Scribd Logo
Upload

Welcome to Scribd!

  • 472 views

    Data Privacy Act of 2012" (R. A. No. 10173) and Its Implementing Rules and Regulations (IRR)

    Uploaded by

    Mayverii
    The document summarizes key aspects of the Data Privacy Act of 2012 in the Philippines, including its objectives, coverage, key concepts, exceptions, and enforcement. The Act's objectives are to safeguard privacy while ensuring free flow of information, and to regulate collection and processing of personal data. It applies broadly to any natural or juridical person processing personal data in or outside the Philippines. The National Privacy Commission is mandated to administer and ensure compliance with the Act and international privacy standards.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Data Privacy Act of 2012" (R. A. No. 10173) and Its Implementing Rules and Regulations (IRR)

    Uploaded by

    Mayverii
    472 views22 pages
    The document summarizes key aspects of the Data Privacy Act of 2012 in the Philippines, including its objectives, coverage, key concepts, exceptions, and enforcement. The Act's objectives are to safeguard privacy while ensuring free flow of information, and to regulate collection and processing of personal data. It applies broadly to any natural or juridical person processing personal data in or outside the Philippines. The National Privacy Commission is mandated to administer and ensure compliance with the Act and international privacy standards.

    Original Description:

    Data Privacy Act

    Original Title

    05Sept2017_DataPrivacyAct (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document summarizes key aspects of the Data Privacy Act of 2012 in the Philippines, including its objectives, coverage, key concepts, exceptions, and enforcement. The Act's objectives are to safeguard privacy while ensuring free flow of information, and to regulate collection and processing of personal data. It applies broadly to any natural or juridical person processing personal data in or outside the Philippines. The National Privacy Commission is mandated to administer and ensure compliance with the Act and international privacy standards.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    472 views22 pages

    Data Privacy Act of 2012" (R. A. No. 10173) and Its Implementing Rules and Regulations (IRR)

    Uploaded by

    Mayverii
    The document summarizes key aspects of the Data Privacy Act of 2012 in the Philippines, including its objectives, coverage, key concepts, exceptions, and enforcement. The Act's objectives are to safeguard privacy while ensuring free flow of information, and to regulate collection and processing of personal data. It applies broadly to any natural or juridical person processing personal data in or outside the Philippines. The National Privacy Commission is mandated to administer and ensure compliance with the Act and international privacy standards.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 22
    At a glance
    Powered by AI
    The key takeaways are that the Data Privacy Act of 2012 aims to protect individual privacy and personal information while ensuring free flow of information. It establishes a National Privacy Commission and regulates how personal data is collected and processed.

    The objectives of the Data Privacy Act of 2012 are to safeguard the fundamental right to privacy, regulate how personal data is collected and processed, and ensure Philippines complies with international data protection standards.

    Personal information refers to any information that can identify an individual directly or indirectly, including information that when combined with other data can identify an individual. Sensitive personal information includes information about an individual's race, health, genetics, or criminal history.

    “Data Privacy Act of 2012”

    (R. A. No. 10173) and Its Implementing


    Rules and Regulations (IRR)
    Legal and Compliance Department
    05 September 2017
    Data Privacy Act (DPA) of 2012

    An Act protecting individual personal


    information and communication
    systems in the Government and the
    Private Sector, creating for this
    purpose a National Privacy
    Commission, and for other purposes.
    Objectives
    ❖ To safeguard the fundamental human right of every
    individual to privacy while ensuring free flow of
    information for innovation, growth, and national
    development;
    ❖ Regulates the collection, recording, organization,
    storage, updating or modification, retrieval,
    consultation, use, consolidation,blocking, erasure or
    destruction of personal data;
    ❖ Ensures that the Philippines complies with
    international standards set for data protection
    through National Privacy Commission (NPC).
    Coverage

    Data Privacy Act of 2012 applies to


    the processing of personal data by any
    natural and juridical person. This
    includes act done or practice engage
    in and outside the Philippines.
    KEY CONCEPTS

    Personal Information refers to any


    information, whether recorded in a material
    form or not, from which the identity of an
    individual is apparent of can be reasonably and
    directly ascertained by the entity holding the
    information, or when put together with other
    information would directly and certainly identify
    an individual. (R.A. 10173, Section 3.l)
    KEY CONCEPTS
    Sensitive Personal Information refers to
    personal information:

