the public, it shall be nonpatentable for absence of novelty. Exception: Doctrine of Non-Prejudicial Disclosure The disclosure of information contained in the application during the twelve (12) months preceding the filing date or the priority date of the application shall not prejudice the applicant on the ground of lack of novelty if such disclosure was made by: 16 1) The inventor; 2) A patent officer and the information was contained a) In another application filed by the inventor and should not have been disclosed by the office, or b) In an application filed, without the knowledge or consent of the inventor, by a third party who obtained the information directly or indirectly from the inventor; or 3) A third party who obtained the information directly or indirectly from the inventor Section 25, IPC 17 1. Methods for treatment of the human or animal body or animal body by surgery or therapy and diagnostic methods practiced on the human or animal body. 2. Aesthetic creations 3. Plant varieties or animal breeds or essentially biological process for the production of plants or animals. This provision shall not apply to microorganisms and non-biological and microbiological processes. 4. Schemes, rules and methods of performing mental acts, playing games or doing business, and programs for computers 5. Anything which is contrary to public order or morality 6. IN the case of drugs and medicines, mere discovery of a new form or new property of a known substance which does not result in the enhancement of the efficacy of that substance or the new use for a known substance, or the mere use of a known process unless such known process results in a new product that employs at least one new reactant. 7. Discoveries, scientific theories and mathematical methods. Registration of Patent 18 19 1. 2. 3. 4. 5. 6. 7. 8. 9. Filing of the application Accordance of the filing date Formality examination Classification and Search Publication of application Substantive examination Grant of Patent Publication upon grant Issuance of certificate 20 The patent application shall be in Filipino or English and shall contain the following: a) A request for the grant of a patent; b) A description of the invention; c) Drawings necessary for the understanding of the invention; d) One or more claims; and e) An abstract. Section 32 Ownership of a Patent 21 22 1. Inventor, his heirs, or assigns (IPC, Sec. 28) 2. Joint invention – Jointly by the inventors (IPC, Sec. 28) 3. Two or more persons invented separately and independently of each other – To the person who filed an application 4. Two or more applications are filed – the applicant who has the earlies filing date or, the earliest priority date. First to file rule (IPC, Sec. 29) 23 1. If two (2) or more persons have made the invention separately and independently of each other, the right to the patent shall belong to the person who filed an application for such invention, or 2. Where two or more applications are filed for the same invention, to the applicant which has the earliest filing date. (IPC, Sec. 29) 24 1. Pursuant to a commission: The person who commissions the work shall own the patent, unless otherwise provided in the contract. 2. Pursuant to employment: In case the employee made the invention in the course of his employment contract, the patent shall belong to: 25 a. b. The employee, if the inventive activity is not a part of his regular duties even if the employee uses the time, facilities and materials of the employers; The employer, if the inventive activity is the result of the performance of his regularly-assigned duties, unless there is an agreement to the contrary (IPC, Sec. 30) 26 Priority Date An application for patent filed by any person who has previously applied for the same invention in another country which by treaty, convention, or law affords similar privileges to Filipino citizens, shall be considered as filed as of the date of filing the foreign application (IPC, Sec. 31) Filing Date is accorded only when all the requirements provided under Section 40 are present. Priority Date comes into play when there is an application for patent for the same invention that was filed in another country. 27 1. 2. 3. The local application expressly claims priority; It is filed within 12 months from the date the earliest foreign application was filed; and A certified copy of the foreign application together with an English translation is filed within 6 months from the date of filing in the Philippines (Sec. 31, IPC) Rights Conferred by Patent 28 29 1. In case of Product – Right to restrain, prohibit and prevent any unauthorized person or entity from making, using, offering for sale, selling or importing the product. 2. In case of Process – Right to restrain prohibit and prevent any unauthorized person or entity from manufacturing, dealing in, using, offering for sale, selling or importing any product obtained directly or indirectly from such process. (IPC, Sec 71) 3. Right to assign the patent, to transfer by succession, and to conclude licensing contracts (IPC, Sec. 71.2) The rights conferred by a patent application take effect after publication in Official gazette. (IPC, Sec. 46) Remedies and Cancellation 30 31 Any interested party may petition to cancel any patent or any claim or parts of a claim any of the following grounds: 1. Invention is not new or patentable; 2. Patent does not disclose the invention in a manner sufficiently clear and complete for it to be carried out by any person skilled in the art; 3. The patent is contrary to public order or morality (IPC, Sec. 61.1) 4. The patent is found invalid in an action for infringement (IPC, Sec. 82) or 5. The patent includes matters outside the scope of the disclosure contained in the application (IPC, Sec. 21, Regulations on Inter Partes Proceeding, Sec. 1 32 Remedies of persons with a right to a patent If a person other than the applicant is declared by final court order or decision as having the right to a patent, he may within 3 months after such decision has become final: 1. Prosecute the application as his own 2. File a new patent application 3. Request the application to be refused; or 4. Seek cancellation of the patent (IPC, Sec. 67.1) Time to file action within one (1) year form the date of publication. 