Implementing Rules and Regulations of Executive Order No. 122

July 13, 2022

AMENDED RULES AND REGULATIONS TO IMPLEMENT EXECUTIVE ORDER NO. 122 OTHERWISE KNOWN AS "STRENGTHENING BORDER CONTROL THROUGH THE ADOPTION AND IMPLEMENTATION OF THE ADVANCE PASSENGER INFORMATION SYSTEM"

Pursuant to Section 11 of Executive Order (E.O.) No. 122, s. 2020 (Strengthening Border Control through the Adoption and Implementation of the Advance Passenger Information System), the following rules and regulations are hereby adopted and promulgated:

RULE I

Title and Scope

SECTION 1. Title. — These rules and regulations shall be referred to as the "Implementing Rules and Regulations of Executive Order No. 122" (Rules).

SECTION 2. Scope. — These Rules shall apply in the collection, use, processing, storage, sharing, protection, and transmission of Advance Passenger Information (API) from an aircraft operator, which is expected to arrive in, transit through, or depart from the Philippine territory.

In the enhancement of border security by means of effective national border controls and global law enforcement information sharing, these Rules shall apply to protect and ensure the integrity and availability of the API, by restricting access thereto and using security mechanisms or other reasonable safeguards to prevent unauthorized access or use, in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, and Republic Act No. 10175, otherwise known as the Cybercrime Prevention Act of 2012.

RULE II

Definition of Terms

SECTION 1. Definition of Terms. — The following definition of terms shall apply for the purpose of these Rules:

a. BI refers to the Bureau of Immigration.

b. Advance Passenger Information (API) refers to an electronic communication containing passenger or crew-related information transmitted to the BI prior to arrival or departure and made available on the primary line at the port of entry/exit. API data elements to be transmitted by commercial carriers as listed under Rule V, Section 2.

c. Aircraft Operator refers to a person, corporation, firm or association engaged in the business of carrying or transporting passengers by air, for compensation, and offering its services to the public.

d. API System (APIS) refers to an electronic communications system whereby required data elements from machine readable passports, other official travel documents or those which may be available in the commercial carrier's reservation or departure control system, are collected and transmitted to border control agencies prior to flight arrival or departure and made available on the primary line at the airport of entry.

e. BI-APIS (Single Window) refers to an information and communication system maintained by the BI whereby required data elements — as listed under Rule V, Section 2, and which are made available at the port of entry/exit — are generated, recorded, and collected from commercial carriers following the transmission timings — as stipulated under Rule VI, Section 1 — and are stored, and transferred to the designated Competent Authorities listed under Rule X.

f. Commercial carriers refer to persons, corporations, firms or associations engaged in the business of carrying or transporting passengers or goods, or both, by sea or air, for compensation, offering their services to the public. A commercial carrier may be a public/common or private carrier including military aircraft or vessel providing special flights for civilian persons.

g. Commissioner refers to the Commissioner of the Bureau of Immigration as per Commonwealth Act No. 613.

h. Competent Authorities refer to entities (i.e., agencies, institutions) designated by the government to receive API data from the BI as API Single Window, in order for said entities to carry out specific functions in accordance with their respective mandates. The designated Competent Authorities under these Rules are listed under Rule X of these Rules.

i. Crew members refer to persons assigned by an operator to duty in an aircraft during a flight duty period.

j. Data sharing refers to the disclosure or transfer of data elements identified in these Rules and under the custody of BI as information controller, to one or more other personal information controller/s.

k. ICAO refers to the International Civil Aviation Organization.

l. IATA refers to International Air Transport Association.

m. INTERPOL refers to International Criminal Police Organization.

n. Immigration formalities refer to the process of conducting arrival and departure formalities of any passenger or crew member at any port of entry/exit by the BI through the Immigration Officers as per Commonwealth Act No. 613 and its relevant rules, regulations, circulars, and guidelines.

o. NPC refers to the National Privacy Commission.

p. Passenger refers to a person carried on board a vessel or aircraft, excluding the captain, master, agent, owner, consignee or any person in charge of the aircraft or vessel, and crew members or other persons employed or engaged in any capacity who are also on board such commercial aircraft or vessel.

q. UN refers to the United Nations.

r. WCO refers to World Customs Organization.

