Data subject: an individual whose personal, sensitive personal, or privileged information is processed
Data processing systems: the structure and procedure by which personal data is collected and further processed in an information and communications system or relevant filing system, including the purpose and intended output of the processing
Data sharing: the disclosure or transfer to a third party of personal data under the custody of a personal information controller or personal information processor
Direct marketing: communication by any means of advertising or marketing material directed to particular individuals
Filing system: any set of information relating to natural or juridical persons that is structured in a way that specific information relating to a particular individual is readily accessible
Information and communications system: a system for generating, sending, receiving, storing, or processing electronic data messages or electronic documents
Personal data: all types of personal information
Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed
“Act” refers to Republic Act No. 10173, also known as the Data Privacy Act of 2012
“Commission” refers to the National Privacy Commission
“Consent of the data subject” refers to any freelygiven, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged information
Consent shall be evidenced by written, electronic or recordedmeans
Consent may also be given on behalf of a data subject by a lawful representative or an agent specifically authorized by the data subject to do so
"Personal information" is any information from which the identity of an individual can be directly or reasonably ascertained
"Personal information controller" is a person or entity that controls the processing of personal data or instructs another to process it on its behalf
"Personal information processor" is a person or entity to whom a personal information controller may outsource the processing of personal data
"Processing" includes operations like collection, recording, organization, storage, updating, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data, whether done manually or through automated means
"Profiling" is automated processing of personal data to evaluate personal aspects related to a natural person, such as work performance, economic situation, health, personal preferences, interests, behavior, location, or movements
"Privileged information" refers to any data that, under the Rules of Court and other laws, is considered privileged communication
"Public authority" refers to a government entity created by the Constitution or law, with law enforcement or regulatory authority and functions
"Security incident" is an event affecting data protection or compromising the availability, integrity, and confidentiality of personal data
Includes incidents that could lead to a personal data breach without safeguards in place
"Sensitivepersonalinformation" includes data:
1. About an individual's race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations
2. About an individual's health, education, genetic or sexual life, or any offense committed or alleged, proceedings, disposal, or court sentence
3. Issued by government agencies specific to an individual, like social security numbers, health records, licenses, and tax returns
4. Classified by executive order or act of Congress
RA 10173 has 72 sections
RA 10173 has how many rules?
14
Who signed RA 10173?
Sgd. Raymund E. Liboro
RA 10173 is also known as
Data Privacy Act of 2012
Rule I. Preliminary Provisions
Rule II
Scope of Application
Rule III
National Privacy Commission
Rule IV
Data Privacy Principles
Rule V.
Lawful Processing of Personal Data
Rule VI.
Security Measures for Protection of Personal Data
Rule VII. Security of Sensitive Personal Information in Government