Search for:
Author

Bienvenido A. Marquez III

Browsing

Bienvenido Marquez III is a partner in Quisumbing Torres' Intellectual Property, Data and Technology Practice Group. He also co-heads the Consumer Goods & Retail Industry Group and is a member of the Technology, Media & Telecommunications Group. He participates in initiatives of Baker & McKenzie International of which Quisumbing Torres is a member firm. He is a member of Baker McKenzie's Asia Pacific Intellectual Property Business Unit for Brand Enforcement. He is immediate Past President of the Philippine Chapter of the Licensing Executives Society International (2019-2021), and is currently co-chair of the LESI Asia Pacific. He is also a member of the Anti-Counterfeiting Committee of the International Trademarks Association (INTA). He has been appointed as member of the INTA Asia Global Advisory Council (GAC) for 2022 to 2023, making him the only Philippine representative on the council.

Bien has vast experience in handling IP enforcement litigation, trademark and patent prosecution and maintenance, copyright, data privacy, information security, IT, telecommunications, e-commerce, electronic transactions, cyber security and cybercrime. He has been consistently ranked as a leading individual for Intellectual Property and TMT in Legal 500 Asia Pacific, Chambers Asia Pacific, asialaw Leading Lawyers, Managing IP Stars, Asia IP, and World Trademark Review. He was also recognized as a Volunteer Service Awardee by INTA in 2018.

Various agencies led by the Department of Trade and Industry (DTI) have signed Joint Administrative Order No. 24-03, Series of 2024 containing the Implementing Rules and Regulations (IRR) of Republic Act No. 11967, or The Internet Transactions Act of 2023 (ITA).
The ITA is intended to regulate e-commerce, protect consumer rights and data privacy, and uphold intellectual property rights.
The IRR clarifies the scope and coverage of the ITA, the enforcement powers of the DTI vis-à-vis other agencies, and the applicable procedure for imposition of fines.

Various agencies led by the Department of Trade and Industry (DTI) have signed Joint Administrative Order No. 24-03, Series of 2024 containing the Implementing Rules and Regulations (IRR) of Republic Act No. 11967, or The Internet Transactions Act of 2023 (ITA).
The ITA is intended to regulate e-commerce, protect consumer rights and data privacy, and uphold intellectual property rights.
The IRR clarifies the scope and coverage of the ITA, the enforcement powers of the DTI vis-à-vis other agencies, and the applicable procedure for imposition of fines.

Various agencies led by the Department of Trade and Industry (DTI) have signed Joint Administrative Order No. 24-03, Series of 2024 containing the Implementing Rules and Regulations (IRR) of Republic Act No. 11967, or The Internet Transactions Act of 2023 (ITA).
To recall, the ITA is intended to regulate e-commerce, protect consumer rights and data privacy, and uphold intellectual property rights.
The IRR clarifies the scope and coverage of the ITA, the enforcement powers of the DTI vis-à-vis other agencies, and the applicable procedure for imposition of fines.

The National Privacy Commission (NPC) recently issued NPC Advisory No. 2024-02, which lays down guidelines on the processing of sensitive personal information for the protection of lawful rights and interests or the establishment, exercise or defense of legal claims, pursuant to Section 13(f) of the Data Privacy Act (DPA).
Entities who process sensitive personal information or privileged information must ensure that such processing is compliant with the guidelines provided in the Advisory. A legitimate interest assessment will be helpful in evaluating compliance with NPC Circular No. 2023-07.

The National Privacy Commission (NPC) recently issued NPC Circular No. 2024-02 (“Circular“), which provides an updated policy framework on the use of closed-circuit television (CCTV) systems. The Circular is intended to address emerging privacy risks arising from the use of CCTV systems, and to enable data controllers and processors to properly manage personal data processing carried out through such systems.

The Circular took effect on 27 August 2024.

The Data Privacy Act provides that a personal information controller (PIC) must implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information against accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing. The PIC shall also protect personal information against natural dangers and human dangers. For this purpose, the National Privacy Commission (NPC) recently issued NPC Circular No. 2023-06 (“Circular”), which sets out the updated minimum requirements for the security of personal data.

The National Privacy Commission (NPC) recently issued NPC Circular No. 2023-05, which sets out the prerequisites for certification under the Philippine Privacy Mark Certification Program.
The NPC Privacy Mark, obtained through the PPM Certification Program, offers the highest level of assurance on data privacy compliance and secure cross-border data transfers of personal information controllers and personal information processors. It helps data subjects identify organizations they can entrust their personal data with.
The Circular took effect on 15 March 2024.

The National Privacy Commission (NPC) formally announced through its official website that the Annual Security Incident Report for the year 2023 must be filed by 31 March 2024.
Any natural and juridical person in the government or private sector processing personal data in or outside of the Philippines that are subject to the provisions of Republic Act No. 10173 or the Data Privacy Act of 2012 must submit the ASIR containing the following information:
• Summary of the number of security incidents encountered in a particular calendar year and categorized by type, i.e., theft, identity fraud, sabotage/physical damage, malicious code, hacking, misuse of resources, hardware failure, software failure, communication failure, natural disaster, design error, user error, operations error, software maintenance error, third-party service, and other analogous causes
• Summary of the number of personal data breaches encountered in a particular calendar year and classified based on the application of the breach notification obligations, i.e., mandatory and voluntary notification

Consent is not the only available lawful basis for processing personal information. Personal information controllers and other parties engaged in the processing of personal information may also use legitimate interest as a lawful basis for processing. However, these parties must be aware of the conditions and limitations for processing personal information based on legitimate interest. For this reason, the National Privacy Commission (“NPC”) recently issued NPC Circular No. 2023-07, which provides guidelines on the processing of personal information based on legitimate interest. The Circular takes effect on 14 January 2024.

The National Privacy Commission (NPC) recently issued NPC Circular No. 2023-03 (“Circular”), which sets out guidelines on the issuance of identification cards to data subjects. The Circular applies to all personal information controllers (PICs) that issue ID cards to data subjects, excluding government-issued ID cards. The Circular took effect on 30 November 2023.