data privacy act

avatar
Created by
Maria Monce Valenciano

Cards (33)

  • What is more important, Data or Money?
    Data is more valuable than money. If someone takes you money, that's all they have. If you let someone take your data, they may eventually take your money too!
  • Republic Act 10173 or Data Privacy Act of 2012
    Data Privacy Act of the Philippines
  • An interaction between two parties in which the law recognizes a private, protected relationship. Whatever is communicated between the two parties must remain confidential, and the law cannot force their disclosure. Even disclosure by one of the parties comes with legal limitations.
  • Privileged information
    Refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.
  • Data subject
    Refers to an individual whose personal information is processed.
  • Personal information controller
    Refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf. The term excludes: (1) A person or organization who performs such functions as instructed by another person or organization; and (2) An individual who collects, holds, processes or uses personal information in connection with the individual's personal, family or household affairs.
  • Sensitive personal information
    Refers to data that, if exposed or misused, could result in harm, embarrassment, or discrimination to the individual concerned. This type of information typically includes details about an individual's race or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health information, or sexual orientation.
  • Data encryption
    Translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it. Encrypted data is commonly referred to as ciphertext, while unencrypted data is called plaintext.
  • General Data Privacy Principles
    • Transparency
    • Legitimate purpose
    • Proportionality
  • Transparency
    The data subject must be aware of the nature, purpose and extent of the processing of his or her personal data, including the risks and safeguards involved, the identity of personal information controller, his or her rights as data subject, and how these can be exercised.
  • Legitimate purpose
    Process of information shall be compatible with a declared and specified purpose which must not be contrary to law, morals and public policy.
  • Proportionality
    Processing of information shall be adequate, relevant, suitable, necessary and not excessive in relation to a declared and specified purpose. Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by other means.
  • General Data Privacy Principles
    • Collected for specified and legitimate purposes
    • Processed fairly and lawfully
    • Accurate, relevant and kept up to date
    • Adequate and not excessive
    • Retained only for as long as necessary
    • Kept in a form which permits identification of data subjects for no longer than is necessary
  • Criteria for Lawful Processing of Personal Information
    • The data subject has given his or her consent
    • The processing is necessary and related to the fulfillment of a contract with the data subject or to take steps at the request of the data subject prior to entering into a contract
    • The processing is necessary for compliance with a legal obligation
    • The processing is necessary to protect vitally important interests of the data subject, including life and health
    • The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority
    • The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party
  • Exceptions to the prohibition on processing of sensitive personal information and privileged information
    • The data subject has given his or her consent, specific to the purpose prior to the processing
    • The processing is provided for by existing laws and regulations
    • The processing is necessary to protect the life and health of the data subject or another person
    • The processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations
    • The processing is necessary for purposes of medical treatment
    • The processing concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings
  • A personal information controller may subcontract the processing of personal information, but the personal information controller shall be responsible for ensuring proper safeguards are in place.
  • Personal information controllers may invoke the principle of privileged communication over privileged information that they lawfully control or process. Subject to existing laws and regulations, any evidence gathered on privileged information is inadmissible.
  • Rights of the Data Subject
    • Be informed whether personal information pertaining to him or her shall be, are being or have been processed
    • Be furnished the information
  • Personal information processor
    Responsible for ensuring proper safeguards are in place to ensure confidentiality of personal information, prevent unauthorized use, and comply with legal requirements
  • Personal information processors shall comply with all requirements of the Act and other applicable laws
  • Privileged communication
    Personal information controllers may invoke principle over privileged information they lawfully control or process
  • Evidence gathered on privileged information is inadmissible, subject to existing laws and regulations
  • Rights of the data subject
    • Be informed whether personal information pertaining to them is being processed
    • Be furnished information about the processing before entry into the system or at next practical opportunity
    • Object to the processing of their personal data
    • Access the contents of their personal data and information about the processing
    • Rectify inaccuracies or errors in their personal data
    • Erase or block their personal data in certain circumstances
  • Lawful heirs and assigns of the data subject may invoke the rights of the data subject after their death or incapacitation
  • Right to data portability
    Data subject can obtain a copy of their data being processed in an electronic or structured format
  • Certain rights do not apply to processing of personal information for scientific/statistical research or investigations related to criminal, administrative or tax liabilities
  • Security measures for personal information
    • Organizational (e.g. security policies, vulnerability management, security breach monitoring)
    • Physical (e.g. access control, disposal of media, securing against natural disasters)
    • Technical (e.g. network security, encryption)
  • Personal information controllers must ensure third parties processing personal information on their behalf implement required security measures
  • Employees, agents or representatives of personal information controllers must maintain strict confidentiality of personal information
  • Personal information controllers must promptly notify the Commission and affected data subjects of security breaches involving sensitive personal information
  • Netiquette
    Internet Etiquette
  • Netiquette rules and guidelines
    • Avoid posting inflammatory or offensive comments online (a.k.a. flamming)
    • Respect other's privacy by not sharing personal information, photos, or videos that another person may not want published online
    • Never spam others by sending large amounts of unsolicited email
    • Show good sportsmanship when playing online games, whether you win or lose
    • Don't troll people in web forums or websites comments by repeatedly nagging or annoying them
    • Stick to the topic when posting in online forums or when commenting on photos or videos such as YouTube or Facebook comments
  • 10 Netiquette guidelines for online students
    • No yelling, please
    • Sarcasm can and (will) backfire
    • Don't abuse the chat box
    • Attempt to find your own answer
    • Stop.... Grammar time!
    • Set a respectful tone
    • Submit files the right way
    • Read first
    • Think before you type
    • Be kind and professional