33 If a person, who was deprived of the patent without his consent or through fraud is declared by final court order or decision to be the true and actual inventor, the court shall order his substitution as patentee, or at the option of the true inventor, cancel the patent, and award actual damages in his favor if warranted by the circumstances (IPC, Sec. 68). Limitations of Patent Rights 34 35 The owner of a patent has no right to prevent third parties from making, using, offering for sale, selling or importing a patented product in the following circumstances: a. Using patented product after it has been put on the market in the Philippines by the owner of the product, or with his express consent. a.1 In case of drugs or medicines, the said limitation applies after a drug or medicine has been introduced in the Philippines or anywhere else in the world by the patent owner, or by any party authorized to use the invention. This allows parallel importation for dugs and medicines. a.2 The right to import the drugs and medicines shall be available to any government agency or any private third party (IPC, Sec. 72.1 as amended by R.A No. 9502) 36 b. Where the act is done privately and on a non-commercial scale of for a noncommercial purpose (IPC, Sec. 72.2) c. Exclusively for experimental use of the invention for scientific purposes or educational purposes. (IPC, Sec. 72.3) d. In the case of drugs and medicines, where the act includes testing, using, making or selling the invention including any data related thereto, solely for purposes reasonably related to the development and submission of information an issuance of approvals by government regulatory agencies required under any law of the Philippines or of another country that regulates the manufacture, construction, use or sale of any product. 37 Prior User Person other than the applicant, who in good faith, started using the invention in the Philippines, or undertaken serious preparations to use the same, before the filing date or priority date of the application shall have the right to continue the use thereof, but his right shall only be transferred or assigned further with his enterprise or business. (IPC, Sec. 73). 38 A government agency or third person authorized by the Government may exploit the invention eve without agreement of the patent owner where: a. The public interest, in particular, national security, nutrition, health or the development of other sectors, as determined by the appropriate agency of the government, so requires; b. A judicial or administrative body has determined that the manner of exploitation, by the owner of the patent or his licensee, is anti-competitive; c. In the case of drugs and medicines, there is a national emergency or other circumstances of extreme urgency requiring the use of the invention; d. In the case of drugs and medicines, there is a public non-commercial use of the patent by the patentee, without satisfactory reason; or e. In the case of drugs and medicines, the demand for the patented article in the Philippines is not being met to an adequate extent and on reasonable terms, as determined by the Secretary of Department of Health. 39 As known as the doctrine of first sale, it provides that the patent holder has control of the first sale of his invention. He has the opportunity to receive the full consideration for his invention from his sale. Hence, he exhausts his rights in the future control of his invention. Patent Infringement 40 41 The making, using, offering for sale, selling, or importing a patented product or a product obtained directly or indirectly from a patented process, or the use of a patented process without the authorization of the patentee constitutes patent infringement. (Sec. 76) 42 1. 2. Literal Infringement Doctrine of Equivalents 43 In using literal infringement, resort must be had, in the first instance, to the words of the claim. If accused matter clearly falls within the claim, infringement is made out and that is the end of it. 44 An , dep occur when a device appropriates a prior invention by incorporating its innovative concept ands despite some modification and change, performs substantially the same function in substantially the same way to achieve substantially the same result. (Godines v. CA, G.R. No. 97343, September 13, 1993) 45 Remedies of the Owners of the Patent against Infringers 1. Civil action for Infringement 2. Criminal action for infringement 3. Administrative remedy 4. Destruction of infringing material-upon court order 46 Remedies of the Owners of the Patent against Infringers 1. Civil action for Infringement – the owner may bring a civil action with the appropriate Regional Trial Court to recover from infringer the damages sustained by the former, plus attorney’s fees and other litigation expense, and to secure an injunction for the protection of his rights (IPC, Sec. 76.2). If the damages are inadequate or cannot be reasonably ascertained with reasonable certainty, the court may award by way of damages a sum equivalent to reasonable royalty. (IPC, Sec. 76.3) 47 Remedies of the Owners of the Patent against Infringers 2. Criminal action for infringement – if the infringement is repeated; The criminal action prescribes in three (3) years from the commission of the crime. 3. Administrative remedy – Where the amount of damages claimed is not less than P200,000, the patentee may choose to file an administrative action against the infringer with the Bureau of Legal Affairs (BLA). 4. Destruction of Infringing material – upon court order 48 Defenses in Action for Infringement 1. Invalidity of the patent (Sec. 81, IPC); 2. Any of the grounds for cancellation of patents; a. That what is claimed as the invention is not new or patentable b. That the patent does not disclose the invention in a manner sufficiently clear and complete for it to be carried out by any person skilled in the art; or c. That the patent is contrary to public order or morality (Sec. 61, IPC) 3. Prescription Trademark 49 50 Trademark Any visible sign capable of distinguishing the goods (trademark)or services (service mark) of an enterprise and shall include a stamped or marked container of goods. (Sec. 121.1) 51 1. 2. 3. To indicate the origin or ownership of the article to which they are attached; To guarantee that those articles come up to a certain standard of quality; To advertise the articles, they symbolized. 52 Today, the trademark is not merely a symbol of origin and goodwill; it is often the most effective agent for the actual creation and protection of goodwill. It imprints upon the public mind an anonymous and impersonal guaranty of satisfaction, creating a desire for further satisfaction. In other words, the mark actually sells the goods. The mark has become the “silent salesman,” the conduit through which direct contact between the trademark owner and the consumer is assured. It has invaded popular culture in ways never anticipated that it has become a more convincing selling point than even the quality of the article to which it refers. 53 1. It is visible sign (not sounds or scents) 2. Capable of distinguishing one’s goods and services from another. 54 ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ Words Letters Numerals Figures/Pictures Shapes Colors Logos Three dimensional objects Combinations 55 ▪ ▪ Sounds Smell 56 Any visible sign capable of distinguishing the goods (trademark) or services (service mark) of an enterprise and shall include a stamped or marked container of goods. (Sec. 121.1) visible sign distinctive 57 58 Trademarks are divided into five different categories, which are ranked by distinctiveness. (FAS-DG) 1. Fanciful Trademarks 2. Arbitrary Trademarks 3. Suggestive Trademarks 4. Descriptive Trademarks 5. Generic Trademarks 59 Fanciful Trademarks Fanciful trademarks are made-up words Kodak, Exxon, which are invented to be used as a Polariod trademark name. Arbitrary Trademarks Arbitrary trademarks are words that have a real, common meaning but they are completely unrelated to the product or service Suggestive Trademarks Suggestive trademarks are named after Netflix, Microsoft, a characteristic of the product or service Descriptive Trademarks Descriptive trademarks are a description of the product or service Generic Trademarks Generic trademarks cannot be Band-Aid, Aspirin protected as they are simply a generic description of the productor or service. Apple, Dove, Shell Sharp, British Airways, BestBuy 60 61 A person may NOT: 1. Use a name if the word is generic (Lyceum of the Philippines vs. C.A. G.R. No. 101897, March 5, 1993) 2. Use any name indicating a geographical locations (Ang Si Heng vs. Wellington Department Store, supra) 62 Trademark Trade Name Identifies or distinguishes the goods or services Identifies or distinguishes the business or enterprise. Registration is required. Registration is not required. 63 ▪ Trademarks vs. Service Marks (Globe, Smart, BPO, Auditing Firm) ▪ Collective Marks ▪ Well-known marks 64 Mark or trade-name used by the members of a cooperative, an association or other collective group or organization. 65 ▪ Article 6 which governs the protection of well-known trademarks, is a self-executing provision and does not require legislative enactment to give it effect in the member country. ▪ It may be applied directly by the tribunals and officials of each member country by the mere publication or proclamation of the Convention, after the ratification according to the public law of each state and the order for its execution. ▪ The essential requirement under this Article is that the trademark to be protected must be “well-known” in the country where protection is sought. The power to determine whether a trademark is well-known lies in the “competent authority of the country of registration or use.” This competent authority would be either the registering authority if it has the power to decide this, or the courts of the country in question if the issue comes before a court. 66 ▪ Immoral, deceptive, or scandalous matters or falsely suggest a connection with persons, institutions, beliefs, or national symbols. ▪ Matter which may disparage or falsely suggest a connection with persons, etc. ▪ Contrary to public order or morality 67 ▪ Flags/coat of arms of nations or other insignia of the Philippines or any of its political subdivisions, or of any foreign nation ▪ Names, portraits or signature of living persons (Exception: with consent) ▪ Names, portraits or signature of a deceased President of the Philippines (Exception: with written consent of his/her living widow) 68 ▪ Identical with a registered mark belonging to a different proprietor or a mark with an earlier filing or priority date, in respect of: a) The same goods or services, or b) Closely related goods or services, or c) If it nearly resembles such a mark as to be likely to deceive or cause confusion; Note: First-to-File Rule 69 ▪ Misleading marks (Sec.123.1 g) ▪ Generic terms (signs or of indications that have become customary or usual to designate the goods or services in everyday language or in bona fide and established trade practice (Sec. 123.1 h and i) ▪ Descriptive terms (signs or indications that may serve in trade to designate the kind, quality, quantity, intended ▪ Purpose, value, geographical origin, time or production of the goods or rendering of the services, or other characteristics of the goods or services (Sec. 123.1 j ▪ Color alone; ▪ Shapes dictated by technical factors 70 ▪ Identical with an internationally well-known mark, whether or not it is registered here, used for identical or similar goods or services; ▪ Identical with an internationally well-known mark which is registered in the Philippines with respect to non-similar goods or services. Provided, that the interests of the owner of the registered mark are likely to be damaged by such use; 71 ▪ Identical with an internationally well-known mark, whether or not it is registered here, used for identical or similar goods or services; ▪ Identical with an internationally well-known mark which is registered in the Philippines with respect to non-similar goods or services. Provided, that the interests of the owner of the registered mark are likely to be damaged by such use; 72 ▪ Identical with an internationally well-known mark, whether or not it is registered here, used for identical or similar goods or services; Case: Fredco Manufacturing Corporation v. President and Felloes of Harvard College 73 Sec. 123. A mark cannot be registered if it….. (e) is identical with, or confusingly similar to, or constitutes a translation of a mark which is considered by the competent authority of the Philippines to be well-known internationally and in the Philippines, whether or not it is registered here, as being already the mark of a person other than the applicant for registration and used for identical or similar goods or services. Provided, That in determining whether a mark is well-known, account shall be taken of the knowledge of the relevant sector of the public, rather than of the public at large, including knowledge in the Philippines which has been obtained as a result of the promotion of the mark 74 f) Is identical with, or confusingly similar to, or constitutes a translation of a mark considered well-known in accordance with the preceding paragraph, which is registered in the Philippines with respect to goods or services which are not similar to those with respect to which registration is applied for. Provided That use of the mark in relation to those goods or services would indicate a connection between those goods or services, and the owner of the registered mark. Provided further, That the interests of the owner of the registered mark are likely to be damaged by such use, (Sec. 123) 75 Rule 18, A.M. No. 10-3-10 SC Sec. 2. Well-known mark. – In determining whether a mark is well-known, account shall be taken of the knowledge of the relevant sector of the public, rather than of the public at large, including knowledge in the Philippines which has been obtained as a result of the promotion of the mark. 76 Criteria – any combination a. The duration, extent and geographical area of any use of the mark; b. The market share, in the Philippines and in other countries; c. The degree of the inherent or acquired distinction of the mark; d. The quality-image or reputation acquired by the mark; e. The extent to which the mark has been registered in the world; f. The exclusivity of registration attained by the mark in world. 77 g. The extent to which the mark has been used in the world; h. The exclusivity of use attained by the mark in the world i. The commercial value attributed to the mark in the world; ii. The record of successful protection of the rights in the mark; iii. The outcome of litigations dealing with the issue of whether the mark is a well-known mark; and iv. The outcome of litigations dealing with the issue of whether the mark is a well-known mark; and v. The presence or absence of identical or similar marks validly registered for or used on identical or similar goods or services and owned by persons other than the person claiming that his mark is a well-known mark. 78 There is no question… that “Harvard” is a well-known name and mark not only in the United States but also internationally, including the Philippines. The mark “Harvard” is rated as one of the most famous marks in the world. It has been registered in at least 50 countries. It has been used and promoted extensively in numerous publications worldwide. It has established a considerable goodwill worldwide since the founding of Harvard University more than 350 years ago. 79 123.2 As regards signs or devices mentioned in paragraphs (j), (k), and (l), nothing shall prevent the registration of any such sign or device which has become distinctive in relation to the goods for which registration is requested as a result of the use that have been made of it in commerce in the Philippines. The Office may accept as prima facie evidence that the mark has become distinctive, as used in connection with the applicant’s goods or services in commerce, proof of substantially exclusive and continuous use thereof by the applicant in commerce in the Philippines for five (5) years before the date on which the claim of distinctiveness is made. 80 Under Section 123.2 of the IP Code, specific requirements have to be met in order to conclude that a geographically-descriptive mark has acquired secondary meaning, to wit: a) The secondary meaning must have arisen as a result of substantial commercial use of a mark in the Philippines; b) Such use must result in the distinctiveness of the mark insofar as the goods or the products are concerned; and c) Proof of substantially exclusive and continuous commercial use in the Philippines for (5) years before the date on which the claim of distinctiveness is made. Unless secondary meaning has been established, a geographically-descriptive mark, due to its general public domain classification, is perceptibly disqualified from trademark registration. 81 ▪ Visible Sign ▪ Distinctive (Inherent or Acquired) ▪ Not listed in Sec. 123 on non-registrable marks 82 ▪ The rights in a mark shall be acquired through registration but the right to register a trademark should be based on ownership. ▪ Notwithstanding the provisions of Section 155 hereof, a registered mark shall have no effect against any person who, in good faith, before the filing date or the priority date, was using the mark for the purposes of his business or enterprise. ▪ An exclusive distributor does not acquire any proprietary interest in the principal’s trademark and cannot register it in his own name unless it is has been validly assigned to him. 83 Any word, name, symbol, emblem, device, figure, sign, phrase, or any combination thereof except those enumerated under Section 123, IPC. 84 ▪ Acquired through a valid registration ▪ Prior use is not a requirement but there must be actual use after application ▪ Declaration of Actual Use and proof of use – within three (3) years from filing of the application. – one (1) year from the fifth anniversary of the date of registration of the mark 85 ▪ The rights in a mark shall be acquired through registration with the IPO. (IPC, Sec. 122). The filing date of application is the operative act to acquire trademark rights. ▪ Prior use is no longer a condition precedent for registration of trademark, service mark or trade name. ▪ 159.1. Notwithstanding the provisions of Section 155 hereof, a registered mark shall have no effect against any person who, in good faith, before the filing date or the priority date, was using the mark for the purposes of his business or enterprise. 86 ▪ Shangrila Case ▪ Actual was use was not declared. 87 ▪ 10 year, subject to indefinite renewals of 10 years each. ▪ The registrant is required to file a declaration of actual use and evidence to that effect, or show valid reasons based on the existence of obstacles to such use, within one (1) year from the fifth anniversary of the date of the registration of the mark. Otherwise, the mark shall be removed from the Register by the IPO. (IPC, Secs. 145 and 146) 88 ▪ Right to exclusive use of the mark in connection with the one’s own goods or services resulting in likelihood of confusion. ▪ Right to prevent others from use of an identical mark for the same, similar or related goods or services. (Sec. 147) Territoriality Principle: Trademark registration abroad shall not be valid and binding here in the Philippines. Exception: Well-known marks, bad faith. 89 Unauthorized use of a registered trademark, or of a colorable imitation of the same, for similar or related goods in which such use is likely to cause confusion or mistake, or to deceive. Section 155, IPC. 90 Elements: 1. Ownership of a trademark through registration 2. That the trademark is reproduced, counterfeited, copied, or colourable imitated by another 3. No consent by the trademark owner or assignee 4. Use in connection with the sale, offering for sale or advertising of any such goods, business or services or those related thereto 5. Likelihood of confusion 91 Such a close or ingenious imitation as to be calculated to deceive ordinary purchasers, or such resemblance of the infringing mark to the original as to deceive an ordinary purchaser giving such attention as a purchaser usually gives, and to cause him to purchase the one supposing it to be the other 92 Counterfeiting Imitation Colorable 93 Types of confusion ▪ Confusion of goods – As to the goods themselves ▪ Confusion of business – As to the source or origin of such goods Wherein the goods of the parties are different but the defendant’s product can reasonably be assumed to originate from the plaintiff thereby deceiving the public into believing that there is some connection between the plaintiff and defendant, which in fact, does not exist. 94 Problem: ▪ Dermaline, Inc. filed an application for registration of the trademark “Dermaline.” ▪ Myra Pharmaceuticals, Inc. opposed the application claiming that the trademark sought to be registered so resembles its trademark “DERMALIN” and will likely cause confusion to the purchasing public. ▪ Dermaline argues that its products and for skin health and beauty while those of Myra’s are medicinal goods against skin disorders. Should the application for registration be allowed? 95 Dominancy Test – focuses on the prevalent features of the competing marks. The question is whether the use of the marks is likely to cause confusion or deceive purchasers. Holistic Test or Totality Test – determined on the basis of visual, aural, connotative comparisons and overall impressions engendered by the marks in controversy as they are encountered in the marketplace. 96 Dominancy Test – focuses on the prevalent features of the competing marks. 97 Holistic Test – marks compared on their entirety. 98 99 Idem Sonans Rule – aural effects of the words and letters contained in the marks are also considered in determining the issue of confusion similarity. Examples: ▪ “Dermaline” vs “Dermalin” ▪ “Nanny” vs. “Nan” (Nestle S.A. vs. Dy Jr.) 100 General Appearance 101 Trademark Infringement Tradename Infringement Unfair Competition Legal Basis 155 165 168 Registration a requirement Yes No No Acts Prohibited Unauthorized use/reproduction/co unterfeiting/copying of a trademark or colorable imitation thereof. Unauthorized use/reproduction/co unterfeiting/copying of a tradename Passing of one’s good giving them the general appearance of the goods of another Is fraud an element No No No Electronic Commerce Act CPALE Syllabus 1. Discuss the principles 2. Describe the application 3. Discuss the definition of terms 4. Apply the legal recognition and communication of electronic data messages and electronic documents 5. Discuss the electronic commerce in carriage of goods 6. Explain the electronic transactions in government ❑ Business-to-Business (B2B) ❑ Business-to-Consumer (B2C) ❑ Consumer to Consumer (C2C) ❑ Consumer to Business (C2B) 1. Discuss the Principles Functional Equivalence Technology Neutral Media Neutral Non-Discrimination For evidentiary purposes, an electronic document shall be the functional equivalent of a written document under existing laws. (S7) 4 ECA does not favor any particular type of technology. ECA does not discriminate between paper document and electronic document, hand written signature electronic signature. 