Yes. In allowing disclosure of a depositor’s basic identifying information, the Court first defined “deposit”, why it its confidentiality is protected, and correlated it the provisions of the Cybercrime Prevention Act with the necessity of allowing disclosure of basic identifying information while protecting the confidentiality of deposits:
“In light of these considerations, the Court concludes that the provisions of the Cybercrime Prevention Act concerning the disclosure of subscriber information or identity can be applied without undermining the confidentiality of bank deposit information afforded by the Bank Secrecy Law.
The Court references Republic Act No. 3591,Section 3(f), which defines deposit as:
the unpaid balance of money or its equivalent received by a bank in the usual course of business and for which it has given or-is obliged to give credit to a commercial, checking, savings, time or thrift account, or which is evidenced by its certificate of deposit, . . . [or other evidence of deposit issued in accordance with Bangko Sentral ng Pilipinas rules and regulations and other applicable laws. . .]
From this definition, it can be inferred that confidentiality associated with deposits primarily safeguards their financial details as opposed to basic identifying information. This interpretation aligns with the legislative intent of the Bank Secrecy Law, which was enacted to promote public investment in government securities and bank deposits during a period when the country required substantial capital and credit facilities for post-World War II economic revitalization. Thus, the primary aim of the Bank Secrecy Law is to protect the depositor’s financial transaction, allowing for disclosure only under specified conditions.
While the Bank Secrecy Law encompasses a broad array of information requiring protection and confidentiality, existing laws have established exceptions to this general rule, particularly regarding identifying information associated with deposits. In this regard, the Cybercrime Prevention Act specifically delineates subscriber information, defined as follows:
(o) Subscriber’s information refers to any information contained in the form of computer data or any other form that is held by a service provider, relating to subscribers of its services other than traffic or content data and by which identity can be established:
| (1) | The type of communication service used, the technical provisions taken thereto and the period of service; |
| (2) | The subscriber’s identity, postal or geographic address, telephone and other access numbers, any assigned network address, billing and payment information, available on the basis of the service agreement or arrangement; and |
| (3) | Any other available information on the site of the installation of communication equipment, available on the basis of the service agreement or arrangement. |
On this point, the Court agrees with respondent that the customers of petitioner who hold accounts and utilize petitioner’s services are considered as subscribers under the Cybercrime Prevention Act. As such, information falling within the scope of the above definition may be legally disclosed to law enforcement authorities under specified circumstances, without necessarily violating the confidentiality of bank deposits.
Ultimately, the Court determines that while the Bank Secrecy Law mandates protection of the financial details of deposits, it does not prevent the disclosure of basic identifying information in accordance with the provisions of the Cybercrime Prevention Act. This interpretation allows for a balanced approach to privacy rights and the need for disclosures, as may be allowed by law, facilitating compliance with both statutes in a manner that upholds the intent behind the Bank Secrecy Law while allowing necessary transparency in cases governed by the Cybercrime Prevention Act, particularly in the prosecution of cyber-related offenses such as hacking, identity theft, cybersex, child pornography, and online libel.” (Citations omitted)[1]
[1]Eastwest Rural Bank vs. Philippine National Police Anti-Cybercrime Group Regional Anti Cybercrime Unit, G.R. No. 273720, July 27, 2025