10173

Cards (78)

  • Data subject: an individual whose personal, sensitive personal, or privileged information is processed
  • Data processing systems: the structure and procedure by which personal data is collected and further processed in an information and communications system or relevant filing system, including the purpose and intended output of the processing
  • Data sharing: the disclosure or transfer to a third party of personal data under the custody of a personal information controller or personal information processor
  • Direct marketing: communication by any means of advertising or marketing material directed to particular individuals
  • Filing system: any set of information relating to natural or juridical persons that is structured in a way that specific information relating to a particular individual is readily accessible
  • Information and communications system: a system for generating, sending, receiving, storing, or processing electronic data messages or electronic documents
  • Personal data: all types of personal information
  • Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed
  • “Act” refers to Republic Act No. 10173, also known as the Data Privacy Act of 2012
  • “Commission” refers to the National Privacy Commission
  • “Consent of the data subject” refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged information
  • Consent shall be evidenced by written, electronic or recorded means
  • Consent may also be given on behalf of a data subject by a lawful representative or an agent specifically authorized by the data subject to do so
  • "Personal information" is any information from which the identity of an individual can be directly or reasonably ascertained
  • "Personal information controller" is a person or entity that controls the processing of personal data or instructs another to process it on its behalf
  • "Personal information processor" is a person or entity to whom a personal information controller may outsource the processing of personal data
  • "Processing" includes operations like collection, recording, organization, storage, updating, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data, whether done manually or through automated means
  • "Profiling" is automated processing of personal data to evaluate personal aspects related to a natural person, such as work performance, economic situation, health, personal preferences, interests, behavior, location, or movements
  • "Privileged information" refers to any data that, under the Rules of Court and other laws, is considered privileged communication
  • "Public authority" refers to a government entity created by the Constitution or law, with law enforcement or regulatory authority and functions
  • "Security incident" is an event affecting data protection or compromising the availability, integrity, and confidentiality of personal data
    • Includes incidents that could lead to a personal data breach without safeguards in place
  • "Sensitive personal information" includes data:
    1. About an individual's race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations
    2. About an individual's health, education, genetic or sexual life, or any offense committed or alleged, proceedings, disposal, or court sentence
    3. Issued by government agencies specific to an individual, like social security numbers, health records, licenses, and tax returns
    4. Classified by executive order or act of Congress
  • RA 10173 has 72 sections
  • RA 10173 has how many rules?
    14
  • Who signed RA 10173?
    Sgd. Raymund E. Liboro
  • RA 10173 is also known as
    Data Privacy Act of 2012
  • Rule I. Preliminary Provisions
  • Rule II
    Scope of Application
  • Rule III
    National Privacy Commission
  • Rule IV
    Data Privacy Principles
  • Rule V.
    Lawful Processing of Personal Data
  • Rule VI.
    Security Measures for Protection of Personal Data
  • Rule VII. Security of Sensitive Personal Information in Government
  • Rule 8
    Rights of data subject
  • Rule 9
    Data breach notification
  • Rule 10
    Outsourcing and subcontracting agreements
  • Rule 11
    Registration and compliance requirements
  • Rule 12. Rules on accountability
  • Rule 13
    Penalties
  • Rule 14
    Miscellaneous provisions