data privacy act Flashcards
examples of breaches
- COMELeak
- Log-in procedure
- List of top students/passers
- Unsecure storage of patient
records - Online Lending
- Raffle
Impact of a Problematic Data Action
on Business
• Loss of reputation
• Loss of market share
• Legal liabilities
A n individual w h o s e P E R S O N A L
INFORMATION, SENSITIVE PERSONAL
INFORMATION, or PRIVILEGED
INFORMATION is being p r o c e s s e d
Data subject
Any o p e r a t i o n of a n y s e t of o p e r a t i o n s p e r f o r m e d
upon personal data including, but not limited to, the collection, recording, organization, storage,updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction o f d a t a .
Processing
R e f e r s t o a n a t u r a l or juridical
person, or a n y o t h e r b o d y w h o
controls t h e p r o c e s s i n g of
personal data, or instructs
a n o t h e r t o p r o c e s s p e r s o n a l d a t a
o n its behalf.
personal information control
Refers to a n y natural o r juridical
p e r s o n or any other b o d y to
w h o m a personal information
c o n t r o l l e r m a y o u t s o u r c e o r
instruct the processing of
p e r s o n a l d a t a pertaining t o a
d a t a subject.
it should not make use of personal
data for its own purpose.
P e r s o n a l i n f o r m a t i o n p r o c e s s o r
Any information from which the
identity of a n individual is a p p a r e n t
Any information that can be put
together with other information to
reasonably a n d directly identify a n
i n d i v i d u a l
personal information
• refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or
access to, personal data transmitted, stored, or otherwise processed.
Data Breach
An act protecting
individual personal information in information and communications systems in the
government and the private sector, creating for this purpose a National Privacy Commission, and for other purposes
Data privacy act of 2012
rights of data subject
- Right to INFORMATION
- Right to OBJECT
- Right to ACCESS
- Right to CORRECT
- Right to ERASE
- Right to DAMAGES
- Right to DATA PORTABILITY
- Right to FILE A COMPLAINT
Data privacy principle
TRANSPARENCY
LEGITIMATE PURPOSE
PROPORTIONALITY
A data subject must be aware of the nature, purpose, and extent of the processing of his or her personal data, including the risks and safeguards involved, the identity of personal information controller, his or her rights as a data subject, and how these can be exercised.
Any information and communication relating to the processing of personal data should be easy to access and understand, using clear and plain language.
principle of transparency
The processing of information shall be compatible with a declared and specified purpose, which must not be contrary to law, morals, or public policy.
principle of legitimate purpose
The processing of information shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose.
Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by other means.
principle of proportionality
resulting from loss, accidental or unlawful destruction of personal data;
availability breach
resulting from an alteration of personal data
integrity breach
resulting from the unauthorized disclosure of or access to personal data.
confidentiality breach
functions of data privacy act
• Rule Making
• Advisory
• Public Education
• Compliance & monitoring
• Complaints & investigation
• Enforcement
5 pillars of compliance
Commit to Comply:
Know Your Risks:
Be Accountable:
Demonstrate Your Compliance:
Be Prepared for Breach:
