Scribd Logo
Upload

Welcome to Scribd!

  • 4 views

    Privacy Act C Oracion

    Uploaded by

    razz.von.patting
    Privacy act ppt

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Privacy Act C Oracion

    Uploaded by

    razz.von.patting
    4 views30 pages
    Privacy act ppt

    Original Title

    PRIVACY-ACT-C-ORACION

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Privacy act ppt

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    4 views30 pages

    Privacy Act C Oracion

    Uploaded by

    razz.von.patting
    Privacy act ppt

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 30

    DATA PRIVACY ACT

    RANE D. RAMOS
    DATA PROTECTION OFFICER
    UNIVERSITY OF THE
    CORDILLERAS
    1. What is the
    Data Privacy
    Act?
    The Data Privacy Act, or R.A. No.
    10173, is the law that seeks to
    protect all forms of information, be
    it private, personal, or sensitive.
    The law applies to natural or
    juridical persons involved in the
    processing of personal information.
    2. What is the
    scope of the Data
    Privacy Act?
    It covers all persons involved in the
    processing of personal information,
    although these persons are not found
    or established in the Philippines,
    provided they use equipment located
    in the Philippines or they maintain an
    office, branch, or agency in the
    Philippines.
    3. What is
    personal
    information?
    Personal information refers to any
    information whether recorded in a
    material form or not, from which the
    identity of an individual is apparent or
    can be reasonably and directly
    ascertained by the entity holding the
    information, or when put together
    with other information would directly
    and certainly identify an individual.
    4. What is
    personal
    data?
    “Personal Data” is used when
    personal information, sensitive
    personal information, and privileged
    information are referred to
    collectively. On the other hand,
    personal information forms part of
    the broader concept of personal data.
    5. Who is
    a data
    subject?
    A data subject is an individual whose
    personal information is processed.
    6. What is
    processing of
    personal
    information?
    It refers to any operation or set of
    operations performed upon personal
    information including, but not limited
    to, the collection, recording,
    organization, storage, updating,
    modification, retrieval, consultation,
    use, consolidation, blocking, erasure,
    or destruction of data.
    7. What is
    privileged
    information?
    It refers to any and all forms of data which
    under the Rules of Court and other
    pertinent laws constitute privileged
    communication.
    Examples: Attorney-Client Privilege;
    Physician-Patient Privilege; Marital
    Privilege Rule
    8
    Is there a difference
    between personal
    information and sensitive
    personal information?
    YES

    Personal information refers to


    information that makes a person readily
    identifiable
    On the other hand, sensitive personal
    information refers to personal
    information:
    A) about an individual’s race, ethnic
    origin, marital status, age, color, as
    well as religious, philosophical, or
    political affiliations;
    B) about an individual’s health,
    education, genetic or sexual life, or any
    proceeding for any offense committed
    or alleged to have been committed by
    such an individual, the disposal of such
    proceedings, or the sentence of any
    C) issued by government agencies
    peculiar to an individual which
    includes, but not limited to, social
    security numbers, previous or current
    health records, licenses or its denials,
    suspension or revocation, and tax
    returns; and,
    D) specifically established by an
    executive order or an act of Congress
    to be kept classified.
    9
    What are the exceptions to
    the application of the Data
    Privacy Act?

    AMONG THE EXCEPTIONS ARE:

    A) information about any individual who


    is or was an officer or employee of a
    government institution that relates to his
    position or functions;
    B) Information about an individual who
    is or was performing service under
    contract for a government institution
    that relates to the services performed;
    C) information relating to any
    discretionary benefit of a financial
    nature such as the granting of a license
    or permit given by the government to
    an individual;
    D) personal information processed for
    journalistic, artistic, literary, or
    research purposes.
    10
    Are institutions required to
    appoint someone who should be
    responsible for ensuring
    compliance with the law?
    Yes. Under the Implementing Rules and
    Regulations of the Data Privacy Act, all
    institutions are required to appoint one
    or more than one Data Protection Officer
    (DPO), who should be accountable for
    ensuring compliance with the appropriate
    data protection laws and regulations.
    11
    How is privileged
    information and sensitive
    personal information
    treated by the Data
    Privacy Act?
    The processing of privileged information
    and sensitive personal information is
    prohibited by the law.
    12
    What are the instances when the
    processing of sensitive personal
    information and privileged
    information are allowed?
    A) The data subject has given consent
    before the processing. In the case of
    privileged information, all parties to the
    information have given their consent
    before the processing;
    B) The processing is necessary to protect
    the life and health of the data subject or
    another person; and the data subject is not
    C) The processing is necessary for
    purposes of medical treatment, is carried
    out by a medical practitioner or a medical
    treatment institution, and an adequate
    level of protection of personal information
    is ensured;
    D) The processing concerns such personal
    information as is necessary for the
    protection of lawful rights and interests of
    persons in court proceedings or when
    provided to government or public
    authority.
    13
    What is data privacy?

    Data privacy, also known as information


    privacy, is the necessity to preserve and
    protect any personal information,
    collected by any organization, from
    being accessed by a third party.
    14
    What data are included?

    Any personal data that could be


    sensitive or can be used maliciously by
    someone is included in data privacy. It
    includes:
    A) Online Privacy. It includes all
    personal data given out during online
    interactions;
    B) Financial Privacy. Any financial
    information shared online or offline is
    C) Medical Privacy. Details of medical
    treatment and history is privileged and
    cannot be disclosed to a third party.
    D) Residential and geographic
    records. Giving of address online can
    be a potential risk and needs protection
    from unauthorized access.
    E) Political Privacy. Political
    preferences should be privileged
    information.
    15
    The processing of
    personal data shall be
    allowed, subject to
    adherence to the
    principles of transparency,
    legitimate purpose, and
    proportionality. What do
    these principles mean?
    T R A N S PA R E N C Y

    The data subject must be aware of the nature,


    purpose, and extent of the processing of his
    or her personal data, including the risks and
    safeguards involved, the identity of personal
    information controller, his or her rights as a
    data subject, and how these can be exercised.
    Any information and communication relating
    to the processing of personal data should be
    easy to access and understand, using clear
    and plain language.
    L E G I T I M AT E P U R P O S E

    The processing of information


    shall be compatible with a
    declared and specified purpose
    which must not be contrary to
    law, morals, or public policy.
    PROPORTIONALITY

    The processing of information shall


    be adequate, relevant, suitable,
    necessary, and not excessive in
    relation to a declared and specified
    purpose. Personal data shall be
    processed only if the purpose of the
    processing could not reasonably be
    fulfilled by other means.
    16
    The collection, processing,
    and retention of personal
    data is said to be for
    legitimate purpose when:
    Data subject gives consent prior to the
    collection and processing of personal
    data.
    The data subject must be provided
    specific information regarding the
    purpose and extent of processing;
    Purpose should be determined and declared
    before, or as soon as reasonably practicable, after
    collection.
    Only personal data that is necessary and
    compatible with declared, specified, and
    legitimate purpose shall be collected.

    (Note: The data subject’s consent should be


    evidenced by written, electronic or recorded
    means.)
    17
    What are the rights of a
    data subject?

    Right to be Informed – the right to be


    informed in a timely manner by the PIC
    if his data have been compromised
    Right to Access – the right to know if
    an organization holds his data, and if
    so, the right to gain access to them
    Right to Object – the right to contest
    any unlawful processing of data
    against him
    Right to Rectify – the right to dispute
    and compel correction of inaccurate
    data a PIC has about him
    Right to Erasure and Blocking – the
    right to withdraw or order the removal
    or blocking of his personal data
    Right to Damages – the right to claim
    compensation arising from inaccurate
    or unauthorized use of personal data
    Right to Data Portability – right to
    electronically move, copy, or transfer
    his data in a secure manner for further
    use. It enables the free flow of his
    personal information in the internet
    according to his preference.
    END

    You might also like