Cybercrime Law Philippines

Practice Focus

• Defense and prosecution of online libel cases under RA 10175
• Hacking, unauthorized computer access, and data breach cases
• Cyber fraud, phishing, and online estafa complaints
• Identity theft and unauthorized use of computer data
• Cybersex offenses and child pornography cases
• Cyberstalking and online harassment complaints
• Filing complaints with the NBI Cybercrime Division and PNP ACG
• Preservation orders and takedown requests for harmful online content
• Digital evidence collection, preservation, and forensic analysis
• Corporate cybersecurity legal compliance and incident response
• DICT and NPC data privacy breaches and regulatory investigations
• Defamation and reputation management for online content removal

Online Libel Under RA 10175

Online libel under Section 4(c)(4) of Republic Act No. 10175 is one of the most commonly prosecuted cybercrime offenses in the Philippines. It penalizes the publication of defamatory content through a computer system or other similar means, including social media posts, blog articles, comments, private messages, emails, and online news articles that contain false and malicious imputations. The Supreme Court, in Disini v. Secretary of Justice (G.R. No. 203335), upheld the constitutionality of online libel while striking down the provision penalizing persons who merely receive and react to libelous content. The penalty for online libel under RA 10175 is prision correccional in its maximum period to prision mayor in its minimum period — significantly higher than the penalty for traditional libel under the Revised Penal Code.

Defending against an online libel charge requires a thorough analysis of the allegedly defamatory content, the identity of the complainant, and all applicable defenses including truth, fair comment on matters of public interest, and privilege. Statements made in the performance of a legal, moral, or social duty — such as a review of a public official's conduct or reporting on a matter of public concern — may be protected by qualified privilege under Philippine jurisprudence. Abanto Law Firm handles online libel cases for both complainants seeking redress and accused persons defending against charges that they believe are unfounded, exaggerated, or filed as tools of harassment, known in local parlance as 'Strategic Lawsuits Against Public Participation' or SLAPPs.

For businesses and individuals who discover defamatory content published about them online, we provide a range of remedies beyond criminal prosecution. These include civil actions for damages under Article 19, 20, and 26 of the Civil Code, petitions for takedown of defamatory content from social media platforms and websites, and applications for preservation orders to prevent the destruction of digital evidence before a case can be filed. Acting swiftly is important in online defamation cases — online content spreads rapidly and can cause irreparable damage to personal and business reputations. Abanto Law Firm's cybercrime team in Makati can initiate legal action within hours of engagement when circumstances require. See our legal services page for details.

Hacking, Unauthorized Access, and Data Interference

RA 10175 penalizes illegal access (hacking) — the intentional access to a computer system or application without right or beyond authorization — with imprisonment of prision mayor (six to twelve years) and a fine. Related offenses include illegal interception of computer transmissions, data interference (altering, damaging, deleting, or deteriorating computer data), system interference (hindering the functioning of a computer system), and misuse of devices — the production, possession, or sale of computer programs designed for committing cybercrime offenses. Businesses that discover they have been hacked must act immediately to preserve digital evidence, assess the scope of the breach, and comply with their obligations under the Data Privacy Act of 2012 (RA 10173) to notify affected data subjects and report to the National Privacy Commission.

Abanto Law Firm assists corporate clients in responding to hacking incidents through a coordinated legal and technical incident response. Our legal team advises on evidence preservation, notification obligations under the Data Privacy Act, filing of cybercrime complaints with the NBI Cybercrime Division or PNP Anti-Cybercrime Group, and pursuit of civil remedies against identified perpetrators. We also assist in dealing with ransomware attacks, business email compromise schemes, and corporate espionage involving unauthorized access to trade secrets or confidential business information. Our cybercrime legal practice is supported by established relationships with cybersecurity professionals and digital forensics specialists who can provide expert witness testimony and technical analysis in support of legal proceedings.

Cyber Fraud and Online Estafa

Cyber fraud is among the most economically damaging forms of cybercrime in the Philippines. Under RA 10175, computer-related fraud — the unauthorized input, alteration, or deletion of computer data or program resulting in inauthentic data for the purpose of gaining economic benefit — is a distinct offense from traditional estafa (swindling) under the Revised Penal Code. In practice, many online fraud cases are prosecuted under both RA 10175 and the RPC simultaneously. Common forms include online selling scams, investment fraud through social media, phishing attacks that steal bank credentials, BDO/BPI and other banking fraud, and SIM-based OTP interception scams that bypass two-factor authentication to drain bank accounts. Abanto Law Firm files cybercrime complaints with the NBI and PNP and pursues civil actions for recovery of defrauded amounts.

