Professional Documents
Culture Documents
Session 1 - Primer On DPA
Session 1 - Primer On DPA
WHAT IS PRIVACY?
▪ The ability of a person to maintain their
own physical space or solitude.
▪ Forms of Intrusion:
▪ unwelcome searches of a person’s home
or personal possessions;
▪ bodily searches or other interference;
▪ acts of surveillance, and;
▪ the taking of biometric information
PHYSICAL PRIVACY
▪ The ability of a person to:
o control
o edit
o manage
o delete information
o decide how and to what extent such
information is communicated to others.
INFORMATIONAL
PRIVACY
▪ An act protecting individual personal
information in information and
communications systems (ICS) in the
government and the private sector
NATIONAL PRIVACY
COMMISSION
KEY DEFINITIONS
▪ Any information from which the identity of an
individual is apparent or;
PERSONAL INFORMATION
▪ About an individual’s race, ethnic origin,
marital status, age, color, and religious,
philosophical or political affiliations;
PRIVILEGED INFORMATION
▪ any operation or any set of
operations performed upon
personal information
PROCESSING
▪ A person or organization who controls
the collection, holding, processing or
use of personal information.
▪ Also includes a person or organization
who instructs another person or
organization to collect, hold, process,
use, transfer or disclose personal
information on his or her behalf.
PERSONAL INFORMATION
CONTROLLER (PIC)
▪ Any natural or juridical
person to whom a PIC
may outsource the
processing of personal
data
PERSONAL INFORMATION
PROCESSOR (PIP)
▪ An individual whose personal
information is processed.
DATA SUBJECT
RIGHT TO:
▪ Information ▪ Erase
▪ Object ▪ Damages
▪ Access ▪ Data Portability
▪ Correct ▪ File A Complaint
TRANSPARENCY
▪ The processing of information shall be
compatible with a declared and
specified purpose
LEGITIMATE PURPOSE
▪ The processing of information shall be
adequate, relevant, suitable,
necessary, and not excessive in
relation to a declared and specified
purpose.
PROPORTIONALITY
DATA SHARING
▪ The disclosure or transfer to a third party
of personal data under the custody of a
personal information controller or
personal information processor
DATA SHARING
▪ CONTRACT, JOINT ISSUANCE or any
similar document that contains the
terms and conditions of a data sharing
arrangement between two or more
parties.
DATA SHARING
AGREEMENT (DSA)
▪ Purpose/s of data sharing
▪ Identity of Personal Information Controllers
(PICs)
▪ Term or duration (not exceed five (5)years)
▪ Overview of the Operational Details of the
sharing or transfer of personal data
▪ General description of security measures
CONTENTS OF A DSA
▪ How data subject may access the
DSA
▪ Specify the PIC responsible for
addressing information request
▪ Identify the method to secure RETURN,
DESTRUCTION or DISPOSAL of the
shared data and timeline
▪ Other terms and conditions
CONTENTS OF A DSA
OBLIGATIONS OF
PICS & PIPS
ADVISORIES CIRCULARS
ADVISORY 2017-01 Designation of Data CIRCULAR 17-01 Registration of Data
Protection Officers Processing Systems &
ADVISORY 2017-02 Access to Personal Notifications Regarding
Data Sheets of Automated Decision-
Government Making
Personnel CIRCULAR 16-01 Security of Personal
ADVISORY 2017-03 Privacy Impact Data in Government
Assessment Agencies
CIRCULAR 16-02 Data Sharing
Agreements Involving
Government Agencies
CIRCULAR 16-03 Personal Data Breach
OBLIGATIONS WHICH CIRCULAR 16-04
Management
Rules of Procedure of
MUST BE COMPLIED the Commission
FINES & PENALTIES
Temporary or
Compliance and Cease and Desist Permanent Ban on Payment of Fines
Enforcement Order Order the Processing of and/or Damages
Personal Data
Perpetual or
Deportation for Temporary Absolute
Imprisonment
Aliens Disqualification for
Public Officials
Appoint a
Data Protection Officer
(DPO)
▪ refers to an individual designated by
the head of agency or organization to
be accountable for its compliance
with the Act, its IRR, and other
issuances of the Commission
DATA PROTECTION
OFFICER (DPO)
KNOW YOUR RISK:
Conduct a
Privacy Impact Assessment
(PIA)
▪ is a process undertaken to
evaluate and manage the
impact of a program,
process and/or measure on
data privacy.
PRIVACY IMPACT
ASSESSMENT
BE ACCOUNTABLE:
Create your
Privacy Management
Program and Privacy
Manual
▪ refers to a process
intended to embed
privacy and data
protection in the strategic
framework and daily
operations of a PIC or PIP
Implement your
Privacy & Data Protection
(PDP) measures.
PDP MEASURES
1. Physical
2. Organizational
3. Technical Measures
BE PREPARED FOR BREACH:
BREACH MANAGEMENT
▪ Privacy is one of the higher valued rights of citizens
▪ Compliance with data privacy and data protection
regulations is considered as a competitive
advantage in business operations today.
▪ Compliance to the DPA is not a one-shot initiative but
a process.
IN CONCLUSION
ANY QUESTIONS?