concepts of data privacy Flashcards
About people and our sense
of being in control of others
access to ourselves or to
information about ourselves
with others
privacy
Treatment of identifiable,
private information that has
been disclosed to others;
confidentiality
privacy or confidentiality? state of being away from public attention
p
p or c, about individuals
p
p or c, state wherein info is kept secret
c
p or c, about info
c
p or c, personal choice
p
p or c, it is a right
p
p or c Restricts the public from
accessing personal date
p
p or c, professional obligation and agreement
c
p or c, Restricts unauthorized people
from accessing confidential
data
c
the most comprehensive of rights, and the right most valued by a free people
the right to be left alone
try to enumerate the legal aspect of right of privacy
Protection from unreasonable intrusion upon one’s isolation
Protection from appropriation of one’s name or likeness
Protection from unreasonable publicity given to one’s private life
Protection from publicity that unreasonably places one in a false
light before the public
protection from ________ upon one’s __________-
Protection from unreasonable intrusion upon one’s isolation
protection from _______ of one’s ___________
Protection from appropriation of one’s name or likeness
protection from ____________ given to one’s ________-
Protection from unreasonable publicity given to one’s private life
protection from ____________ that _______ places one in a ______ before the public
Protection from publicity that unreasonably places one in a false
light before the public
also known as ra 10173
data privacy act of 2012
also known as data privacy act of 2012
ra 10173
what year was Data privacy act acted into law
2012
when was national privacy commission formed?
march 2016
Implementing
rules and
Regulations
(IRRs) was
published
august 2016
IRRs came into
effect
(compy with all
provisions
except
registration
requirments)
sep 9, 2016
when did DPA comply with registration requirements?
sep 9 2017
enumerate key roles in data privacy act
- data subjects
- personal information controller
- personal information processor
- data protection officer
- National Privacy Commission
Refers to an individual whose, sensitive personal, or privileged information is processed personal
data subjects
– Controls the processing of personal data, or instructs another to process personal data on its behalf
personal information controller
Organization or individual whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject
personal information processor
Responsible for the overall management of compliance to DPA
data protection officer
Independent body mandated to administer and implement the DPA of 2012, and to monitor and ensure compliance of the country with international standards set for personal data protection
National Privacy Commission
enumerate the rights of data subject
right to be informed
right to object
right to access
right to data portability
right to correct (rectification)
right to erasure or blocking
right to file a complaint
right to damages
transmissibility of right
sec 34.a
right to be informed
what section: right to be informed
sec 34.a
what section: right to object
sec 34.b
sec 34.b
right to object
sec 34.c
right to access
what section: right to access
sec 34.c
what section: right to data portability
sec 36
sec 36
right to data portability
what section: right to correction (rectification)
sec 34.d
sec 34.e
right to erasure or blocking
what section: right to erasure or blocking
sec 34.e
sec 34.a.2
right to file a complaint
what section: right to file a complaint
sec 34.a.2
what section: right to damages
sec 34.f
sec 34. f
right to damages
what section: transmissibility of rights
sec 35
sec 35
transmissibility of rights
refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
personal information
mnemonics for personal data cycle
A - Acquisition
S - Storage
U - Use
T - Transfer
D - Detruction
retention/disposal of personal data lifecycle should be based on?
- Law
- Industry best pratice
- Business need
Transparency?
the consent regime
the consent regime?
transparency
A data subject must be aware of the nature, purpose, and extent of the
processing of his or her personal data, including the risks and safeguards involved, the identity of personal information controller, his or her rights as a data subject, and how these can be exercised.
principle of transparency
The processing of information shall be compatible with a declared and
specified purpose, which must not be contrary to law, morals, or public policy
principle of legitimate purpose
The processing of information shall be adequate, relevant, suitable,
necessary, and not excessive in relation to a declared and specified purpose.
principle of proportionality
enumerate the 3 principles
principle of transparency
principle of legitimate purpose
principle of proportionality
what are the five pillars of compliance?
- commit to comply: appoint a data protection officer
- know your risk: conduct a priacy impact assesment
- be accountable: create your won privacy management program or privacy manuals
- demonstrate your compliace: implement your privacy and data protections measure
- be prepared for breach regularly exercise you: regularly exercise your breach reporting procedrues
who said na data is more important than money
si dondi mapa
who said that competitors can copy ur products eklabush churvaness
damian mapa