LIVING IN THE I.T. ERA WEEK 11-12 Part 2

Question 1

It refers to an individual whose personal information is processed.

Answer 1

Data Subject

Question 2

It refers to any information from which the identity of an individual can be reasonably and directly identified by the entity holding that information

Answer 2

Personal Information

Question 3

It refers to a person or organization who controls the collection holding processing or use of personal information.

Answer 3

Personal Information
Controller

Question 4

It is a law that seeks to protect all forms of information, be it private, personal, or sensitive. It is meant to cover both natural and juridical persons involved in the processing of personal information.

Answer 4

Republic Act No. 10173, otherwise known as the Data Privacy Act

Question 5

Under RA10173, people whose personal information is collected, stored, and processed are called __________. Organizations that deal with your personal details, whereabouts, and preferences are dutybound to observe and respect your data privacy rights.

Answer 5

Data subjects

Question 6

8 Data Privacy Rights

Answer 6

• The right to be informed
• The right to access
• The right to object
• The right to erasure or blocking
• The right to damages
• The right to file a complaint
• The right to rectify
• The right to data portability

Question 7

Under R.A. 10173, your personal data is treated almost literally in the same way as your own personal property. Thus, it should never be collected, processed and stored by any organization without your explicit consent, unless otherwise provided by law.

Answer 7

The right to be informed

Question 8

Information controllers usually solicit your consent through a consent form. Aside from protecting you against unfair means of personal data collection, this right also requires personal information controllers (PICs) to notify you if your data have been compromised, in a timely manner.

Answer 8

The right to be informed

Question 9

As a data subject, you have the right to be informed that your personal data will be, are being, or were, collected and processed.

Answer 9

The right to be informed

Question 10

The Right to be Informed is a most basic right as it empowers you as a data subject to consider other actions to protect your data privacy and assert your other privacy rights.

Answer 10

The right to be informed

Question 11

This is your right to find out whether an organization holds any personal data about you and if so, gain “reasonable access” to them. Through this right, you may also ask them to provide you with a written description of the kind of information they have about you as well as their purpose/s for holding them.

Answer 11

The right to access

Question 12

Under the Data Privacy Act of 2012, you have a right to obtain from an organization a copy of any information relating to you that they have on their computer database and/or manual filing system.

Answer 12

The right to access

Question 13

You may demand to access the following:
* The contents of your personal data that were processed.
* The sources from which they were obtained.
* Names and addresses of the recipients of your data.
* Manner by which they were processed.
* Reasons for disclosure to recipients, if there were any.
* Information on automated systems where your data is or
may be available, and how it may affect you.
* Date when your data was last accessed and modified
* The identity and address of the personal information
controller.

Answer 13

The right to access

Question 14

You can exercise your right to object if the personal data processing involved is based on consent or on legitimate interest. When you object or withhold your consent, the PIC should no longer process the personal data, unless the processing is pursuant to a subpoena, for obvious purposes (contract, employeremployee relationship, etc.) or a result of a legal obligation.

Answer 14

The right to object

Question 15

In case there is any change or amendment to the information previously given to you, you should be notified and given an opportunity to withhold consent.

Answer 15

The right to object

Question 16

Under the law, you have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data.

You can exercise this right upon discovery and substantial proof of the following:
1. Your personal data is incomplete, outdated, false, or unlawfully obtained.

2. It is being used for purposes you did not authorize.
3. The data is no longer necessary for the purposes for which they were collected.
4. You decided to withdraw consent, or you object to its processing and there is no overriding legal ground for its processing.
5. The data concerns information prejudicial to the data subject — unless justified by freedom of speech, of expression, or of the press; or otherwise authorized (by court of law)
6. The processing is unlawful.
7. The personal information controller, or the personal information processor, violated your rights as data subject.

Answer 16

The right to erasure or blocking

Question 17

You may claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, considering any violation of your rights and freedoms as data subject.

Answer 17

The right to damages

Question 18

If you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated, you have a right to file a complaint with the National Privacy Commission (NPC).

Answer 18

The right to file a complaint

Question 19

You have the right to dispute and have corrected any inaccuracy or error in the data a personal information controller (PIC) hold about you. The PIC should act on it immediately and accordingly, unless the request is vexatious or unreasonable. Once corrected, the PIC should ensure that your access and receipt of both new and retracted information. PICs should also furnish third parties with said information, should you request it.

Answer 19

The right to rectify

Question 20

This right assures that YOU remain in full control of YOUR data. Data portability allows you to obtain and electronically move, copy or transfer your data in a secure manner, for further use. It enables the free flow of your personal information across the internet and organizations, according to your preference. This is important especially now that several organizations and services can reuse the same data.

Answer 20

The right to data portability

Question 21

Data portability allows you to manage your personal data in your private device, and to transmit your data from one personal information controller to another. As such, it promotes competition that fosters better services for the public.

Answer 21

The right to data portability

Question 22

The provisions of the law regarding transmissibility of rights and the right to data portability will not apply if the processed personal data are used only for the needs of scientific and statistical research and, based on such, no activities are carried out and no decisions are taken regarding the data subject. There should also be an assurance that the personal data will be held under strict confidentiality and used only for the declared purpose.

Answer 22

Limitations on Rights