Scribd
Upload
47 views14 pages

Overview of the Data Privacy Act

Data Privacy Act Laws & Professional Practice

Uploaded by

dransuu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
47 views14 pages

Overview of the Data Privacy Act

Data Privacy Act Laws & Professional Practice

Uploaded by

dransuu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

What is Data

Privacy Law
Let us know.

11:11PM
Republic Act
10173 – Data AN ACT PROTECTING INDIVIDUAL

Privacy Act PERSONAL INFORMATION IN


INFORMATION AND COMMUNICATIONS
SYSTEMS IN THE GOVERNMENT AND THE
PRIVATE SECTOR, CREATING FOR THIS
PURPOSE A NATIONAL PRIVACY
COMMISSION, AND FOR OTHER
PURPOSES.

Data privacy laws govern how companies


and the government handle the data of
their users and citizens, respectively.
These laws serve to protect the personal
data of people from being mishandled or
used in malicious or predatory ways.

Back to Agenda Page


enda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agen

Topics Covered
NEXT
Topic 3
The Data Privacy Act makes it mandatory
for all data collectors whether public or
private to protect the security, integrity
and confidentiality of all personal
information they collect. By doing this, we
Topic 1
help usher in a truly knowledge-driven
economy.’ The words of the principal
author of the Data Privacy Act, late Sen.
Edgardo Angara
Topic 4

Topic 2
enda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agen

Topics Covered

Topic 3
What is
personal
information Topic 1
It refers to any information
wheater recorder in a
material formula.
Topic 4

Topic 2
enda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agenda • Agen

Topics Covered

Topic 3
What is personal
Sensitive Information
This information can be Topic 1

share tovothes.However,
it has a risk and
consequences. Topic 4

Topic 2
What has the country
done to ensure
privacy and data
protection?

In 2012, the Philippines passed


Republic Act No. 10173 or the Data PREVIOUS
Privacy Act of 2012 (DPA) “to protect
the fundamental human right to
privacy of communication while
ensuring free flow of information to
promote innovation and growth [and]
the [State’s] inherent obligation to
ensure that personal information in
information and communications
systems in government and in the
private sector are secured and
protected”. . Back to Agenda Page
The DPA and its Implementing Rules and Regulations
(IRR) apply to all acts done or practices engaged in and
outside of the Philippines if: If the person, either an
What acts are individual or an institution, involved in the processing of

covered by personal data is located in the Philippines; The act or


practice Involves personal data of a Philippine citizen or
the DPA(Scope) Philippine resident; The processing of personal data is
done in the Philippines; or The act, practice or processing
of personal data is done by an entity with links to the
Philippines, subject to international law and comity.
“Personal data” refers to all types of personal
information. “Processing” is any operation/s performed
upon personal data. These operations include, but are not
limited to the collection, recording, organization, storage,
updating or modification, retrieval, consultation, use,
consolidation, blocking, erasure, or destruction of data.

Back to Agenda Page


ACCOUNTABILITY FOR
TRANSFER OF PERSONAL
INFORMATION
SEC. 21. Principle
of Accountability. SEC. 23. Requirements
Relating to Access by Agency
SEC. 22. Personnel to Sensitive Personal
Information.
Responsibility of
Heads of Agencies

SEC. 24. Applicability


to Government SEC. 25. Unauthorized
Contractors. Processing of Personal
Information and Sensitive
NEXT Personal Information
ACCOUNTABILITY FOR
TRANSFER OF PERSONAL
SEC. 26. Accessing INFORMATION
Personal Information and
Sensitive Personal SEC. 30. Concealment of
Information Due to Security Breaches Involving
Negligence Sensitive Personal Information

SEC. 29. Unauthorized


SEC. 27. Improper Disposal Access or Intentional
of Personal Information SEC. 31. Malicious
Breach.
and Sensitive Personal Disclosure.
Information.

SEC. 32. Unauthorized


Disclosure and
SEC. 28. Processing of Personal NEXT

Information and Sensitive SEC. 33. Combination


Personal Information for or Series of Acts
Unauthorized Purposes
Who implements the DPA?
The National Privacy Commission (NPC) is in charge of
administering and implementing the DPA. It is also tasked to
monitor and ensure compliance of the Philippines with
international standards for personal data protection. The
major functions of the NPC are as follows: Rule making.

Advisory Public education Compliance and Enforcement


monitoring
The NPC is the advisory body on The NPC shall launch initiatives The NPC is the advisory body on matters related to Complaints and “Personal information controller” is an
individual or institution, or any other body who
matters related to personal data to educate the public about data The body has compliance and monitoring functions
to ensure personal information controllers comply
investigations controls the processing of personal data, or
protection. privacy, data protection and fair instructs another to process personal data on
with the law. It is also tasked to manage the its behalf.
information rights and registration of personal data processing
responsibilities systems.personal data protection.

Back to Agenda Page


Registration Adoption of data protection
policies

Notification of automated
Brainstorm
How to processing operations
better!with
comply
Set a time limit
the Data
for yourself for
Privacy Act?
a more focused
Annual report
Creation of a data breach
brainstorming
session.
response team

Appointment of a Data Compliance with other


Protection Officer in charge requirements
What should you
do in the event
of a data
breach?
The law requires a data breach notification within 72
hours upon knowledge of the breach or reasonable belief
that it has occurred to the NPC and the data subject. The
notification is generally required when the breach
involves sensitive personal information or any other
information that may be used to enable identity fraud;
this information has been acquired by an unauthorized
person; and the acquisition is likely to give rise to a real
risk of serious harm to the affected data subject

Back to Agenda Page


What should you
do in the event
of a data
breach?
The NPC may investigate the breach, depending on its nature or if
there is a delay or failure to notify. Inquiries may include on-site
examination of systems and procedures. The Philippines has a
relatively young data privacy regime. The Data Privacy Act , as well as
RA No. 10175 or the Cybercrime Prevention Act, was only enacted in
2012, although some countries passed data protection laws as early as
the 70s. The Philippines’ regulatory body NPC was formally organized
only in 2016, which issued IRRs and circulars in the same year.
Nevertheless, the country is on its way to developing a stable
framework of privacy protection as technological innovations
liberalize information sharing.Need

Back to Agenda Page


Thank you!

You might also like