RULE III

Role of the Bureau of Immigration

SECTION 1. Mandate. — The BI is principally responsible for the administration and enforcement of immigration, citizenship, and alien registration laws, including the entry and admission of foreigners into the Philippines, in accordance with the provisions of Commonwealth Act No. 613 (C.A. No. 613), otherwise known as the Philippine Immigration Act of 1940, as amended.

SECTION 2. Functions. — The BI shall have the following functions:

a. Issue rules and regulations in order to meet minimum standards for protection of personal information transmitted by commercial carriers to the BI-APIS ("Single Window");

b. Ensure compliance by all government agencies or instrumentalities and commercial carriers as regards security measures, as well as reasonable and appropriate organizational, physical, and technical measures under these Rules and other relevant laws and regulations;

c. Specifying electronic format and technical standards, modalities, and procedure for data portability, in accordance with ICAO international standards and guidelines;

d. Act on requests of other law enforcement agencies in furtherance of national security, law enforcement, immigration, intelligence, and counter-terrorism, as may be required for public safety, public health or public order;

e. Seek assistance from appropriate government agencies for the imposition of administrative fines, sanctions, and penalties, within their regulatory powers, for non-compliance with data collection, use, processing, storage, sharing, protection, and transmission requirements under these Rules, such as delay or non-submission of required data and erroneous data entry or incomplete data entry in the APIS;

f. Enter into any agreement with other agencies for the further implementation of these Rules;

g. Facilitate BI-APIS data processing systems and notifications;

h. Initiate, engage, and obtain the design, supply, installation and commissioning of software and/or hardware and related services, and collect necessary and incidental charges for the roll-out and implementation of BI-APIS and Data Acquisition Services; and

i. Exercise such other functions as may be necessary to fulfil its mandate under these Rules.

RULE IV

Duties of Commercial Carriers

SECTION 1. Duties and Obligations. — The following are duties and obligations of commercial carriers under these Rules:

a. Provide to the BI the API data required under these Rules;

b. Transmit to the BI the required API data within the timeframes and format provided under these Rules;

c. Submit accurate and correct data based on the passenger's provided information; and

d. Provide adequate notice to passengers regarding the legal obligation of commercial carriers to provide the BI with API data held by them in relation to a flight to, from, or in transit through any port within the territory of the Philippines and that the information might be passed to other government authorities. The notice shall include that the information may be passed to concerned government agencies and other foreign authorities when necessary to satisfy the requesting State's purpose for acquiring the information. The notice shall also provide the specified purpose for obtaining the information as well as appropriate guidance to passengers on how they may access their data and seek redress in case of violation of their data privacy or breach of confidentiality.

SECTION 2. Notwithstanding the preceding section, the BI, through its Commissioner, may, subject to the approval of the Secretary of Justice, enter into any relevant agreement with commercial carriers or any of their associations if circumstances warrant, pursuant to applicable laws, rules and regulations.

RULE V

API Requirement and Data Elements

SECTION 1. API Requirement. — The captain, owner or any person in charge of an aircraft that is arriving in, transiting through or departing from the Philippine territory, shall transmit electronically the API in respect of each person being checked-in on that aircraft, including the crew members.

SECTION 2. Data Elements (Aviation). — Pursuant to these Rules, the BI shall require an aircraft operator to transmit the following API data elements:

A. Data Relating to Each Individual Passenger

i) Core Data Elements as may be found in the Machine-Readable Zone of the passport or official travel document to be presented by a passenger:

a) Passenger/Crew Member's Complete Name

b) Date of Birth

c) Gender

d) Nationality

e) Passport Travel Document Number

f) Travel Document Type

g) Issuing State or Organization of the Official Travel Document

h) Expiration Date of Official Travel Document

ii) Additional data elements relating to each individual passenger normally found in the Airline Systems (to be requested only as available):

a) Seating Information (Specific seat assigned to the passenger for this flight)

b) Baggage information (Number of checked bags, and where required, the baggage tag numbers associated with each)

c) Traveller's Status (Passenger, Crew, In-transit)

d) Place/Port of Original Embarkation (Place/port where traveller originates foreign travel)

e) Place/Port of Clearance (Place/port where the traveller is cleared by the Border Control Agencies)

f) Place/Port of Onward Foreign Destination (Foreign place/port where traveller is transiting to)

g) Passenger Name Record Locator Number (or unique identifier) (As available in the traveller's Passenger Name Record in the carrier's airline reservation system)

