Published 21 October 2022, The Daily Tribune
All information obtained from the registration shall be absolutely confidential and shall be kept in the SIM Register, a database to be maintained by the PTEs. The SIM register shall be used only for the processing, activating, or deactivating of SIMs or subscriptions. A fine of not less than P500,000 but not more than P4 million shall be imposed upon PTEs, its agents, or employees who shall directly or indirectly disclose the end-users’ information.
Notwithstanding the foregoing, disclosure under the following exceptional instances is allowed: (i) in compliance with any law requiring disclosure; (ii) in compliance with a court order or legal process; or (iii) upon written consent of the end-user.
Disclosure shall also be allowed to comply with a subpoena issued by a competent authority in case of investigation based on a sworn complaint that a specific mobile number was or is being used in the commission of a crime or a malicious, fraudulent, or unlawful act, and the complainant is unable to ascertain the identity of the perpetrator. Disclosure in the foregoing cases shall not subject the PTEs to administrative, civil, or criminal liability.
PTEs shall comply with internationally accepted cybersecurity standards
Since PTEs are required to retain all relevant information for a period of 10 years, PTEs must ensure the security and protection of the end-users’ data. In case of disclosure of information due to the negligence of a PTE, its agents, or employees, a fine of not less than P500,000 but not more than P4 million shall be imposed. PTEs shall also comply with the minimum information security standards to be prescribed by the DICT, consistent with internationally accepted cybersecurity standards. In case of a cyber-attack on the SIM Register, the PTE shall report the incident to the DICT within 24 hours of detection.
Measures against criminal, unlawful activities
The heart of the law is the prevention and suppression of crimes and unlawful activities conducted using telecommunication and other electronic devices. To achieve this objective, the law empowers end-users to report to the PTEs any receipt of potentially fraudulent text or call. Upon due investigation, a PTE may deactivate the SIM used.
The law also penalizes the “spoofing” of a registered SIM with imprisonment of not less than 6 years or a fine of P200,000, or both. “Spoofing” shall refer to any act of transmitting misleading or inaccurate information about the source of a phone call or text message, with intent to defraud, cause harm, or wrongfully obtain anything of value.
The sale of a stolen SIM shall likewise be penalized with an imprisonment of 6 months to 2 years or a fine of P100,000 to P300,000, or both. If the offender is a juridical person, the penalty shall be imposed upon the responsible officers who participated or, by their gross negligence, allowed the commission of the crime.
Moreover, any person who abets or aids in the commission of any offenses under the Act shall be held liable as co-principal.
With an estimated 120 million Filipino mobile subscribers, the SIM Registration Act is a step toward safeguarding consumers from fraud, curbing the proliferation of criminal syndicates, and securing digital transactions. Nevertheless, the implementation of the Act should be balanced with the constitutionally-guaranteed right to privacy.