The SIM Registration Act (Republic Act No. 11934) and the Anti-Financial Account Scamming Act (AFASA) represent recent legislative responses to the surge in online financial fraud in the Philippines. These laws require SIM card registration to facilitate tracing of online fraudsters and impose criminal liability on financial institution insiders who facilitate fraud. Victims of online fraud can file complaints with multiple agencies — the BSP-supervised financial institutions for account freezing, the NBI Cybercrime Division for criminal investigation, and DICT for technical assistance in tracing perpetrators. Our firm coordinates all these avenues to maximize the chances of recovery and prosecution. Read our legal blog for practical guidance on what to do if you become a victim of online fraud.

Identity Theft and Privacy Violations

Computer-related identity theft under RA 10175 penalizes the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person, without right. In the Philippine context, identity theft commonly occurs through phishing, SIM swapping, social engineering, and the unauthorized use of someone's personal information to open bank accounts, apply for loans, or commit fraud in their name. Identity theft victims suffer both financial losses and damage to their credit standing and reputation. The Data Privacy Act of 2012 complements RA 10175 by providing additional civil and criminal remedies for violations of personal data privacy, including unauthorized processing, improper disposal, and security breaches that expose personal information.

Abanto Law Firm assists identity theft victims in filing complaints with the NBI Cybercrime Division, coordinating with banks and credit agencies to freeze fraudulent accounts and correct credit records, and pursuing civil damages against perpetrators. For data privacy violations — including unlawful processing of personal data, unauthorized disclosure of sensitive personal information, and failure of companies to protect their customers' data — we file complaints before the National Privacy Commission (NPC) and pursue civil remedies under the Data Privacy Act. Our privacy law practice works in tandem with our cybercrime team to provide comprehensive remedies for clients whose personal information has been compromised. Contact us at contact us.

Corporate Cybersecurity Compliance and Incident Response

Philippine law imposes significant cybersecurity obligations on businesses that process personal data, operate critical information infrastructure, or provide financial services. The Data Privacy Act of 2012 and its Implementing Rules and Regulations require personal information controllers to implement reasonable and appropriate security measures, including policies, physical safeguards, and technical controls to protect personal data against accidental or unlawful destruction, alteration, disclosure, and unauthorized processing. The National Privacy Commission enforces these requirements and can impose significant penalties — including criminal sanctions — for violations. Abanto Law Firm advises corporations on their data privacy compliance programs, reviews privacy notices and consent forms, assists in NPC registration, and conducts data protection impact assessments.

When a cybersecurity incident occurs, Philippine law imposes a mandatory 72-hour personal data breach notification obligation to the NPC and a notification obligation to affected data subjects within a reasonable time. Failure to comply with breach notification requirements can result in NPC enforcement action and significant reputational damage. Our incident response legal services include advising on breach assessment and containment, drafting breach notifications to the NPC and affected individuals, representing clients in NPC investigations and enforcement proceedings, and managing disclosure to other regulators such as the Bangko Sentral ng Pilipinas (BSP) for financial institutions. Abanto Law Firm's integrated approach to cybercrime and data privacy law ensures businesses are prepared for and effectively respond to cybersecurity incidents. See our FAQ page.

How We Work With Clients

1. Consultation and Incident Assessment. We begin with a confidential consultation to understand the nature of the cybercrime incident — whether you are a victim or an accused — and assess the available evidence, applicable laws, and strategic options. For ongoing incidents such as hacking or fraud, we advise on immediate containment steps to limit further damage.
2. Digital Evidence Preservation. Proper preservation of digital evidence is critical in cybercrime cases. We advise on the correct methods for capturing and preserving screenshots, server logs, emails, social media content, and other electronic records in a manner that satisfies the Rules on Electronic Evidence and maintains chain of custody for court admissibility.
3. Filing Complaints with Law Enforcement. For victims, we prepare and file detailed cybercrime complaints with the NBI Cybercrime Division or PNP Anti-Cybercrime Group, including supporting affidavits and digital evidence annexes. We coordinate with law enforcement throughout the investigation, ensuring all available technical and legal resources are deployed to identify and build a case against the perpetrators.
4. Prosecution or Defense Before the Prosecutor and Courts. We represent complainants before the DOJ or city/provincial prosecutors in the preliminary investigation, preparing counter-affidavits, rejoinders, and attending clarificatory hearings. For the accused, we provide vigorous defense — challenging the sufficiency of evidence, contesting the admissibility of digital evidence, and asserting all applicable legal defenses under RA 10175 and the RPC.
5. Trial Representation and Remedies. Upon information filing in the Regional Trial Court (designated cybercrime court), we represent clients at trial — presenting digital forensic evidence, examining witnesses, and making legal arguments before the court. We also pursue civil actions for damages, applications for asset freeze orders, and takedown of harmful online content as part of a comprehensive legal strategy.

Frequently Asked Questions