Data Privacy Act Flashcards
“The
right to be let alone
privacy
“The obligations of those who receive
information in the context of an intimate
relationship to respect the privacy
interests of those to whom the data relate
and to safeguard that information
confidentiality
“The procedural and technical measures required to
(a)prevent unauthorized access, modification, use, and
dissemination of data stored or processed in a computer
system
(b)prevent any deliberate denial of service and
(c)to protect the system in its entirety from physical harm
security
“An Act protecting individual personal information and communications systems in then government and the private sector, creating for this purpose a National Privacy Commission, and for other purposes.
data privacy act of 2012 or republic act no. 10173
when was the data privacy act approved?
August 15 2012
data privacy act of 2012 is consists of?
9 chapters 45 sections
Operations performed upon personal information including the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data
data processing
information from which the
identity of an individual is
apparent or ascertained by the
entity holding the information
personal information
Person or organization
who controls the
collection, holding,
processing, or use of
personal information
personal information controller (PIC)
Any natural or juridical
person qualified to whom
the PIC may outsource the
processing of personal
data pertaining to a data
subject.
personal information processor (PIP)
what are the privacy principles of general data?
transparency
legitimate purposes
proportionality
Data subject s must
be aware of the
nature, purpose, and
extent o f the
processing of their
personal data.
transparency
The processing of
information shall be compatible with a
declared and specified purpose.
legitimate purposes
processing of information
shall be adequate, relevant,
suitable, necessary, and not excessive.
proportionality
what are the five pillar of compliance?
1 Data Protection Officer
2 Privacy Impact Assessment
3 Privacy management Program
4 Security Measures
5 Breach Management
Process undertaken and used to evaluate and manage privacy impacts for each program, process, or measure within the agency that involves personal data.
privacy impact assessment (PIA)
Serves to align everyone in the organization in the same direction
privacy management program
what are the implement security measures?
organizational
physical
technical
what are the preparation of breach?
confidentiality
integrity
availability
generating, sending, receiving, storing or otherwise processing
electronic data messages or electronic documents
information and communication system
computer system or other similar device by or which data is recorded, transmitted, or stored
information and communication system
any procedure related to the recording, transmission or storage of electronic data, electronic message, or electronic document
information and communication system
an individual whose personal information is processed
data subject
the processing of personal information shall be allowed, subject to compliance with the requirements of this Act and other laws allowing disclosure of information
General Data Privacy Principle
Name, Birthplace and Date, Address, Place of work, Gender, Contact Information, Citizenship
personal information
means that the data subject has the right to know when his or her personal data shall be, are being, or have been processed
right to be inform
involves being able to compel any entity possessing any personal data to provide the data subject with a description of such data in its possession, as well as the purposes for which they are to be or are being processed
right to access
consent of the data subject be secured in the collecting and processing of his or her data
right to object
grants the data subject the choice of refusing to consent,
as well as the choice to withdraw consent, as regards to
collection and processing
right to object
allows the data subject to suspend, withdraw or order the blocking, removal, and destruction of his or her personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes, or are no longer necessary for the purposes for which they were collected
right to erasure or blocking
allows the data subject to dispute any inaccuracy or error in the personal information processed, and to have the
personal information controller correct it immediately
right to rectify
enables the data subject to obtain and electronically move, copy, or transfer personal data for further use
right to data portability
with the National Privacy Commission affords a remedy to any data subject who “feels that [his or her] personal
information has been misused, maliciously disclosed, or improperly disposed,” or in case of any violation of his or
her data privacy rights
right to file a complaint
entitles the aggrieved data subject to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use
of his or her personal information
right to damages
Personal Information Controllers (and designated individuals are accountable for processing of personal information under their control or custody
principle of accountability
Race or ethnicity, Marital Status, Religion, Health Information, Educational Attainment, Criminal Offense History
sensitive personal information (SPI)
made primarily responsible for compliance with the security requirements set by the Data Privacy Act
Heads of Agencies (DICT and NPC)
the authority to monitor compliance and
recommend to the agency the necessary action to comply with the minimum standards
National Privacy Commission NPC
it is required before a government
employee may be able to access these sensitive personal information
security clearance