2. Discuss the Application Applies to any kind of electronic data message and electronic document used in the context of commercial and non-commercial activities to include domestic and international dealings and transactions, arrangements, agreements, contracts and exchanges and storage of information. 3. Discuss the Definition of Terms 4. Apply the legal recognition and communication of electronic data messages and electronic documents ❑ Electronic Data Message ❑ Electronic Document ❑ Electronic Signature Definition of eDoc Legal Recognition “Refers to information generated, sent, received OR stored by electronic, optical or similar means”. “Information shall not be denied legal effect, validity or enforceability solely on the grounds that it is in form of a data message.” a. Those falling under the Statute of Frauds (Art. 1403(2); b. Negotiable Instrument; c. Donations of personal property with valued in excess of 5,000 pesos (Art. 748); d. Contract of antichresis where the amount of the principal and interest must be in writing (Art. 2134); e. Stipulation to pay interest on loans (Art. 1956); f. Power of attorney to sell and or any interest therein (Art. 1874); Assignment of copyright in whole or in part during the lifetime of the author (Section 180.2. IPC); g. Marriage Settlements (Art. 77, FC); h. Stipulations limiting a common carrier’s liability to less than extraordinary diligence (Art. 1744) Authentication of Electronic Data Messages and Electronic Documents. Section 11. - Until the Supreme Court by appropriate rules shall have so provided, electronic documents, electronic data messages and electronic signatures, shall be authenticated by demonstrating, substantiating and validating a claimed identity of a user, device, or another entity is an information or communication system, among other ways, as follows; Authentication of Electronic Data Messages and Electronic Documents. (a) The electronic signature shall be authenticated by proof than a letter , character, number or other symbol in electronic form representing the persons named in and attached to or logically associated with an electronic data message, electronic document, or that the appropriate methodology or security procedures, when applicable, were employed or adopted by such person, with the intention of authenticating or approving in an electronic data message or electronic document; Authentication of Electronic Data Messages and Electronic Documents. (b) The electronic data message or electronic document shall be authenticated by proof that an appropriate security procedure, when applicable was adopted and employed for the purpose of verifying the originator of an electronic data message and/or electronic document, or detecting error or alteration in the communication, content or storage of an electronic document or electronic data message from a specific point, which, using algorithm or codes, identifying words or numbers, encryptions, answers back or acknowledgement procedures, or similar security devices. DIFFERENT KINDS OF CONTRACT According to Perfection 1. Consensual – contracts which are perfected by the mere meeting of the minds of the parties (Art. 1305) eg. Sale, Lease 2. Real Contracts – are those which require for their perfection both the consent of the parties and the delivery of the object by one party to the other. e.g. creation of real rights over immovable property must be written, deposit and pledge 3. Solemn contracts – are contracts which must appear in writing. 2. Perfection Solemn Forms of Contract COC + F Validity Enforceability Donation of personal property whose value exceeds 5,000 (Art. 748) Unauthorized contracts Donation of real property (Art. 749) Contracts not to be performed w/in 1 year Partnership where immovables are contributed (Art. 1773) A special promise to answer for the debt, default, or miscarriage of another Sale of piece of land or any interest therein through an agent (Art. 1874) Agreement in consideration of marriage Both parties are incapacitated Sale of personal property for 500 pesos or more Antichresis (Art. 2134) Chattel Mortgage (Art. 2140) Lease of real property for more than 1 year A representation as to the credit of a third person Agreements regarding payment of interests in contracts of loans (Art. 2314) Void Convenience Acts and contracts which have for their object the creation, transmission, modification or extinguishment of real rights over immovable property; The cession, repudiation or renunciation of hereditary rights or of those of the conjugal partnership of gains; The power to administer property, or any other power which has for its object an act appearing or which should appear in a public document, or should prejudice a third person; The cession of actions or rights proceeding from an act appearing in a public document. All other contracts where the amount involved > 500 must appear in writing, even a private one. But sales of goods, chattels or things in action are governed by articles 1403, No. 2 &1405. (Art. 1358) Sale of real property (Art. 1358) Unenforceable Valid 44 Definition of eSignature Legal Recognition “Any distinctive mark, Limited Recognition characteristic and/or sound in electronic form, representing the identity of a person and attached to or logically associated with the electronic data message or any methodology or procedures employed or adopted