    1. About an individual’s race, ethnic origin, marital


    status, age, color, and religious, philosophical
    or political affiliations;
    2. About an individual’s health, education, genetic,
    or sexual life of a person, or to any proceeding
    for any offense committed or alleged to have
    been committed by such individual, the disposal
    of such proceedings, or the sentence of any
    court in such proceedings;
    3. Issued by government agencies peculiar to
    an individual which includes, but is not limited
    to, social security numbers, previous or
    current health records, licenses or its denials,
    suspension or revocation, and tax returns; and

    4. Specifically established by an executive


    order or an act of Congress to be kept
    classified. (R.A. 10173, Section 3.t)
    Exception (Special Cases)

    1. Information processed for purposes of allowing public


    access to information that fall within the matters of
    public concern;

    1. Personal information processed for journalistic,


    artistic or literary purpose, in order to uphold freedom
    of speech, of expression, or of the press, subject to
    requirements of other applicable law or regulations;
    Exception (Special Cases)

    3. Personal information that will be processes for


    research purpose, intended for a public benefit, subject
    to the requirements of applicable laws, regulations, or
    ethical standards;

    4. Information necessary in order to carry out the


    functions of public authority, in accordance with a
    constitutionally or statutorily mandated function
    pertaining to law enforcement or regulatory function,
    including the performance of the functions of the
    independent, central monetary authority, subject to
    restrictions provided by law.
    Exception (Special Cases)

    5. Information necessary for banks, other financial


    institutions under the jurisdiction of the independent,
    central monetary authority or Bangko Sentral ng Pilipinas,
    and other bodies authorized by law, to the extent
    necessary to comply with R.A. No. 9510 (Credit
    Information System Act), R.A. 9160 (Anti-Money
    Laundering Act).

    6. Personal information originally collected from residents


    of foreign jurisdictions in accordance with the laws of
    those foreign jurisdictions, including any applicable data
    privacy laws, which is being processed in the Philippines.
    Mandate

    The National Privacy Commission (NPC) is the


    body mandated to administer and implement
    this Act, and to monitor and ensure
    compliance with international standards set
    for personal data protection.
    NPC’s FIVE DATA PRIVACY GUIDELINES

    1. Appoint a DATA PROTECTION OFFICER


    (DPO)
    2. Conduct PRIVACY IMPACT ASSESSMENT
    (PIA)
    3. Create a PRIVACY MANAGEMENT
    PROGRAM (PMP)
    4. Implement Privacy and Data Protection
    measures
    5. Regularly Exercise Breach Reporting
    Procedures (BRP)
    Appointing a DATA PROTECTION
    OFFICER (DPO)

    Designating a DPO is the first essential step


    towards compliance. You cannot register your
    systems with the NPC unless you have a DPO.
    Conduct Privacy Impact Assessment

    Privacy Impact Assessment is a process


    undertaken and used by a government agency
    to evaluate and manage the impact of its
    program, process and/or measure on data
    privacy.
    Create Privacy Management Program

    Your PRIVACY MANAGEMENT PROGRAMS


    (PMP) serves to align everyone in the
    organization in the same direction, to
    facilitate compliance with the Data Privacy
    Act and issuances of the NPC, and to help your
    organization in mitigating the impact of a data
    breach.
    Implement Privacy and Data
    Protection measures

    The measures laid out in your privacy and data


    protection policies should not remain
    theoretical. They must continuously be
    assessed, reviewed and revise as necessary,
    while training must be regularly conducted.
    Regularly exercise your Breach
    Reporting Procedures

    Upon the discovery of a personal data breach,


    or reasonable suspicion thereof, it is
    important to conduct an initial assessment of
    the breach, to mitigate its impact, and to
    notify both the affected data subjects and the
    NPC within 72 hours of discovery.
    General Data Privacy Principles

    The processing of personal data shall be


    allowed, subject to compliance with the
    requirements of the Act and other laws allowing
    disclosure of information to the public, and
    adherence to the principles of transparency,
    legitimate purpose, and proportionality.
    Enforcement of the Data Privacy Act

    1. Registration of Personal Data Processing


    Systems operating in the country that
    involves accessing or requiring sensitive
    personal information of at least 1,000
    individuals;
    2. Notification of Automated Processing
    Operations where the processing becomes the
    sole basis of making decisions that would
    significantly affect the data subject;
    Enforcement of the Data Privacy Act

    3. Annual Report of the Summary of


    documented security incidents and personal
    data breaches;

    4. Compliance with other requirements that


    may be provided in other issuances of the
    Commission.
    Rules on Accountability

    Personal Information Controller (PIC) is


    responsible for any personal data under its
    control or custody, including information that
    have been outsourced or transferred to a PIP or
    third party for processing.

    PIC shall be accountable for complying with the


    requirements of this Act, these Rules and other
    issuances of the Commission.
    Penalties

    You might also like