Data Privacy Act Flashcards
Commission in the Data Privacy Act
National Privacy Commission
Any freely given, specific, informed indication of will.
Consent of data subject
Individual whose personal info is processed
Data subject
Any act of information relating to natural or judicial persons to the extent that set is structured so that specific information relating to a particular person is readily accessible
Filing system
System for generating, receiving, storing or processing electronic data messages or electronic documents
Information and Communication System
Person or organization who controls the collection, holding, processing or use of personal information
Personal information controller
Person or organization who controls the collection, holding, processing or use of personal information is not a PERSONAL INFORMATION CONTROLLER if:
- Performs functions as instructed by another person/organization
- Processes personal info in connection with personal family or household affairs
To whom a personal information controller may outsource the processing of personal data
Personal information processor
What is the scope of application of the Data Privacy Act?
- Processing of all types of personal info
- Any natural or juridical person involved in personal information processing
Data Privacy Act does not apply in the following cases:
- Info about any individual who is/was an officer of a government institution
- person performing service under contract for a government institution
- discretionary benefit of a financial nature
- personal info processed for journalistic, artistic, literary or research purposes
- info necessary to carry out functions of public authority
- info necessary for banks and other financial institutions
- personal info collected from residents of foreign jurisdictions
Does the Data Privacy Act have extraterritorial application? Does it apply to an act done or practice engaged in outside the Philippines?
Yes
What are the three data privacy principles under which processing of personal information is allowed?
- Principle of proportionality
- Principle of legitimate purpose
- Principle of transparency
Information from which the identity of an individual is apparent, can be reasonably or directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual
Personal information
Who must ensure implementation of personal information processing principles?
Personal information controller
What are considered privileged information?
- Attorney-client privileged info
- Doctor-patient privileged info
- Marital privileged communication
- Priest-confessor privileged info
What is included in SENSITIVE PERSONAL INFORMATION?
- race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations
- health, education, genetic or sexual life, proceedings for any offenses committed or alleged to have been committed, disposal of any proceedings, or the sentence of any court
- issued by government agencies peculiar to the individual (social security numbers, previous or current health records, licenses or its denials, suspension or revocation, tax returns)
- specifically established by an EO or act of Congress to be kept classified
Who is responsible for ensuring that proper safeguards are in place to ensure:
1. the confidentiality of the personal information processor
2. prevent its use for unauthorized purposes
3. comply with the requirements of the Data Privacy Act and other laws for the processing of personal information
Personal information controller
Identify if personal info, sensitive personal info or privileged info
Gender
Personal info
Identify if personal info, sensitive personal info or privileged info
School graduated from and date graduated
Sensitive personal info
Identify if personal info, sensitive personal info or privileged info
Laptop’s IP address
Personal info
Identify if personal info, sensitive personal info or privileged info
Email address
Personal info
Identify if personal info, sensitive personal info or privileged info
Bank account number
Sensitive personal info
Identify if personal info, sensitive personal info or privileged info
Home address
Personal info
Identify if personal info, sensitive personal info or privileged info
Income tax return
Sensitive personal info