B. Data Relating to the Flight (Header Data):

i) Flight Identification (IATA airline code, flight number, aircraft name and country of registry)

ii) Scheduled Departure Date (date of scheduled departure of aircraft based on local time of departure location)

iii) Scheduled Departure Time (time of scheduled departure of aircraft based on local time of departure location)

iv) Scheduled Arrival Date (date of scheduled arrival of aircraft based on local time of arrival location)

v) Scheduled Arrival Time (time of scheduled arrival of aircraft based on local time of arrival location)

vi) Last Place/Port of Call of Aircraft (aircraft departed from this last foreign place/port of call to go to "place/port of aircraft initial arrival")

vii) Place/Port of Aircraft Initial Arrival (place/port in the country of destination where the aircraft arrives from the "last place/port of call of aircraft")

viii) Subsequent Place/Port of Call within the Philippines (subsequent place/port of call within the Philippines)

ix) Number of passengers (total number of passengers on the flight)

RULE VI

Transmission of Data

SECTION 1. Timeframe for Data Transmission. — Consistent with the provisions of Section 32 of C.A. No. 613, as amended, the captain, owner or any person in charge of an aircraft shall be fully responsible in ensuring that the flight and passenger data transmitted are accurate and complete, and shall reach the BI-APIS thirty (30) minutes before the scheduled flight departure or upon aircraft door-close stage.

In the event of any changes to the flight data or data relating to an individual on board, an updated API file is required to be immediately transmitted by the aircraft.

SECTION 2. Format. — The format of the API message shall be in the UN/EDIFACT PAXLST and CUSRES standards which conforms to internationally recognized standards and practices found in the WCO/IATA/ICAO API Guidelines and EDIFACT Implementation Guide. Details of the format and transmission method shall be published by the BI in a Technical Implementation Guide to be provided to the representative of each commercial carrier.

As an alternative to UN/EDIFACT PAXLST, API data may be transmitted by commercial carriers to the BI-APIS using the XML format or other internationally accepted formats.

SECTION 3. Transmission of API. — The API must be directly transmitted electronically to the BI-APIS to ensure security of personal data.

RULE VII

Verification and Correction of Data

SECTION 1. Creation of BI-APIS Operations.— Supervision to perform security vetting and/or derogatory information verification after receipt of the API. This Operations Center shall act as 24/7 one-stop-shop of APIS, composed of authorized personnel at the sound discretion of the Commissioner. Data Protection Officer/s shall be designated and included in the BI-APOC, in accordance of the Data Privacy Act of 2012.

SECTION 2. Duties and Functions. — The BI-APOC shall:

(a) Immediately after receipt of the API, analyze data using the BI database to perform security vetting (a process for investigating, screening, or establishing the accuracy or truthfulness of the API data elements as listed in Rule V, Section 2), and/or derogatory information verification (a method of confirming the availability of derogatory information regarding the passenger or crew member);

(b) Whenever necessary, use other available law enforcement and non-law enforcement databases and watchlists, including notices issued by the INTERPOL and those subject of UN Security Council sanctions and travel bans, in performing security vetting or derogatory information verification;

(c) Coordinate with the commercial carriers if a passenger or crew member is found to have any derogatory information;

(d) Facilitate and ensure the timely transmission of API by commercial carriers;

(e) Correct or amend API data information subject to the approval of the Commissioner; and

(f) Comply with the provisions of the Data Privacy Act of 2012, its implementing rules and regulations, and its related issuances in the processing of personal information and sensitive personal information forming part of the API.

SECTION 3. Arrival/Departure Formalities. — Notwithstanding the provisions in the preceding Sections, these Rules shall not divest the BI from conducting regular inspection and immigration formalities of all arriving and departing passengers.

SECTION 4. Further Verification and Correction of Information. — API data may also be verified by the Immigration Officers during the physical processing of arrival/departure formalities of any passenger or crew member at any port of entry/exit by comparing the API data with the information contained in the travel document presented.

SECTION 5. Procedure in the Verification of Information by Primary Inspector. — Immigration officers at the airport primary inspection shall scan the biographical page of each passport of all arriving and departing passengers on the passport reader to electronically check and verify the authenticity and validity of API data and derogatory record check. In case of discrepancy between the API data and passport presented by a passenger at the airport, the Border Control Information System (BCIS) shall prompt the primary Immigration Officer with a "No Match" message from the BI-APIS, and the primary Immigration Officer shall proceed to exclude the passenger under Section 29 (a) (17) of C.A. No. 613, as amended.

SECTION 6. Exclusion. — Notwithstanding the inclusion of the passenger's data elements in BI-APIS, an alien passenger may still be a subject for exclusion under Section 29 (a) of C.A. No. 613, as amended, subject to compliance with applicable immigration laws, rules and regulations.

SECTION 7. Correction of Information. — In the event that errors are found in the API, the BI APOC shall provide an opportunity to correct such errors or perform correction after verification based on travel or other related documents, within a reasonable time as the circumstances may permit. If errors are found, authorized BI personnel may correct the data at the point of entry and update the information; provided, however, that correction of these errors shall not waive the liability of the captain, owner or any person in charge of an aircraft as provided under these Rules; provided further that, the BI-APOC shall not amend or correct the data unless with the written authorization from the Commissioner or his authorized personnel.

An individual may only seek access to the API supplied by the commercial carrier if he or she is the subject of the data being accessed. Any request to seek access to certain information maintained in the BI-APIS shall be submitted to the Office of the Commissioner. The request should include a general description of the records sought and must include the requester's full name, current address, and date and place of birth. The request must be signed and under oath. However, records and information pertaining to the results of the vetting of the passenger may not be accessed. The Commissioner, in his discretion, shall respond to the requests submitted thereto, in accordance with any applicable provision of immigration laws, and inform individuals of the outcome of their requests.

RULE VIII

Management of Advance Passenger Information System (APIS)

SECTION 1. Management and Information System Division. — The BI-Management and Information System Division (MISD) shall be the repository of the BI-APIS. It shall implement reasonable and appropriate organizational, technical, and physical security measures in compliance with the Data Privacy Act of 2012, the Cybercrime Prevention Act of 2012, and other existing rules and regulations to protect and ensure the confidentiality, integrity and availability of the API.

SECTION 2. Functions. — The MISD shall:

(a) Provide assistance to the BI-APOC in the performance of security vetting and derogatory information verification functions;

(b) Adopt and establish technical and cyber security measures;

(c) Protect the information network against accidental, unlawful and unauthorized usage which may affect data integrity or hinder the functioning or availability of the system, and unauthorized access through electronic network;

(d) Ensure and maintain the confidentiality, integrity, availability, and resilience of API processing systems and services;

(e) Monitor security breaches and provide process for both identifying and accessing reasonably foreseeable vulnerabilities in their computer networks, and taking preventive, corrective, and mitigating action against security incidents that can lead to a personal data breach;

(f) Restore the availability and access to API data in a timely manner in the event of a physical or technical interference;

(g) Maintain a process for regularly testing, assessing, and evaluating the effectiveness of security measures; and

(h) Ensure encryption of API data during storage and while in transit, authentication process, and other technical security measures that control and limit access.

SECTION 3. On-Time Data Transmission. — Further to the preceding Section, the MISD shall provide assistance to the BI-APOC to ensure the timely transmission of API data by commercial carriers.

The BI-APIS and the BCIS shall be made interoperable in order that the API can verified and validated during security vetting and immigration primary inspection at the Philippine ports of entry and exit; provided, that, the BI-APIS shall conform to Annex 9 (Facilitation) of the Convention on International Civil Aviation.

