QuestionsQuestions (Republic Act No. 11199)
They are promulgated pursuant to the authority of the DOJ, DILG, and DOST under R.A. 10175 (Cybercrime Prevention Act of 2012) to implement the Act’s provisions, particularly on enforcement, procedure, and obligations of relevant agencies and service providers.
“Central Authority” refers to the DOJ—Office of Cybercrime (OOC). It serves as the competent authority in matters of international mutual assistance and related cooperation.
Traffic data/non-content data includes computer data other than communication content, such as origin, destination, route, time/date, size, duration, or type of service. Content data refers to the communication’s meaning, purport, or message conveyed—excluding traffic information.
Six (6) months from the date of the transaction.
Six (6) months from the date of receipt of the order from law enforcement authorities requiring its preservation.
Yes. A one-time extension for another six (6) months may be ordered. However, if the data is used as evidence, furnishing the service provider a copy of the transmittal document to the Office of the Prosecutor is deemed notification to preserve until final termination and/or as ordered by the court.
The applicant must show: (1) reasonable grounds to believe the crime has been committed/is being committed/is about to be committed; (2) the evidence to be obtained is essential for conviction, solution, or prevention; and (3) there are no other means readily available for obtaining the evidence.
The law enforcement authorities must issue an order requiring disclosure/submission within seventy-two (72) hours from receipt of the order, covering subscriber information, traffic data, or relevant data in the person/service provider’s possession or control, necessary and relevant for investigation of a validly docketed complaint.
Within forty-eight (48) hours after the expiration period fixed in the warrant, law enforcement must deposit all computer data (content and traffic) with the court in a sealed package, with an affidavit stating relevant details (dates/times covered, executing authority, access, etc.). The package generally cannot be opened or used as evidence except upon a court order.
Evidence obtained without a valid warrant or beyond authority is inadmissible in any proceeding before any court or tribunal.
NBI and PNP. The NBI must create a cybercrime division headed by at least a Head Agent; the PNP must create an anti-cybercrime unit headed by at least a Police Director. The DOJ Office of Cybercrime coordinates their efforts.
They must submit timely and regular reports including pre-operation, post-operation, and investigation results, and other required documents, to the DOJ Office of Cybercrime for review and monitoring.
For the enumerated punishable acts against critical infrastructure, the Rules provide a higher penalty (e.g., reclusion temporal instead of prision mayor and/or increased fines, depending on the specific offense category).
If a natural person with leading position within the juridical person knowingly commits the punishable act for the organization’s benefit, the juridical person is liable for a fine (with minimums at least double the fines imposable in Section 7 and with maximums depending on the scenario). This is without prejudice to criminal liability of the natural person.
File in the RTC of the province/city where the cybercrime or any of its elements is committed, or where any part of the computer system used is situated, or where the damage occurred to a natural or juridical person. The court where the action is first filed acquires jurisdiction to the exclusion of other courts.
RTC has jurisdiction over any violation, including those committed by a Filipino national regardless of place of commission, if any element was committed within the Philippines, or committed with use of a computer system wholly or partly situated in the country, or when damage is caused to a person in the Philippines.
They must: install available technology (e.g., blocking/filtering using hash-value or similar systems); notify law enforcement within seven (7) days of facts/circumstances relating to child pornography passing through/being committed on their systems; and upon request, furnish user access attempt particulars and preserve customer data records (time, origin, destination of access) for investigation/prosecution.