Philippine Government Issues Implementing Rules under Cybercrime Law – Part I In August 2015, the Departments of Justice, Interior and Local Government, and Science and Technology of the Philippines jointly issued the administrative rules and regulations ("Implementing Rules") implementing the Cybercrime Prevention Act of 2012 ("Cybercrime Law"). The government completed the Implementing Rules nearly three years after the Cybercrime Law was passed by the Philippine Congress. The following is Part I of a two-part summary of the Implementing Rules. Creation of New Offices The Implementing Rules create the Office of Cybercrime ("OCC") under the Department of Justice. The OCC serves as the central authority for all matters relating to international mutual assistance and extradition in cybercrime. The OCC is also responsible for coordinating the efforts of the other law enforcement agencies designated powers under the Cybercrime Law Such authorities include the following: the Cybercrime Investigation and Coordinating Center, which is responsible for coordinating cybercrime policy, and the Computer Emergency Response Team, which is responsible for issues relating to cybersecurity. These offices are functional as of 2015. Duties of Service Providers The Implementing Rules delineate the duties under the Cybercrime Law of a “service provider”. Under the Cybercrime Law, (1) any entity that provides to users of its service the ability to communicate by means of a computer system; and (2) any other entity that processes or stores computer data on behalf of such communication service or users of such service are considered to be "service providers." Foremost among a service provider’s obligations is the preservation of the integrity of particular types of computer data for specified periods, as follows: Item to be Preserved Minimum Period Trigger / Requirement Prior to Preservation Integrity of traffic data and subscriber information 6 months from the date of the transaction No prior requirement Integrity of content data 6 months from the date of receipt of the order Administrative order issued by a competent authority requiring its preservation Integrity of computer data, in general 6 months from the date of receipt of the order, unless extended for another six months by an extension order, or unless a judicial action is instituted Administrative or judicial order, as the case may be The Implementing Rules also impose the following requirements on service providers: Ensure the confidentiality of preservation orders issued; Collect or record by technical or electronic means, and/or cooperate and assist competent authorities in the collection or recording of computer data, upon the issuance of a court warrant; Disclose or submit subscriber's information, traffic data or relevant data in its possession or control to competent authorities within 72 hours after the receipt of an order; Report to the OCC their compliance with the enforcement orders and reporting requirements under the Cybercrime Law; Immediately and completely destroy computer data subject to a preservation and examination when the required period expires; and Perform such other duties as may be necessary and proper to execute the Cybercrime Law. We will outline additional features of the Implementing Rules in Part II of this series of articles. For more information, please contact Bienvenido Marquez, Divina Ilas-Panganiban or Matthew Tristan Delgado.