Data privacy act

    avatar
    Created by
    Shine Khezzia

    Cards (186)

    • Data privacy act - RA 10173
    • Data privacy act - Law that seeks to protect all forms of information, be it private, personal, or sensitive. It is meant to cover both natural and juridical persons involved in the processing of personal information.
    • Data privacy act is important:
      1. It protects the privacy of individuals while ensuring free flow of information to promote innovation and growth
      2. Regulates the collection, recording, organization, storage, updating or modification, retrieval consultation, blocking, erasure or destruction of personal date
      3. Ensures that the Philippines complies with international standards set for data protection through national privacy commission (NPC).
    • National privacy commission - An independent body mandated to administer and implement the act, and to monitor and ensure compliance of the country with international standards set for personal data protection. They coordinate with other government agencies and the private sector on efforts to formulate and implement plans and policies to strengthen the protection of personal information in the country.
    • National privacy commission
      1. Rule making
      2. Advisory
      3. Public education
      4. Compliance and monitoring
      5. Complaints and investigations
      6. Enforcements
      7. Other functions - Administrative issuances
    • What is one function of the National Privacy Commission?
      Ensure compliance of personal information controllers
      View source
    • What does the National Privacy Commission do with complaints?
      It receives, investigates, and facilitates settlements
      View source
    • How does the National Privacy Commission resolve complaints?
      As a collegial body during investigations
      View source
    • What can the National Privacy Commission issue regarding personal information processing?
      Cease and desist orders
      View source
    • Under what condition can the National Privacy Commission impose a ban on processing personal information?
      If it is detrimental to national security
      View source
    • What authority does the National Privacy Commission have over entities regarding its orders?
      It can compel them to abide by its orders
      View source
    • What does the National Privacy Commission monitor in government agencies?
      Compliance with security and technical measures
      View source
    • What is one way the National Privacy Commission collaborates with other entities?
      Coordinate with agencies to strengthen PI protection
      View source
    • What does the National Privacy Commission publish regularly?
      A guide to all laws relating to data protection
      View source
    • What type of compilation does the National Privacy Commission publish?
      Agency system of records and notices
      View source
    • To whom does the National Privacy Commission recommend prosecution for privacy violations?
      To the Department of Justice
      View source
    • What can the National Privacy Commission do regarding privacy codes?
      Review, approve, or reject them
      View source
    • What type of assistance does the National Privacy Commission provide?
      On matters relating to privacy or data protection
      View source
    • How does the National Privacy Commission respond to proposed statutes?
      Comments on data privacy implications
      View source
    • What can the National Privacy Commission propose regarding privacy laws?
      Legislation, amendments, or modifications
      View source
    • How does the National Privacy Commission coordinate internationally?
      With data privacy regulators in other countries
      View source
    • What does the National Privacy Commission negotiate for?
      Cross-border application of privacy laws
      View source
    • Data subject - An individual whose personal information is processed.
    • Personal information controller - Refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.
    • PIC term excludes:
      • A person or organization who performs such functions as instructed by another person or organization
      • An individual who collects, hold, processes or uses personal information in connection with the individual’s personal, family or household affairs.
    • Personal information processor - Any natural or juridical person qualified to act as such under this act whom a personal information controller may outsource the processing of personal data pertaining to a data subject.
    • Three types of personal information :
      1. Personal information
      2. Sensitive personal information
      3. Privileged information
    • Personal information - Any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual. In other words PI is any information that can be linked to your identity, thus making your identity readily identifiable.
    • Personal information examples:
      • Full name
      • Gender
      • Birthdate
      • Mobile no.
      • Address
      • Birthplace
      • Bank account number
      • Parents’ name
    • Why is sensitive personal information considered important?
      It relates to privacy and individual rights
      View source
    • What type of personal information includes an individual's race and ethnic origin?
      Sensitive personal information
      View source
    • What does sensitive personal information include regarding health?
      Health, education, genetic or sexual life
      View source
    • What type of information is related to an individual's legal proceedings?
      Offense committed or alleged to have been sentenced
      View source
    • What can happen to licenses that are considered sensitive information?
      They can be denied, suspended, or revoked
      View source
    • What government-issued documents are considered sensitive personal information?
      SS numbers, health records, licenses
      View source
    • Why might sensitive personal information be classified?
      To protect national security or individual privacy
      View source
    • What type of information is classified by an executive order or act of congress?
      Information specially established to be kept classified
      View source
    • Privileged information - Any and all forms of data which constitute privileged communication under the rules of court and laws.
      • Attorney-client
      • Priest-penitent
      • Husband and wife
      • Physician- patient
      • Bank deposits
      • Trade or industrial secret
      • Statement in judicial proceedings
    • Personal may be contained in :
      • Information and communication system
      • Filing system
    • Personal data are processed through - Data processing systems
    See similar decks