by a person and executed or adopted by such person with the intention of authenticating or approving an electronic document.” An eSignature on the ED is equivalent to the signature of a person on a written document if that signature is proved by showing that a prescribed procedure, not alterable by the parties interested in the electronic document, existed under which – (a) A method is used to identify the party sought to be bound and to indicate said party's access to the electronic document necessary for his consent or approval through the electronic signature; (b) Said method is reliable and appropriate for the purpose for which the electronic document was generated or communicated, in the light of all circumstances, including any relevant agreement; (c) It is necessary for the party sought to be bound, in or order to proceed further with the transaction, to have executed or provided the electronic signature; and (d) The other party is authorized and enabled to verify the electronic signature and to make the decision to proceed with the transaction authenticated by the same. Salient Features Summary and Public Key Infrastructure ❑Mandates all gov’t. agencies to use and accept electronic transactions within 2 years from the effectivity of the Act; and ❑Penalizes hacking or cracking (minimum fine of P100,000.00 and a maximum commensurate to the damage incurred and mandatory imprisonment of six months to three years). E-commerce is a MATTER of TRUST. How to build trust in ECA? Third Party – Vouching for Integrity/Authenticity Direct Trust Certificate Authority Direct Trust YES if the following security controls are present: ▪ Authentication ▪ Access Control ▪ Confidentiality ▪ Integrity ▪ Non-repudiation 1. Identity or authenticity of the person (one will not know the real identity or person whom one is transacting with in the internet 2. Data integrity (data may become corrupted or be unauthorized or duplicated or lost when it is held 3. Denial of Service “….. a system for establishing the identity of people who hold cryptographic keys.” “A system that establishes and maintains trustworthy e-business environments through the generation and distribution of keys and certificates.” ▪ Digital signature is a secure form of electronic signature ▪ An electronic signature is not necessarily a digital signature ▪ It is foreseeable that persons relaying on a digital signature will also rely on a valid certificate containing the public key by which the digital signature can be verified. a) Public/Private Key pair b) Certificate authority c) Digital certificate ▪ It is used in encrypting and decrypting a message ▪ It is a numerical value used by an algorithm to alter information or vice versa. 3. Discuss the definition of terms ❑Process of conducting business over the Internet by electronic document/data message rather than paper-based methods. ❑Refers to information generated, sent, received or stored by electronic, optical or similar means. ❑Refers to information or the representation of information, data, figures, symbols or other modes of written expression, described or however represented, by which a right is established or an obligation extinguished, or by which a fact may be prove and affirmed, which is receive, recorded, transmitted, stored, processed, retrieved or produced electronically. (PERTS) ❑Refers to any distinctive mark, characteristic and/or sound in electronic form, representing the identity of a person and attached to or logically associated with the electronic data message or electronic document or any methodology or procedures employed or adopted by a person and executed or adopted by such person with the intention of authenticating or approving an electronic data message or electronic document. 5. Discuss the Electronic Commerce in Carriage of Goods A B/L is a legal document issued by a carrier to a shipper that details the type, quantity, and destination of the goods being carried. A bill of lading also serves as a shipment receipt when the carrier delivers the goods at a predetermined destination. Functions of B/L 1. Receipt for goods 2. Contract of Carriage 3. Doc of Title to Goods Parties 1. Carrier 2. Shipper 3. Consignee 4. Master (Captain) 5. Shipping Agent a) i. furnishing the marks, number, quantity or weight of goods; ii. stating or declaring the nature or value of goods; iii. Issuing a receipt of goods; iv. confirming that goods have been loaded. b) i. notifying a person of terms and conditions of contract; ii. Giving instructions to a carrier c) i. claiming delivery of goods; ii. authorizing release of goods; iii. Giving notice of loss of, or damage to goods; d) giving any other notice or statement in connection with the performance of the contract; e) undertaking to deliver goods to a named person or a person authorized to claim delivery f) granting, acquiring, renouncing, surrendering, transferring or negotiating rights in goods; and g) Acquiring or transferring rights and obligations under the contract Transport Document means a document which provide pieces of evidence as to a contract of carriage and the taking over or loading of goods, by a carrier, made out in the form of a bill of lading or consignment note or any other document used in trade. A transport document is a kind of document used to convey information about cargo that is being transported. Kinds of transport documents include: Air Waybill, a transport document used for air freight. Bill of Lading, a transport document for sea freight. Can electronic messages and/or electronic documents be used in lieu of a paper document? Yes. Under Sec. 26 Par. 1 of RA 8792. (1)Where the law requires that any action referred to contract of carriage of goods be carried out in writing or by using a paper document, that requirement is met if the action is carried out by using one or more