Data Privacy Act of 2012: A Case Study Approach to Philippine Government Agencies Compliance

The Philippine Data Privacy Act (DPA) of 2012 was enacted to protect the personal information of its citizens from being disclosed without its consent. The National Privacy Commission (NPC) was established in 2015 to promote, regulate, and monitor data privacy compliance of both Government and Private Institutions. This study sought to explore and explain how and why do the Philippine Government agencies comply with the DPA 2012. Additionally, it also tried to determine and understand the determinants of compliance as perceived by the government agencies. The Commission on Higher Education (CHED) and the Commission on Elections (COMELEC) were the focus of the interviews conducted by the researchers. The NPC was also included in the study to determine the status of the government's compliance with the law. The study was a form of a qualitative case study following the context of (R. K. Yin, Case Study Research (2014)) study of research designs and methods. The case study is the recommended approach as the main question starts with how and why. As a result of the study, it was found out that there are three factors that somehow influence government agencies from hampering their compliance to the DPA 2012. These are (1) lack of awareness, (2) budget, and (3) time constraints. With regards to the determinants of compliance, (1) deterrence, and (2) legitimacy were the concluded causal factors on why they will comply with the DPA 2012. For future works, it is recommended that a follow-up study be conducted after the compliance deadline.