Data Privacy Act Flashcards
Personal Information Controller
Person or organization who controls the collection, holding, processing or use of personal information including a person or organization who instructs another person or organization to collect hold process use transfer or disclose personal information on his or her behalf
Information not applicable in Data Privact Aact
- Information about any individual who is or was an officer or employee of a government institution.
- Information about an individual who is or was performing service under contract for a government institution
- Information relation to any discretionary benefit of a financial nature
- Personal information processed for journalistic, artistic, literary or research purpose
- Information necessary in order to carry out the functions of public authority
- Information necessary for banks and other financial institution
- Personal information originally collected from residents of foreign jurisdictions
National Privacy Commission
Agency tasked by law to implement the provisions of the Data Privacy Act with administrative, quasi-judicial and quasi legislative powers and to monitor and ensure compliance of the country with international standards set for data protection
Organizational Structure of National Privacy Commission
Headed by a Privacy Commissioner who shall act as Chairman. Assisted by two deputy privacy commissioners. one for data processing systems & one for policies and planning
Term and Vacancy
Appointed by the President of the Philippines for the term of 3 years and may be reappointed for another term of 3 years
Qualifications of Commissioners
- 35 Years of Age
- Good Moral Character, unquestionable integrity and known probity; and
- Recognized expert in the field of information technology and data privacy
Data Privacy Principle
- Principle of Proportionality
- Principle of Legitimate Purpose
- Principle of Transparency
Principle of Proportionality
Processing of personal data shall be adequate, relevant, suitable, necessary and not excessive in relation to a declared and specified purpose.
Types of Personal Data
- Personal Information
- Sensitive Information
- Privileged Information
Personal Information
Information from which the identity of an individual:
1. Is apparent
2. Can be reasonably and directly ascertained by the entity holding the information
3. When put together with other information would be directly and certainly identify and individual
Privileged Information
Refers to any and all forms of data under the Rules of Court and other pertinent laws constitute privileged communication. Examples incude:
1. Attorney Client
2. Doctor Patient
3. Marital Privilege
4. Priest Confessor
Sensitive Personal Information
Personal Information about:
1. Race, ethnic origin, marital status, age, color, and any affiliation with politics religious or philosophical
2. Individual’s health, education, genetic, sexual life of a person
3. Issued by government agencies peculiar to an individual
4. Specifically established by an executive order or an act of Congress
Rights of a Data Subject
- Right to Informed Consent
- Right to Object
- Right to Withhold Consent
- Right to Access
- Right to Correction
- Right to Erasure
- Right to Damages
- Right to Data Portability
When should Notification be done when there is Data Breach
Within 72 hours upon knowledge of or the reasonable belief of PIC or PIP that breach has been occurred
Access by Agency Personnel to Sensitive Personal Information
- On-site and Online Access- employees must have security clearance
- Off-site Access- may not be transported or accessed from a location off government property unless a request for such transporation is submitted and approved by the head of agency
