Australian Privacy Laws and Outsourcing to The Philippines

Australian companies have been one of the top investors in Philippine business process outsourcing for years. According to Magellan Solutions, businesses feel the need to lower their overhead expenses due to rising costs, market saturation and competition – and outsourcing to the Philippines helps them maximise resources and expand profit margins, enabling companies to sustain themselves and the customers who do business with them. A study by the Philippine Institute for Development Studies (PIDS) also revealed that most Australian firms favor the Philippines as an offshoring destination. With Australia’s long history of outsourcing, privacy laws such as the Privacy Act 1988 (Privacy Act) exist to protect the handling of the personal information and affected data subjects about individuals. This includes the collection, use, storage and disclosure of the personal information in the federal public sector and in the private sector.

“There are over 300 Australian companies in the Philippines employing more than 44,000 Filipinos in business process outsourcing, infrastructure, financial services, ICT and energy sectors,” H.E. Ma. Hellen De La Vega, Philippine Ambassador to Australia. The business processing outsourcing industry in the Philippines already has several key advantages as the top outsourcing destination: low cost of labor, an English-proficient and highly skilled workforce, as well as cutting-edge technology and infrastructure. These are highly valued attributes to the world’s largest process outsourcing companies in places like the US, Australia and the UK that rely on outsourcing. The Philippines is one of the fastest-growing nations in the outsourcing industry, with a staggering 30% growth within the last decade alone. In fact, business process outsourcing accounts for one of the biggest boosts to the Philippines’ economy and currently employs more than 2 million people in several sectors, boasting a net worth of $24 billion.

Australian privacy laws

Australian Privacy Act (1998)

According to the Office of the Australian Information Commissioner, the Privacy Act 1988 (Privacy Act) was introduced to promote and protect the national privacy of individuals and to regulate how Australian Government agencies and organisations handle sensitive personal information with an annual turnover of more than $3 million. The Privacy Act includes 13 Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian Government agencies. These 13 APPs are collectively referred to as ‘APP entities’. The Privacy Act also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.

DLA Piper adds that most States and Territories in Australia (except Western Australia and South Australia) have their own data protection legislation applicable to relevant State or Territory government agencies, and private businesses that interact with State and Territory government agencies. Additionally, there are other parts of State, Territory and federal legislation that relate to data protection like the Telecommunications Act 1997 (Cth), the Criminal Code Act 1995 (Cth), the National Health Act 1953 (Cth), the Health Records and Information Privacy Act 2002 (NSW), the Health Records Act 2001 (Vic) and the Workplace Surveillance Act 2005 (NSW), which all impact privacy and data protection for specific types of data or activities.

Philippines data privacy law

Data Privacy Act of 2012

According to EECI, in 2012, the Philippines passed Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA), modeled after the Data Protection Directive (95/46/EC) “to protect the fundamental human right to privacy of communication while ensuring free flow of information to promote innovation and growth [and] the [State’s] inherent obligation to ensure that the personal information in information and communications systems in government and in the private sector are secured and protected”. The DPA was passed in accordance with the Philippines agreements under ASEAN Vision 2020 and as a response to the rising BPO industry, with many of its terminologies and provisions similar to privacy laws in other jurisdictions.

Compliance when outsourcing to the Philippines

The Philippine government has passed essential data privacy acts and laws that protect, support and strengthen the BPO industry like the Data Privacy Act of 2012 (RA 10173), which seeks to protect all forms of data given, be it sensitive, personal, or private and includes those who, while not found or established in the Philippines, use equipment or maintain an office, branch, or agency in the country, and Republic Act 10844: Department of Information and Communications Technology Act of 2015, which ensures that all businesses in the information and communication fields follow trade and safety laws as it intends to expand the sector while assisting in maintaining the quality of its services, therefore making BPO activities in the Philippines more convenient. The Republic Act No. 7916 back in 1995, also known as the Special Economic Zone Act, also makes the Philippines an attractive destination for outsourcing as it appeals to foreign investors with the various tax breaks and other crucial incentives within these special economic zones designated for BPO.

Directive 95/46/EC of the European Union and the Asia Pacific Economic Cooperation (‘APEC’) Information Privacy Framework had significant influence over the Philippines’ first ever consolidated data privacy legislation. According to Mondaq, the introduction of the Data Privacy Act of 2012 follows a series of developments in the expansion of the data privacy laws in the Asia Pacific region and adds to an increasingly complex data privacy environment, particularly for organisations using business process outsourcing services based in the region.
Sensitive personal information – which include political affiliations, race, ethnic origin, marital status, age, sexual life, health information (and genetic information), criminal record, social security numbers and tax returns – are considered a class of personal information which (due to its particular sensitivity) is subject to more stringent requirements for data processing. The Act also introduces this concept in accordance with its EU-influenced heritage and similar to the Australian privacy regime.

Australian Privacy Laws and Outsourcing to The Philippines

Frequently asked questions

Does the Australian Privacy Act apply to foreign companies?

According to Linklaters, the Privacy Act applies to the data protection and handling by federal government agencies and private sector organisations within Australia. The Privacy Act also applies to the overseas activities of Australian organisations, and the activities of foreign organisations that have an “Australian link”. There are two ways to determine if an organisation is considered to have a link with Australia: the first is that there is an organisational link, such as the organisation is a company incorporated in Australia, or a trust created in Australia; or the organisation carries on business in Australia or an external territory, and collects or holds personal data in Australia or an external territory. If an organisation’s overseas activity is required by the law of a foreign country, then that activity is not taken to amount to an interference with the Australian privacy of data subjects under the Privacy Act.

What is RA 10173 in the Philippines?

The Data Privacy Act of 2012 (Republic Act No. 10173)  (‘the Act’) was the first comprehensive law covering the data privacy in the Philippines. It was implemented on September 8, 2012. The National Privacy Commission (‘NPC’), which was established in early 2016, later issued  the Implementing Rules and Regulations of Republic Act No. 10173  (‘IRR’), which was mandated on September 9, 2016. The IRR provides, in greater detail, the requirements that individuals and entities must be complying with the processing of personal information, as well as the sanctions for violations of the Act.

The Act functions as the primary legislation for the purposes of data protection in the Philippines and indicates that it is the policy of the State to protect the fundamental human right of privacy of communication while in compliance with ensuring free flow of collected and processed personal information with an end in view to promote innovation and growth, recognising the vital role of information and communications technology in nation-building and the inherent legal obligations of the State to ensure that personal information and communications systems in the government and in the private sector is secured and protected.

If you’re a business owner who’s about to embark on outsourcing and is currently looking for the ideal partner to push your business to even greater heights, you don’t have to sweat looking for the best service providers or the right partner to provide you cost-efficient service when you can turn to a safe, secure, and reliable outsourcing provider like The Outsourcer who can deliver you everything that you’ve been looking for (and more) with their cutting-edge team of Filipino virtual assistants.

The Outsourcer has only the best talent for whatever job you need to be done, and will work on continuous training and coaching them to give you better results. Save on recruitment and training expenses, while maintaining successful operations free of doubt as your business grows by scheduling a free consultation with us today.