RULE IX

Security of API Data

SECTION 1. Data Security. — All API data maintained by the BI shall be secured, as far as practicable, with the use of the most appropriate standard recognized by the information and communications technology industry, subject to the Data Privacy Act of 2012, including NPC Circular No. 16-01, and the Cybercrime Prevention Act of 2012. Access terminals, mainframe processors, and databases are all maintained in BI controlled space. The Commissioner shall be responsible for complying with the security requirements through the use of strict access controls for the users, passwords, background checks for individuals accessing the data, as well as system audits that track and report on access to the data. Only BI personnel who have undergone the annual privacy training shall have access to API data.

SECTION 2. Access to BI-APIS; Authorization. — The BI, through its Commissioner, shall strictly regulate access to API data under its custody or control. Access to the system is granted on and limited to a need-to-know basis. The system will use assigned roles based on an individual's need-to-know, official duties, agency of employment, and appropriate background investigation and training. An employee of the BI shall only be granted security clearance when the performance of his or her official functions or the provision of a public service directly depends on and cannot otherwise be performed unless access to the API data is allowed. To prevent unauthorized use and access, only personnel authorized by the Commissioner shall have access to the BI-APIS. No offsite access shall be allowed.

SECTION 3. Re-authorization. — To ensure the protection of API data, the user, through his or her immediate supervisor, must request reauthorization every six (6) months from the Commissioner to access the BI-APIS. Reauthorization is dependent upon a user's continuing role or duty and the absence of any derogatory or disciplinary complaint relating to access.

SECTION 4. Responsibility of the BI. — To protect and ensure the integrity and availability of the API, the BI shall:

(a) Restrict access of the BI-APIS to authorized personnel only;

(b) Assign username and password to the authorized individuals to track and monitor all BI-APIS transactions;

(c) Conduct monthly audit of all BI-APIS transactions to ensure that the data are all being handled consistently with the existing rules and regulations;

(d) Maintain audit trails or logs for the purpose of reviewing user activity;

(e) Submit report of inconsistent or irregular use of API data;

(f) Maintain BI-APIS to protect API data; and

(g) Implement reasonable and appropriate organizational, physical, and technical measures to protect API data.

SECTION 5. Role of the NPC. — The National Privacy Commission, being the body mandated to administer and implement the Data Privacy Act and monitor and ensure compliance of the Philippines with international standards set for personal data protection, shall have primary and sole authority to entertain cases involving alleged violations of the Data Privacy Act, and, take cognizance of matters related to privacy and data protection arising from and/or pursuant to these Rules.

RULE X

Data Sharing

SECTION 1. Authority to Share API. — Subject to existing treaties, laws, rules and regulations, and whenever consistent with national interest, the BI may share information contained in the API in furtherance of regional or international security. The API may also be provided to the following law enforcement agencies, as designated Competent Authorities under these Rules, in furtherance of national security, law enforcement, immigration, intelligence and counter-terrorism functions, as may be required for public safety and order:

a) Department of Finance thru the Bureau of Customs

b) Department of Transportation thru the Office for Air Transportation Security; Civil Aeronautics Board; and Civil Aviation Authority of the Philippines

c) Department of Health thru the Bureau of Quarantine

d) Department of Justice thru the National Bureau of Investigation

e) Department of the Interior and Local Government thru the Philippine National Police

f) Department of National Defense

g) National Intelligence Coordinating Agency

h) Armed Forces of the Philippines

i) National Security Council

j) Anti-Terrorism Council

k) Other agencies with a relevant mandate that are already existing or which may be created in furtherance of Executive Order No. 122, series 2020

SECTION 2. Criteria for Data-Sharing. — Data may be shared when it is necessary for the performance of a public function or the provision of a public service, specifically in furtherance of national security, law enforcement, immigration, intelligence, and counter-terrorism functions, as may be required for public safety, public health or public order, and pursuant to the respective constitutional or statutory mandates of the BI and the designated Competent Authorities.

The designated Competent Authorities may cross-check API data against their own watchlists and databases, pursuant to their respective constitutional or statutory mandates.

SECTION 3. Information Transmission and Disclosure. — The information may be transmitted either electronically or as printed materials to authorized personnel. Such transmission of copies shall adhere to the reasonable and appropriate organizational, physical, and technical measures under these Rules and other relevant laws and regulations. Moreover, hard copies of information shall be protected by sealed envelopes and shared via official or accredited inter agency couriers. Authorized personnel must possess a mission or job-related need and intended use before information may be shared and granted.

SECTION 4. Security of API Data Information. — A law enforcement agency, its members, and employees shall ensure at all times the security of any personal data that come to their possession or knowledge.

SECTION 5. Authority from the Commissioner. — Request of API data shall not be released without prior written authorization from the Commissioner specifying the general terms, conditions, and limitations that govern the use of such data. Where disclosure is authorized, the recipient agency is likewise bound to comply with the Data Privacy Act of 2012 and other relevant laws.

SECTION 6. Memorandum of Understanding. — Notwithstanding the preceding sections, the BI, through its Commissioner, may enter into a Memorandum of Understanding or Data Sharing Agreement with other agencies to define roles and responsibilities and enhance collaboration and coordination among agencies and the private sector.

SECTION 7. BI-Anti Terrorist Group. — The BI-Anti Terrorist Group under the Office of the Commissioner shall maintain close coordination with and provide assistance to other law enforcement offices on matters involving terrorism, transnational crimes and other illegal activities that may require the use of API data.

RULE XI

Fines and Penalties

SECTION 1. Penalty for Unlawful or Unauthorized Processing of API. — The unauthorized processing, accessing, disposal, disclosure, sharing, publication, or use of the API data, including all illegal acts as defined under the Data Privacy Act of 2012, shall be punishable in accordance with the afore-cited law, its implementing rules and regulations, the Cybercrime Prevention Act of 2012, and other relevant laws.

SECTION 2. Penalty for Submission of Erroneous or False API Data. — The captain, owner or any person in charge of an aircraft that is arriving in, transiting through or departing from the Philippines, who submits an erroneous or false API data of a passenger or crew member shall be subject to a fine ranging from Twenty Thousand Pesos (P20,000.00) to Fifty Thousand Pesos (P50,000.00) for each erroneous or false API data entry or exit in the country, without prejudice to the filing of appropriate administrative, civil and/or criminal charges in accordance with Sections 37 (a) (9), 44 (a) (1) and (2), 45 (a) to (f), 46 and 46-A of C.A. No. 613, as amended, and other existing laws, rules and regulations.

SECTION 3. Penalty for Delay or Failure to Submit API Data, Failure to Account Every Passenger and Crew Member, or Unauthorized Discharge of Crew Member. — The captain, owner or any person in charge of an aircraft arriving in, transiting through or departing from the Philippines, who shall delay or fail to submit to the immigration authorities through the BI-APIS a complete and accurate API data, as per the procedure and requirements provided under these Rules, shall be subject to a fine ranging from Twenty Thousand Pesos (P20,000.00) to Fifty Thousand Pesos (P50,000.00). The penalty hereof is without prejudice to any action that the Commissioner may recommend to the appropriate government agencies within their regulatory powers for the imposition of administrative, civil and/or criminal charges in accordance with Sections 37 (a) (9), 44 (a) (1) and (2), 45 (a) (1) to (f), 46 and 46-A of C.A. No. 613, as amended, and other existing laws, rules and regulations.

SECTION 4. General Fines and Penalties. — Any violation of the provisions of these Rules, or any order, rule and regulation issued thereunder, or failure to comply with any directives under these Rules for which no penalty is expressly provided shall be subject to a fine ranging from Twenty Thousand Pesos (P20,000.00) to Fifty Thousand Pesos (P50,000.00) for each violation, without prejudice to the filing of appropriate administrative, civil and/or criminal charges in accordance with Sections 37 (a) (9), 44 (a) (1) and (2), 45 (a) to (f), 46 and 46-A of C.A. No. 613, as amended, and other existing laws and regulations.

SECTION 5. Repeated Violation of these Rules. — The captain, owner or person in charge an aircraft who repeatedly violates these Rules shall be subject to an additional fine range from Twenty Thousand Pesos (P20,000.00) to Fifty Thousand Pesos (P50,000.00), on top of the fines under Sections 2 to 4 of this Rule.