data messages or electronic documents. (2) Paragraph (1) applies whether the requirement there in is in the form of an obligation or whether the law simply provides consequences for failing either to carry out the action in writing or to use a paper document. In section 26 of ECA in carriage of goods, what would be the basis in order to effect the requirement required by law if the right is to be granted or an obligation is to be acquired by one person and no other person? (3) If a right is to be granted to, or an obligation is to be acquired by, one person and no person, and if the law requires that, in order to effect this, the right or obligation must be conveyed to that person by the transfer, or use of, a paper document, that requirement is met if the right or obligation is conveyed by using one or more electronic data messages or electronic documents unique; What is the required standard of reliability in Sec. 26 Par. 3 of ECA in carriage of goods? (4) For the purposes of paragraph (3), the standard of reliability required shall be assessed in the light of the purpose for which the right or obligation was conveyed and in the light of all the circumstances, including any relevant agreement. What will happen if the electronic transaction turns to paper documentation? Section 26 Paragraph 5 of RA 8792. (5) Where one or more data messages are used to effect any action in subparagraphs (f) and (g) of Section 25, no paper document used to effect any such action is valid unless the use of electronic data message or electronic document has been terminated and replaced by the used of paper documents. A paper document issued in these circumstances shall contain a statement of such termination. The replacement of the electronic data messages or electronic documents by paper documents shall not affect the rights or obligation of the parties involved. What will happen if a rule of law is compulsorily applicable to a contract of carriage of goods which is in, or is evidenced by, a paper document? Section 26 Paragraph 6 of RA 8792. (6) If a rule of laws is compulsorily applicable to a contract of carriage of goods which is in, or is evidenced by, a paper document, that rule shall not be inapplicable to such a contract of carriage of goods which is evidenced by one or more electronic data messages or electronic documents by reason of the fact that the contract is evidenced by such electronic data messages or electronic documents instead of by a paper document. 6. Explain the electronic transactions in government ❑ Business-to-Business (B2B) ❑ Business-to-Consumer (B2C) ❑ Consumer to Consumer (C2C) ❑ Consumer to Business (C2B) ❑ Government to its Citizens’ (G2C) Can the government require or accept the creation, filing and retention of such documents in the form of electronic data messages or electronic document from its citizens? Yes, under paragraph a Section 27. Example: 1. Publication of job opportunity on the CSC website. Here, the applicant submits electronic documentary requirements and electronic damages. 2. Philgeps Sec. 27, Par. 1, RA 8792 “…all departments, bureaus, offices and agencies of the government, as well as all government-owned and -controlled corporations,… shall – (a) accept the creation, filing or retention of such documents in the form of electronic data messages or electronic documents; Can an EDM and ED in government transactions such as the issuance of permits, licenses or its approval? Yes under Section 27 Paragraph b of RA 8792. Sec. 27, Par. 1, RA 8792 “…all departments, bureaus, offices and agencies of the government, as well as all government-owned and -controlled corporations,… shall – (b) issue permits, licenses, or approval in the form of electronic data messages or electronic documents; Can the government require and/or accept payments, and issue receipts acknowledging such payments using EDM and ED? Yes under Section 27 Paragraph c of RA 8792. ▪ ▪ ▪ ▪ ▪ ▪ Bank over the counter Bayad center ECPay Online Bank 7Eleven Gcash Sec. 27, Par. 1, RA 8792 “…all departments, bureaus, offices and agencies of the government, as well as all government-owned and -controlled corporations,… shall – (c) require and/or accept payments, and issue receipts acknowledging such payments, through systems using electronic data messages or electronic documents; Are the government agencies required to transact or perform their function using EDM and ED? Yes under Section 27 Paragraph d of RA 8792. Sec. 27, Par. 1, RA 8792 “…all departments, bureaus, offices and agencies of the government, as well as all government-owned and -controlled corporations,… shall – (d) transact the government business and/or perform governmental functions using electronic data messages or electronic documents,…” What are the appropriate rules, regulations, or guidelines in the use of EDM, ED and ES? a. b. The manner and format in which such EDM, or ED shall be filed, created, retained or issued. Where and when such EDM or ED have to be signed, the use of an ES, the type of ES required. What are the appropriate rules, regulations, or guidelines in the use of EDM, ED and ES? c. The format of an EDM or ED and the manner the ES shall be affixed to the EDM or ED. d. The control processes and procedures as appropriate to ensure adequate Integrity, Security and Confidentiality of EDM or ED or records of payment. What are the appropriate rules, regulations, or guidelines in the use of EDM, ED and ES? d. Other attributes required to EDM or ED or payments; and e. The full or limited use of the documents and papers for compliance with the government requirements. Can an electronic signature be used in government documentary transactions? Section 27 Paragraph d (2 & 3) of RA 8792. Thank You !

RFTB DPA

Related documents

Products

Support

RFTB DPA

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib