Data Privacy Act of 2012 Overview

Data Privacy Act of 2012 Overview
Slide Note
Embed
Share

The Data Privacy Act of 2012, also known as Republic Act No. 10173, was enacted to regulate the processing of personal information in the Philippines. It outlines the rights of individuals regarding their personal data and imposes obligations on entities handling such information. The Act is administered by the National Privacy Commission and aligns the country with international data protection standards, ensuring fair and lawful processing of personal information.

  • Data Privacy Act
  • Personal Information
  • Republic Act 10173
  • Privacy Regulations
  • National Privacy Commission
tu_age
tu_age Follow

Uploaded on Mar 13, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. 1 DATA PRIVACY ACT OF 2012

  2. 2 DATA PRIVACY ACT OF 2012

  3. 3 DATA PRIVACY ACT OF 2012

  4. 4 DATA PRIVACY ACT OF 2012

  5. 5 DATA PRIVACY ACT OF 2012 Republic Act No. 10173 August 15, 2012 RIRR September 9, 2016 National Privacy Commission Mandated to administer and implement the provisions of the Act, and to monitor and ensure compliance of the country with international standards set for data protection

  6. 6 PERSONAL INFORMATION Any information that could be used to identify an individual Name or photograph of a person, his or her fingerprint, and identification cards and numbers

  7. 7 PERSONAL INFORMATION Collected for specified and legitimate purposes; Processed in a way compatible with such declared, specified and legitimate purposes only; Processed fairly and lawfully; Accurate, relevant and, where necessary for purposes for which it is to be used the processing of personal information, kept up to date; inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted;

  8. 8 PERSONAL INFORMATION Adequate and not excessive in relation to the purposes for which they are collected and processed; Retained only for as long as necessary for the fulfillment of the purposes Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed

  9. LAWFUL PROCESSING OF PERSONAL INFORMATION 9 With consent of data subject; Necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract; Necessary for compliance with a legal obligation to which the personal information controller is subject; Necessary to protect vitally important interests of the data subject, including life and health;

  10. LAWFUL PROCESSING OF PERSONAL INFORMATION 10 Necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate; or Necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution.

  11. 11 SENSITIVE PERSONAL INFORMATION individual s race ethnic origin marital status Age Color Religious, philosophical or political affiliations;

  12. 12 SENSITIVE PERSONAL INFORMATION Individual s health, Education genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;

  13. 13 SENSITIVE PERSONAL INFORMATION Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and Specifically established by an executive order or an act of Congress to be kept classified.

  14. 14 PRIVILEGED INFORMATION refers to any and all forms of data, which, under the Rules of Court and other pertinent laws constitute privileged communication

  15. SENSITIVE PERSONAL AND PRIVILEGED INFORMATION 15 Processed only if with consent of the data subject, or when specifically authorized by law.

  16. 16 PERSONAL VS SENSITIVE PERSONAL Does the difference between personal information and sensitive personal information matter?

  17. 17 PERSONAL VS SENSITIVE PERSONAL Yes. The law treats both kinds of personal information differently. Personal information may be processed, provided that the requirements of the Data Privacy Act are complied with. On the other hand, the processing of sensitive personal information is, in general, prohibited. The Data Privacy Act provides the specific cases where processing of sensitive personal information is allowed.

  18. PERSONAL INFORMATION CONTROLLER 18 refers to any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject

  19. 19 EXEMPTIONS EXEMPTIONS Information about any individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual

  20. 20 EXEMPTIONS EXEMPTIONS Information about an individual who is or was performing service under contract for a government institution that relates to the services performed, including the terms of the contract, and the name of the individual given in the course of the performance of those services

  21. 21 EXEMPTIONS EXEMPTIONS Information relating to any discretionary benefit of a financial nature such as the granting of a license or permit given by the government to an individual, including the name of the individual and the exact nature of the benefit

  22. 22 EXEMPTIONS EXEMPTIONS Personal information processed for journalistic, artistic, literary or research purposes

  23. 23 EXEMPTIONS EXEMPTIONS Necessary for processing of personal data for the performance by the independent, central monetary authority and law enforcement and regulatory agencies

  24. 24 EXEMPTIONS EXEMPTIONS Information necessary for banks and other financial institutions under the jurisdiction of the independent, central monetary authority or Bangko Sentral ng Pilipinas to comply with Republic Act No. 9510, and Republic Act No. 9160

  25. 25 EXEMPTIONS EXEMPTIONS Personal information originally collected from residents of foreign jurisdictions in accordance with the laws of those foreign jurisdictions, including any applicable data privacy laws, which is being processed in the Philippines

  26. 26 EXEMPTIONS EXEMPTIONS The Act does not mean that banks processing the information will be exempted from complying with the other obligations and requirements of DPA.

  27. 27 EXEMPTIONS EXEMPTIONS The Bank may process all the information necessary to comply with the requirements of the AMLA without asking for consents from data subjects BUT the Bank is prohibited to disclose without authority the same information to any third party outside those provided for in the AMLA

  28. 28 EXEMPTIONS EXEMPTIONS The Bank, as personal information controller, remains obligated to implement organizational, physical and technical security measures for personal data protection.

  29. 29 DATA PRIVACY PRINCIPLES Compliance with the requirements of the Act and other laws allowing disclosure of information to the public Adherence to the principles of transparency, legitimate purpose and proportionality

  30. 30 TRANSPARENCY Data subject must be aware nature, purpose, and extent of the processing of his/her personal data Including the RISKS and SAFEGUARDS involved, the IDENTITY of personal info controller, his/her RIGHTS as data subject, and how these can be exercised

  31. 31 LEGITIMATE PURPOSE Processing of info shall be compatible with a declared and specified purpose which must not be contrary to law, morals or public policy

  32. 32 PROPORTIONALITY Adequate, relevant, suitable, necessary and not excessive in relation to a declared and specified purpose

  33. 33 RIGHTS OF DATA SUBJECT Be informed Object Access Correct errors Erasure/blocking of personal data Data portability Damages

  34. 34 CONSENT Data subject agrees to the collection and processing of his/her personal or sensitive personal information

  35. 35 CONSENT Freely given, specific and proceeds from being informed of: purpose, nature and extent; period or conditions when consent is effective or info on how consent can be withdrawn

  36. 36 CONSENT Evidence by a written, electronic or recorded means

  37. ORGANIZATIONAL, PHYSICAL AND TECHNICAL SECURITY MEASURES 37 Duty of implementing proper safeguards to uphold the right to information privacy Does not process except upon instructions or as required by law

  38. ORGANIZATIONAL SECURITY MEASURES 38 designation of an individual or individuals accountable for the compliance with the Data Privacy Act, developing data privacy policies, capacity building for human resource, and procedures for personal data breach management

  39. 39 PHYSICAL SECURITY MEASURES limiting physical access to workstations and ensuring that the data processing systems will be secured against natural disasters, power disturbances, external access, and other similar threats

  40. 40 TECHNICAL SECURITY MEASURES measures intended to maintain the confidentiality, integrity, availability, and safeguards to protect computer networks, regular monitoring for security breaches and a process for regularly testing, assessing, and evaluating the effectiveness of security measures

  41. 41 Are companies required to appoint someone who should be responsible for ensuring compliance with the data privacy act?

  42. 42 DATA PROTECTION OFFICER legal requirement for personal information controllers (PICs) and personal information processors (PIPs), under the Data Privacy Act of 2012 DPOs will be accountable for ensuring compliance with applicable laws and regulations relating to data protection and privacy.

  43. 43 DATA PROTECTION OFFICER must be independent in the performance of his/her functions, and should be accorded a significant degree of autonomy. monitor the Bank s compliance with the DPA, its IRR, issuances by the NPC and other applicable laws and policies ensure the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems of the Bank

  44. 44 DATA PROTECTION OFFICER advise the Bank regarding complaints and/or the exercise by data subjects ensure proper data breach and security incident management by the Bank, including the latter s preparation and submission to the NPC of reports and other documentation concerning security incidents or data breaches within the prescribed period

  45. 45 DATA PROTECTION OFFICER inform and cultivate awareness on privacy and data protection within the organization, including all relevant laws, rules and regulations and issuances of the NPC advocate for the development, review and/or revision of policies, guidelines, projects and/or programs of the Bank relating to privacy and data protection, by adopting a privacy by design approach

  46. 46 DATA PROTECTION OFFICER serve as the contact person of the Bank vis- -vis data subjects, the NPC and other authorities in all matters concerning data privacy or security issues or concerns and the Bank cooperate, coordinate and seek advice of the NPC regarding matters concerning data privacy and security

  47. 47 DATA PROTECTION OFFICER perform other duties and tasks that may be assigned by the Bank that will further the interest of data privacy and security and uphold the rights of the data subjects

  48. 48 DATA BREACH NOTIFICATION NPC and affected data subjects shall be notified by the Bank within 72 hours upon knowledge of, or when there is a reasonable belief by the Bank that a personal data breach requiring notification has occurred.

  49. 49 DATA BREACH NOTIFICATION Notification is required: When sensitive personal information or any other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject.

  50. 50 DATA BREACH NOTIFICATION Contents: Nature Personal data Measures taken by the Bank to address breach Measures taken to reduce harm or negative consequences of the breach

Related


Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

lillia
Privacy in Information Security Training

Privacy in Information Security Training

lillia
NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care

NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care

haley
Privacy-Preserving Analysis of Graph Structures

Privacy-Preserving Analysis of Graph Structures

bilal
FMCSA Privacy Awareness Training Overview for 2022

FMCSA Privacy Awareness Training Overview for 2022

natan
Data Privacy Laws and Regulations in Saudi Arabia

Data Privacy Laws and Regulations in Saudi Arabia

twyla
Breach of Confidence and Privacy Rights in English Law

Breach of Confidence and Privacy Rights in English Law

teodor
Privacy Considerations in Data Management for Data Science Lecture

Privacy Considerations in Data Management for Data Science Lecture

maen728
Data Privacy in Sharing Sensitive Information

Data Privacy in Sharing Sensitive Information

vaid_955
Privacy and Data Protection in the Digital Age

Privacy and Data Protection in the Digital Age

smer
The Privacy Paradox: Attitudes vs. Behaviors

The Privacy Paradox: Attitudes vs. Behaviors

clai_evi
Kansas Student Data Privacy Legislation Overview

Kansas Student Data Privacy Legislation Overview

herme
Big Data and Privacy Issues in Today's Society

Big Data and Privacy Issues in Today's Society

mpaul
Privacy Rights in Europe: A Comprehensive Overview

Privacy Rights in Europe: A Comprehensive Overview

jesu_26
Breach of Confidence and Privacy Rights in Legal Context

Breach of Confidence and Privacy Rights in Legal Context

harmo
Data Privacy Best Practices Training for Libraries

Data Privacy Best Practices Training for Libraries

teo_nah
Enhancing Online Patron Privacy in Library Websites

Enhancing Online Patron Privacy in Library Websites

weld852
Student Privacy Laws and Best Practices in Education Sector

Student Privacy Laws and Best Practices in Education Sector

nam_e
Privacy Awareness Week 2017: Understanding the Australian Privacy Act

Privacy Awareness Week 2017: Understanding the Australian Privacy Act

saan296
The Challenges of Protecting Privacy with Differential Privacy

The Challenges of Protecting Privacy with Differential Privacy

rashiqu
On Distributed Differential Privacy and Counting Distinct Elements

On Distributed Differential Privacy and Counting Distinct Elements

dam_don
COE 526 Differential Privacy Lecture 7 Highlights

COE 526 Differential Privacy Lecture 7 Highlights

mbogn

More Related Content