RA 10173 Flashcards
• to protect the fundamental human right of privacy of communication while ensuring free flow of information to promote innovation and growth
RA 10173
to ensure that personal information in information and communication system in the government and in the private sector are scured and protected
RA 10173
• administer and implements the provisions of this Act
National Privacy Commission
• monitors and ensures compliance of the county with international standards set for data protection
National Privacy Commission
National Privacy Commission attached to the
Department of Information and
Communications Technology
National privacy commission headed by a_______ (also acts as the Chairman)
Privacy Commissioner
Privacy Commissioner (also acts as the Chairman)
Assisted by_______
(1 for______, 1 for______)
2 deputy Privacy Commissioners
Data Processing System
Policies and Planning
Privacy Commissioner
— at least ________ years of age
— (3)
— recognized expert in the field of _____ and _____
— Term:____ years, may be reappointed for another___ years
— Same rank with a______
thirty-five (35)
good moral character, unquestionable integrity and known probity
information technology and data privacy
3 years
Department Secretary
- at least thirty-five (35) years of age
- good moral character, unquestionable integrity and known probity
- recognized expert in the field of information technology and data privacy
- Term: 3 years, may be reappointed for another 3 years
- Same rank with a Department Secretary Salary Grade - range of salary
Privacy Commissioner
Deputy Privacy Commissioner
- must be recognized experts in the field of_____ and _____
- Term:___ years, ay be reappointed for another ___ years
- Same rank with a_______
information and communication technology and data privacy
3 years
Department Undersecretary
- must be recognized experts in the field of information and communication technology and data privacy
- Term: 3 years, ay be reappointed for another 3 years
- Same rank with a Department Undersecretary
Deputy Privacy Commissioner
• data subject must be aware of the nature, purpose, and extent of the processing of his or her personal data
Transparency
Transparency
data subject must be aware of the____,____,and____ of the processing of his or her personal data
nature, purpose, and extent
• compatible with a declared and specified purpose
Legitimate Purpose
Legitimate Purpose
• compatible with a_____ and _____
declared and specified purpose
• adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose
Proportionality
• any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information or when put together with other information would directly and certainly identify and individual
Personal Information
the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information
Personal information
when put together with other information would directly and certainly identify and individual
Personal information
• an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations
Sensitive Personal Information
• an individual’s health, education, genetic or sexual life, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings
Sensitive Personal Information
• social security numbers, previous or current health records, licenses or its denials, suspension or revocation and tax returns
Sensitive personal information
sexual preference and orientation, genetic information
Sensitive information
health records and licenses
Sensitive information
• Be informed
• Reasonable access
• Dispute the inaccuracy or error in the personal information
• Suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s filling system
• Be indemnified for any damages sustained
• Transmissibility
• Data portability
Rights of the Data Subject
Rights of the Data Subject
• Be_____
• Reasonable____
• Dispute the_____ or _____ in the personal information
• Suspend, withdraw or order the ____,____, or _____of his or her personal information from the personal information controller’s filling system
• Be indemnified for any____ sustained
• T_____
• Data_____
informed
access
inaccuracy or error
blocking, removal or destruction
damages
Transmissibility
portability
RA 10173
Approved on ______ by______
August 15, 2012
Benigno Aquino lll
To administer and implement the provisions of this Act, and to monitor and ensure compliance of the country with international standards set for data protection
Functions of the National Privacy Commission
The Commission shall ensure at all times the_____ of any personal information that comes to its knowledge and possession.
confidentiality
The Commission shall be attached to the ______and shall be headed by a____, who shall also act as Chairman of the Commission.
The Privacy Commissioner shall be assisted by two (2)______, one to be responsible for _____and one to be responsible for______.
Department of Information and Communications Technology (DICT)
Privacy Commissioner
Deputy Privacy Commissioners
Data Processing Systems
Policies and Planning
General Data Privacy Principles. – The processing of personal information shall be allowed, subject to compliance with the requirements of this Act and other laws allowing disclosure of information to the public and adherence to the principles of (3)
transparency
legitimate purpose
proportionality
The data subject must be aware of the nature, purpose, and extent of the processing of his or her personal data, including the risks and safeguards involved, the identity of personal information controller, his or her rights as a data subject, and how these can be exercised.
Transparency
The processing of information shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy.
Legitimate purpose
The processing of information shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose. Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by other means.
Proportionality
Any personal information controller or personal information processor or any of its official, employees or agents, who, with malice or in bad faith, discloses unwarranted or false information relative to any personal information or personal sensitive information obtained by him or her, shall be subject to imprisonment ranging from one (1) year and six (6) months to Hve (5) years and a Hne of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00).
Malicious Disclosure
(a) Any personal information controller or personal information processor or any of its o4cials, employees or agents, who discloses to a third party personal information not covered by the immediately preceding section without the consent of the data subject, shall he subject to imprisonment ranging from one (1) year to three (3) years and a Hne of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00).
Unauthorized Disclosure
It is committed when a person, with malice or in bad faith, discloses unwarranted or false information relative to personal information or personal sensitive information obtained by him
Malicious disclosure
is the communication or physical transfer of classified or CUI to an unauthorized recipient.
Unauthorized Disclosure
