Data Privacy Act
Cards (6)
- DPA is not applicable when personal information is processed for journalistic, artistic, literary, or research purposes.
- The general data privacy principles are transparency, legitimate purpose, and proportionality.
- Any criminal violation of the DPA shall be considered large-scale when the personal information of at least 100 persons is harmed, affected, or involved.
- The rules on rights, its transmissibility, and portability are not applicable to processing of personal information gathered for the purpose of investigations in relation to any criminal, administrative or tax liabilities of a data subject.
- Personal data breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
- The National Privacy Commission and affected data subjects shall be notified by the personal information controller within seventy-two (72) hours upon knowledge of, or when there is reasonable belief by the personal information controller or personal information processor that, a personal data breach requiring notification has occurred.