SECTION 6. The Commissioner, in imposing fines and penalties, shall observe due process and take into account the nature, circumstances, extend and gravity of the violation; the degree of culpability and history of prior offenses, if any, of the offender; and such other matters as justice and equity require.

RULE XII

Retention and Destruction of Data

SECTION 1. Retention of Data. — The Data collected in the BI-APIS may be retained only for as long as it is necessary, and shall in no case be retained longer than twelve (12) months from the date of collection and entry, unless otherwise justified for the fulfilment of a legitimate purpose, or for the establishment, exercise or defense of legal claims, or in other cases, provided by law; provided that, any information pertaining to terrorism as defined in Section 4 of R.A. No. 11479, otherwise known as the Anti-Terrorism Act of 2020, or other crime-related information, may be retained for a longer period as may be provided for by other laws, rules and regulations.

SECTION 2. Destruction of Data. — With the written authorization from the Commissioner, the API data elements shall thereafter be erased, destroyed, disposed of, or discarded in a secure manner, upon expiry of the periods stipulated in Section 1 above, in order to prevent further processing, unauthorized access, or disclosure to any other party or the public, or prejudice the interests of the data subjects, pursuant to the Data Privacy Act of 2012 and its implementing rules and regulations.

The provisions of R.A. No. 9470, otherwise known as the National Archives of the Philippines Act of 2007, and related issuances of the National Archives of the Philippines, shall likewise apply to the handling of any records having enduring archival value.

RULE XIII

Funding

SECTION 1. Budget. — The amount necessary for the initial implementation of these Rules shall be charged against existing appropriations of the BI. The funding requirements for the succeeding years shall be included in the budget proposal of the BI, subject to the usual budget preparation process. The BI shall exert all efforts in the procurement of appropriate APIS and software/hardware facility through various modes of procurement provides under existing laws and regulations.

SECTION 2. Other Sources. — The funding requirements for the continuing maintenance and operation of the BI-APIS shall be primarily funded by a fee that shall be charged each passenger via the commercial carrier in accordance with existing laws, rules and regulations.

RULE XIV

Amendment, Separability, Revocation, and Interpretation

SECTION 1. Amendment. — These rules may be amended, modified or supplemented when necessary for the effective implementation and enforcement of E.O. No. 122 and in the furtherance of national security, public safety, public health, or public order.

SECTION 2. Separability. — If any clause or provision of these Rules is declared unconstitutional or invalid, the other provisions not affected thereby shall remain valid and subsisting.

SECTION 3. Revocation. — All previous rules, regulations, orders, issuances, or parts thereof which are contrary to and inconsistent with E.O. No. 122 and these Rules are hereby revoked, amended, or modified accordingly.

SECTION 4. Interpretation. — In case of doubt, the provisions of these Rules, including any subsequent related issuances by the BI, shall be construed in the interest of national security, public safety, public health, or public order, taking into consideration respect for human dignity and individual privacy.

Should any provision contained in these Rules be found to be ambiguous, an interpretation consistent with the purpose of the APIS that would render the provision valid shall be favored over any interpretation that would render it invalid, as long as it is in line with international standards.

RULE XV

Approval, Publication and Effectivity

SECTION 1. Approval by the Secretary of the Department of Justice. — These Rules shall be subject to the approval of the Secretary of Department of Justice.

SECTION 2. Publication. — Upon such approval, the Board Secretary of the BI shall ensure that these Rules shall immediately be published in two (2) newspapers of general circulation.

SECTION 3. Effectivity. — These Rules shall take effect after fifteen (15) days from the date of such publication and deposit of copies thereof with the Office of the National Administrative Register (ONAR), U.P. Law Center, University of the Philippines, Diliman, Quezon City, together with posting of the Rules in the BI official website.

Manila, Philippines.

(SGD.) JAIME H. MORENTECommissioner

APPROVED:

(SGD.) MENARDO I. GUEVARRASecretary

 

Published in The Philippine Daily Inquirer on July 13, 2022.