In August 2015, the Departments of Justice, Interior and Local Government, and Science and Technology of the Philippines jointly issued the administrative rules and regulations ("Implementing Rules") implementing the Cybercrime Prevention Act of 2012 ("Cybercrime Law"). The government completed the Implementing Rules nearly three years after the Cybercrime Law was passed by the Philippine Congress. The following is Part I of a two-part summary of the Implementing Rules.
Creation of New Offices
The Implementing Rules create the Office of Cybercrime ("OCC") under the Department of Justice. The OCC serves as the central authority for all matters relating to international mutual assistance and extradition in cybercrime. The OCC is also responsible for coordinating the efforts of the other law enforcement agencies designated powers under the Cybercrime Law. Such authorities include the following:
- The Cybercrime Investigation and Coordinating Center, which is responsible for coordinating cybercrime policy, and
- The Computer Emergency Response Team, which is responsible for issues relating to cybersecurity.
Duties of Service Providers
The Implementing Rules delineate the duties under the Cybercrime Law of a “service provider”. Under the Cybercrime Law, (1) any entity that provides to users of its service the ability to communicate by means of a computer system; and (2) any other entity that processes or stores computer data on behalf of such communication service or users of such service are considered to be "service providers."
Foremost among a service provider’s obligations is the preservation of the integrity of particular types of computer data for specified periods, as follows:
ITEMS TO BE PRESERVED
TRIGGER / REQUIREMENT PRIOR TO PRESERVATION
Integrity of traffic data and subscriber information
6 months from the date of the transaction
No prior requirement
Integrity of content data
6 months from the date of receipt of the order
Administrative order issued by a competent authority requiring its preservation
Integrity of computer data , in general
6 months from the date of receipt of the order, unless extended for another six months by an extension order, or unless a judicial action is instituted
Administrative or judicial order, as the case may be
- Ensure the confidentiality of preservation orders issued;
- Collect or record by technical or electronic means, and/or cooperate and assist competent authorities in the collection or recording of computer data, upon the issuance of a court warrant;
- Disclose or submit subscriber's information, traffic data or relevant data in its possession or control to competent authorities within 72 hours after the receipt of an order;
- Report to the OCC their compliance with the enforcement orders and reporting requirements under the Cybercrime Law;
- Immediately and completely destroy computer data subject to a preservation and examination when the required period expires; and
- Perform such other duties as may be necessary and proper to execute the Cybercrime Law.
We will outline additional features of the Implementing Rules in Part II of this series of articles.