Professional Documents
Culture Documents
Bioethics LE Wk11-14
Bioethics LE Wk11-14
BUENA.FETILUNA.MONTERO.FRANCISCO.MORRE.JESENA.KUIZON.TUICO.TECSONK | BSN 2C
WHEN CAN CONFIDENTIALITY BE LEGALLY
Right to Privacy Zone of Privacy
BROKEN?
- When a patient is endangering himself/herself - Generic concept - Described by
or when he/she possesses a threat to the encompassing a Justice Douglas
safety of the people around him. variety of rights - Forbade
thought to be governmental
necessary for intrusion into the
TARASOFF CASE
ordered democracy homes and lives of
A famous case involving a psychiatric patient, citizens
Prosenjit Poddar, who told his doctor that he intends
to kill a woman named Tatiana. When the doctor knew
of this, he admitted the patient for 72 hours for This constitutional recognition of a right to privacy and
observation. However, the patient convinced the self determination formed the basis of the Roe v.
security guards that he was rational and sane and Wade case in 1973.
promised to stay away from the girl.
Roe v. Wade (1973)
The next day, the man killed the girl. - A legal case in the United States Supreme
Court on January 22, 1973, ruled that the
It is at this time that healthcare practitioners are to Constitution of the United States protects a
keep patient confidentiality no matter what since they pregnant woman’s liberty to choose to have
were not required to protect the lives of others but an abortion without excessive government
their patient. restriction.
Later on, the Code of Ethics added an addition to the The Supreme Court determined that a woman’s right
principle of confidentiality which is the Harm to make this personal choice rested on;
Principle. 1. The avoidance of disclosing personal matters
2. The need to provide for an arena where
HARM PRINCIPLE OF CONFIDENTIALITY independent decision making could take
- A principle that gives power to healthcare place.
practitioners to break confidentiality and report
the situation when patients are endangering We have the right to;
themselves or endangering the people around - Make fundamental choices involving
them. ourselves, our families, and our relationships
- The healthcare practitioners are given the with others free from scrutiny as long as these
power to break trust and confidentiality only assertion of these rights is consistent with the
when harm comes to people. law or public policy
- Maintain our private lives
COMMON CASE: WHAT WOULD WE DO IF WE - Restrict the collection, processing, use, and
HAVE AN HIV POSITIVE PATIENT? dissemination of information about our
- Be discrete with the information since the HIV personal attributes and activities
disease is surrounded with issues like
discrimination and deprivation of rights. The law provides legal redress against those who
- Only healthcare providers who are assigned would infringe on our legitimate right to privacy from
to the case should know. Certain measures motives of malice, greed, curiosity, or gain.
should be made to prevent the family of the
patient from acquiring the disease. The
Four Classes of Tort Actions
healthcare provider may tell the direct SO of
1.) Misappropriation
the patient to help with preventive measures.
- Deals with the unpermitted use of a
person’s name or likeness for another’s
benefit or advantage
II. LEGAL FOUNDATION OF PRIVACY
2.) Intrusion
BUENA.FETILUNA.MONTERO.FRANCISCO.MORRE.JESENA.KUIZON.TUICO.TECSONK | BSN 2C
- Involves the intrusion upon another’s ● Maintained privacy
solitude or seclusion; a clinical
example might be the allowance of Present
unessential or lay personnel to be ● Electronic/Paperless
present during a surgical procedure or ● Easily accessed
examination. ● Accessed by many
3.) Public disclosure of private facts ● Prone to be stolen and misused
- Involves publicity of an objectionable
nature of private information Today over 80% of direct patient care is provided by
4.) Presenting someone in a false light to the allied health and nursing professionals. In the
public hospital, only about a third of the patient’s record is
- Involves publication of information that maintained by physicians, with the rest being
leads to the public regarding the recorded by other members of the medical team.
plaintiff falsely.
On average, 5 days of inpatient care within a teaching
Many state statutes and few federal regulations hospital as 150 staff (from nursing, respiratory care,
require the reporting of certain types of information radiology, and billing clerks) have legitimate access to
from the medical record, to appropriate agencies with a patient’s record to provide both direct and/or
or without the patient’s authorization. supportive services
BUENA.FETILUNA.MONTERO.FRANCISCO.MORRE.JESENA.KUIZON.TUICO.TECSONK | BSN 2C
By the early 1990’s, it was clear that the use of ○ To protect and enhance the rights of
computers and complex database retrieval systems consumers by providing them access
was making confidentiality of patient information to their health information and
difficult to maintain. controlling the inappropriate use of
that information.
*there was an incident in which surplus computers ○ To improve the quality of healthcare in
sold by medical schools and other agencies, and in the United States by restoring trust in
those computers still contained information regarding the healthcare system among
case details of thousands of patients* consumers, healthcare practitioners,
and the multitude of organizations
committed to the delivery of care,
○ To improve the efficiency and
Prior to the enactment of HIPAA (Health Insurance
Portability and Accountability Act) and the Privacy effectiveness of healthcare delivery by
Rule there was no unifying federal privacy act for creating a national framework for
medical records. health privacy protection that builds on
efforts by states, health systemd,
NEWS: individual organizations, and
individuals.
Massive Hack of Hospital Network Files - 4.5
Million Records ● Those required to follow HIPAA Privacy Rule:
UCLA Hospital System’s President, Dr. James ○ Doctors, nurses, allied health
Atkinson, apologized to the public for the potential professionals, pharmacies, hospitals,
loss of millions of records. Information lost included clinics, nursing homes, and many
patient’s names, medical information, Social other healthcare providers.
Security Numbers, Medicare Numbers, health plan ○ Most employer health plans, HMOs,
IDs, birthdays, and physical addresses. The and health insurance companies.
hospital group is not notifying staff and patients,
○ Certain government programs that pay
offering them one year of identity theft recovery.
for health care, such as Medicare and
THe UCLA system is just one of many health Medicaid.
systems who have lost control of millions of
records. Their systems are under near constant ● Protected information:
attack by hackers, some of which are operating in ○ Information your doctor, nurses, and
foreign countries. Hospitals, health insurance other healthcare providers put in your
companies, and universities have all become a
frequent targets for hackers seeking massive medical record.
databases of personal information. Profile data, ○ Conversations your doctor had about
Social Security Numbers,and health records sell on your care or treatment with nurses and
the black market. Illegal data brokers amass large other healthcare professionals.
databases of this stolen information and then sell ○ Information about you in your health
access to identity thieves. insurer’s computer system.
○ Billing information about you from your
IV. HEALTH INSURANCE PORTABILITY AND clinic/healthcare provider.
ACCOUNTABILITY ACT (HIPAA) ○ Most other health information about
● Enacted by the Congress in 1996 to: you, held by those who must follow
○ Encourage the use of electronic this law.
transmission of health information
○ Assist in cost containment ● Information can be used and shared:
○ Provide new safeguards to protect the ○ For treatment and care coordination.
security and confidentiality of the ○ To pay physicians and hospitals for
information the patient’s health care.
● HIPAA has three self-declared major purposes ○ With family, relatives, friends, and
others the patient identifies as being
BUENA.FETILUNA.MONTERO.FRANCISCO.MORRE.JESENA.KUIZON.TUICO.TECSONK | BSN 2C
involved with their healthcare or health - Auditing functions
care bills, unless the patient objects. - Administrative functions
- Research
● Without the patient’s authorization, healthcare - Public health reporting
providers generally cannot: - Criminal law requirements
○ Give information to the patient’s Professional Education
employer. - The need for professional education permits
○ Use or share the patient’s information information regarding in-house patients to be
for marketing or advertising purposes. exchanged for these purposes:
○ Share private notes about the patient’s - Medicine
mental health counselling sessions. - Nursing
- Allied Health
● Patient’s rights - Psychology
○ Right to see and get a copy of your - Social Services
health records. Research
○ Right to have corrections added to - Data in regard to the conducting or research
your medical records. can be shared to all researchers involved.
○ Right to receive a notice as to how - Hospitals that permit their staff to engage in
your health information may be used research have research committees to screen
or shared. the protocols.
○ Right to a report on how and why your International Review Boards (IRBs)
health information was shared. - An administrative body established to protect
○ Right to due process if your rights the rights and welfare of human research
were denied. subjects recruited to participate in research
○ Right to decide if you want to give activities conducted under the auspices of the
permission before your health institution with which it is affiliated.
information may be used or shared. - Attempts to balance the potential risk to the
patient against the potential benefits of the
V. LEGITIMATE INTEREST research.
Legitimate interest Research standards:
- is a standard to determine whether an 1. The results should be presented in such a
enforcing party has a protectible, valid, and fashion as to protect the anonymity of the
legal interest that allows them to create some patients.
type of restriction or perform a specific action. 2. Only those involved in the study will have
Medical record: access to the raw data.
- Medical information about the patient’s 3. Safeguards to protect the patient's privacy will
condition be part of the research protocol.
- Contains patient’s personal data 4. Patient confidentiality should be maintained in
- Patient’s financial and social nature the conduct of medical research.
- A property of the hospital or clinic
- Patient has legal interests and rights to the Health records and legitimate access
information
Access to the medical record is limited to: Level 1 - direct ● Physicians
- Patient patient care ● Nurses
● Institutional services
- Authorized representatives of the patient
● Therapists/Technologists
- Attending physician
- Hospital staff members who have a legitimate Level 2 - ● Service payers
interest supportive ● Risk management
● Quality care reviews
Grounds of legitimate interest: services
- Professional education
Level 3 - Social ● Insurance
- Patient care services ● Licensing
BUENA.FETILUNA.MONTERO.FRANCISCO.MORRE.JESENA.KUIZON.TUICO.TECSONK | BSN 2C
● Employment decisions
Basic Principles of Human Subject Research
● Civil/criminal judicial review
● Public health reporting ● AUTONOMY
● Research
● Education - First consideration is that subjects are
● Media individual autonomous agents and
● Law enforcement have the right to expect that the
● Rehabilitation
researcher will support their opinions
and choices while refraining from
Documentation obstructing their actions unless they
- A material that provides official information or are clearly detrimental to others. This
evidence or that serves as a record. is applied through the use of Informed
- The less confidential information written Consent.
explicitly into the record, the fewer - Second consideration deals with the
opportunities there are for harmful disclosures fact that not all individuals are capable
involving patient privacy. of self determination. For individuals
- It is essential and required by law that who have either not gained the
hospitals establish procedures to protect the capacity for self-determination or have
content of medical records. lost this capacity due to illness, mental
- This is not only in the standpoint of disability, or circumstances that
patient confidentiality, but also against severely restrict liberty, special
the possibility of intentional considerations need to be put in place
falsification and alteration of record. to ensure their protection, even if this
means excluding them from
VI. HUMAN SUBJECT RESEARCH participation in the research.
BUENA.FETILUNA.MONTERO.FRANCISCO.MORRE.JESENA.KUIZON.TUICO.TECSONK | BSN 2C
● JUSTICE 6. There will be adequate provision for the protection
- Research supported by public funds of privacy and the maintenance of confidentiality of
that leads to improvement of collected data.
technologies or therapies should
benefit more than those who can
afford them and that the research VII. INSTITUTIONAL REVIEW BOARDS
should not depend unduly on
populations unlikely to be among the Institutional Review Boards
beneficiaries of the applications of ● To ensure satisfactory compliance with
research findings appropriate research standards, institutions
create institutional review boards
Professional and Ethical Standards to be followed ● To review the research protocols prior to
in Human Subject Research implementation.
● One of the important activities gathered under
1. Risks the subjects are minimized by using the aegis role of duty is service on IRB.
procedures consistent with sound research design ● These boards are established to protect the
that do not unnecessarily expose subjects to risk. rights and welfare of human subjects recruited
Whenever appropriate, the research will use to participate in research activities under the
procedures already being performed on the subjects auspices of the institution with which a board
for diagnostic or treatment purposes is affiliated.
BUENA.FETILUNA.MONTERO.FRANCISCO.MORRE.JESENA.KUIZON.TUICO.TECSONK | BSN 2C
● The risks should never exceed the benefits Howard, the Belmont Report allows for
● Adequate facilities should be used to protect a positive solution, which at times may
subjects be difficult to find, to future subjects
● Experiments should be conducted only by who are not capable to make
qualified scientists independent decisions
● Subjects should be able to end their 4. U.S. Department of Health and Human
participation at any time Services Title 45 of 2001
● The scientist in charge must be prepared to - Laws set by the U.S. Department of
terminate the experiment when injury, Health and Human Services (DHHS)
disability, or death is likely to occur to protect a person from risks in
research studies that any federal
agency or department has a part in.
2. Helsinki Declaration of 1964 (with later Also called 45 Code of Federal
revisions) Regulations Part 46, human
- Formal statement of ethical principles participant protection regulations, and
published by the World Medical Protection of Human Subjects.
Association (WMA) to guide the - In the United States, the Code of
protection of human participants in Federal Regulations Title 45: Public
medical research. Welfare, part 46 (45 CFR 46) provides
- Adopted in 1964 by the 18th WMA protection for human subjects in
General Assembly, at Helsinki research carried out or supported by
most federal departments and
● 1975 (first revision) agencies. 45 CFR 46 created a
● 1983 (second revision) common federal policy for the
● 1989 (third revision) protection of such human subjects that
● 1996 (fourth revision) was accepted by the Office of Science
● 2000 (fifth revision) and Technology Policy and issued by
● 2008 (sixth revision) each of the departments and agencies
● 2013 (seventh revision) listed in the document. The code is
3. Belmont Report of 1979 divided into four subparts: basic
- The report was issued on 30 protection applicable to all human
September 1978and published in the research subjects; additional
Federal Register on 18 April 1979. protections for women, human
- The three basic ethical principles fetuses, and neonates; additional
identified and set forth as guidelines protections for prisoners; and
for the conduct of biomedical and additional protections for children.
behavioral research involving human Although 45 CFR 46 contains
subjects - respect for persons, additional protections for human
beneficence, and justice - remain fetuses, it is important to note that
particularly relevant and necessary for these protections last only from
today’s clinical trials. implantation to birth, and are not
- The Belmont Report summarizes extended to embryos before
ethical principles and guidelines for implantation.
research involving human subjects. 5. American Psychological Association Code
Three core principles are identified: for conduct of social and behavioral
respect for persons, beneficence, and research
justice. Three primary areas of - Includes an introduction, preamble, a
application are also stated. They are list of five aspirational principles and a
informed consent, assessment of risks list of ten enforceable standards that
and benefits, and selection of psychologists use to guide ethical
subjects. According to Vollmer and
BUENA.FETILUNA.MONTERO.FRANCISCO.MORRE.JESENA.KUIZON.TUICO.TECSONK | BSN 2C
decisions in practice, research, and
education.
Five principles for research ethics
● PRINCIPLE A:
COMPETENCE
● PRINCIPLE B: INTEGRITY
● PRINCIPLE C:
PROFESSIONAL AND
SCIENTIFIC
RESPONSIBILITY
● PRINCIPLE D: RESPECT
FOR PEOPLE'S RIGHTS
AND DIGNITY
● PRINCIPLE E: CONCERN
FOR OTHERS' WELFARE
● PRINCIPLE F: SOCIAL
RESPONSIBILITY
If psychologists’ ethical responsibilities conflict with
law, regulations, or other governing legal authority,
psychologists make known their commitment to this
Ethics Code and take steps to resolve the conflict in a
responsible manner in keeping with basic principles of
human rights.
In addition:
A fundamental principle of nursing practice is respect
for the inherent dignity, worth, unique attributes, and
human rights of all individuals.1 Nurses who
understand legal and ethical protections for human
subjects can contribute to research by serving as
advocates for their patients and helping to ensure that
studies are conducted in an ethical, legal, and
scientifically valid manner.
BUENA.FETILUNA.MONTERO.FRANCISCO.MORRE.JESENA.KUIZON.TUICO.TECSONK | BSN 2C
DATA PRIVACY ACT OF 2012
CHAPTER 1
GENERAL PROVISIONS (e) Filing system refers to any act of
information relating to natural or juridical
SECTION 1. Short Title. – This Act shall persons to the extent that, although the
be known as the “Data Privacy Act of information is not processed by equipment
2012”. operating automatically in response to
instructions given for that purpose, the set
SEC. 2. Declaration of Policy. – It is the is structured, either by reference to
policy of the State to protect the individuals or by reference to criteria
fundamental human right of privacy, of relating to individuals, in such a way that
communication while ensuring free flow of specific information relating to a particular
information to promote innovation and person is readily accessible.
growth. The State recognizes the vital role
of information and communications (f) Information and Communications
technology in nation-building and its System refers to a system for generating,
inherent obligation to ensure that personal sending, receiving, storing or otherwise
information in information and processing electronic data messages or
communications systems in the electronic documents and includes the
government and in the private sector are computer system or other similar device
secured and protected. by or which data is recorded, transmitted
or stored and any procedure related to the
SEC. 3. Definition of Terms. – Whenever recording, transmission or storage of
used in this Act, the following terms shall electronic data, electronic message, or
have the respective meanings hereafter electronic document.
set forth:
(g) Personal information refers to any
(a) Commission shall refer to the National information whether recorded in a material
Privacy Commission created by virtue of form or not, from which the identity of an
this Act. individual is apparent or can be
reasonably and directly ascertained by the
(b) Consent of the data subject refers to
entity holding the information, or when put
any freely given, specific, informed
together with other information would
indication of will, whereby the data subject
directly and certainly identify an individual.
agrees to the collection and processing of
personal information about and/or relating (h) Personal information controller refers
to him or her. Consent shall be evidenced to a person or organization who controls
by written, electronic or recorded means. It the collection, holding, processing or use
may also be given on behalf of the data of personal information, including a person
subject by an agent specifically authorized or organization who instructs another
by the data subject to do so. person or organization to collect, hold,
process, use, transfer or disclose personal
(c) Data subject refers to an individual
information on his or her behalf. The term
whose personal information is processed.
excludes:
(d) Direct marketing refers to
(1) A person or organization who performs
communication by whatever means of any
such functions as instructed by another
advertising or marketing material which is
person or organization; and
directed to particular individuals.
(2) An individual who collects, holds, (4) Specifically established by an
processes or uses personal information in executive order or an act of Congress to
connection with the individual’s personal, be kept classified.
family or household affairs.
SEC. 4. Scope. – This Act applies to the
(i) Personal information processor refers processing of all types of personal
to any natural or juridical person qualified information and to any natural and juridical
to act as such under this Act to whom a person involved in personal information
personal information controller may processing including those personal
outsource the processing of personal data information controllers and processors
pertaining to a data subject. who, although not found or established in
the Philippines, use equipment that are
(j) Processing refers to any operation or located in the Philippines, or those who
any set of operations performed upon maintain an office, branch or agency in the
personal information including, but not Philippines subject to the immediately
limited to, the collection, recording, succeeding paragraph: Provided, That the
organization, storage, updating or requirements of Section 5 are complied
modification, retrieval, consultation, use, with.
consolidation, blocking, erasure or
destruction of data. This Act does not apply to the following:
(k) Privileged information refers to any and (a) Information about any individual who is
all forms of data which under the Rules of or was an officer or employee of a
Court and other pertinent laws constitute government institution that relates to the
privileged communication. position or functions of the individual,
including:
(l) Sensitive personal information refers to
personal information: (1) The fact that the individual is or was an
officer or employee of the government
(1) About an individual’s race, ethnic institution;
origin, marital status, age, color, and
religious, philosophical or political (2) The title, business address and office
affiliations; telephone number of the individual;
(2) About an individual’s health, education, (3) The classification, salary range and
genetic or sexual life of a person, or to any responsibilities of the position held by the
proceeding for any offense committed or individual; and
alleged to have been committed by such
person, the disposal of such proceedings, (4) The name of the individual on a
or the sentence of any court in such document prepared by the individual in the
proceedings; course of employment with the
government;
(3) Issued by government agencies
peculiar to an individual which includes, (b) Information about an individual who is
but not limited to, social security numbers, or was performing service under contract
previous or current health records, for a government institution that relates to
licenses or its denials, suspension or the services performed, including the
revocation, and tax returns; and terms of the contract, and the name of the
individual given in the course of the SEC. 5. Protection Afforded to Journalists
performance of those services; and Their Sources. – Nothing in this Act
shall be construed as to have amended or
(c) Information relating to any repealed the provisions of Republic Act
discretionary benefit of a financial nature No. 53, which affords the publishers,
such as the granting of a license or permit editors or duly accredited reporters of any
given by the government to an individual, newspaper, magazine or periodical of
including the name of the individual and general circulation protection from being
the exact nature of the benefit; compelled to reveal the source of any
news report or information appearing in
(d) Personal information processed for said publication which was related in any
journalistic, artistic, literary or research confidence to such publisher, editor, or
purposes; reporter.
(e) Information necessary in order to carry SEC. 6. Extraterritorial Application. – This
out the functions of public authority which Act applies to an act done or practice
includes the processing of personal data engaged in and outside of the Philippines
for the performance by the independent, by an entity if:
central monetary authority and law
enforcement and regulatory agencies of (a) The act, practice or processing relates
their constitutionally and statutorily to personal information about a Philippine
mandated functions. Nothing in this Act citizen or a resident;
shall be construed as to have amended or
repealed Republic Act No. 1405, (b) The entity has a link with the
otherwise known as the Secrecy of Bank Philippines, and the entity is processing
Deposits Act; Republic Act No. 6426, personal information in the Philippines or
otherwise known as the Foreign Currency even if the processing is outside the
Deposit Act; and Republic Act No. 9510, Philippines as long as it is about Philippine
otherwise known as the Credit Information citizens or residents such as, but not
System Act (CISA); limited to, the following:
(f) Information necessary for banks and (1) A contract is entered in the Philippines;
other financial institutions under the
jurisdiction of the independent, central (2) A juridical entity unincorporated in the
monetary authority or Bangko Sentral ng Philippines but has central management
Pilipinas to comply with Republic Act No. and control in the country; and
9510, and Republic Act No. 9160, as
amended, otherwise known as the (3) An entity that has a branch, agency,
Anti-Money Laundering Act and other office or subsidiary in the Philippines and
applicable laws; and the parent or affiliate of the Philippine
entity has access to personal information;
(g) Personal information originally and
collected from residents of foreign
jurisdictions in accordance with the laws of (c) The entity has other links in the
those foreign jurisdictions, including any Philippines such as, but not limited to:
applicable data privacy laws, which is
(1) The entity carries on business in the
being processed in the Philippines.
Philippines; and
(2) The personal information was collected (d) Compel or petition any entity,
or held by an entity in the Philippines. government agency or instrumentality to
abide by its orders or take action on a
CHAPTER II matter affecting data privacy;
Personal information must, be:, SEC. 12. Criteria for Lawful Processing of
Personal Information. – The processing of
(a) Collected for specified and legitimate personal information shall be permitted
purposes determined and declared before, only if not otherwise prohibited by law, and
or as soon as reasonably practicable after when at least one of the following
collection, and later processed in a way conditions exists:
(a) The data subject has given his or her have given their consent prior to
consent; processing;
(b) The processing of personal information (b) The processing of the same is
is necessary and is related to the provided for by existing laws and
fulfillment of a contract with the data regulations: Provided, That such
subject or in order to take steps at the regulatory enactments guarantee the
request of the data subject prior to protection of the sensitive personal
entering into a contract; information and the privileged information:
Provided, further, That the consent of the
(c) The processing is necessary for data subjects are not required by law or
compliance with a legal obligation to which regulation permitting the processing of the
the personal information controller is sensitive personal information or the
subject; privileged information;
(d) The processing is necessary to protect (c) The processing is necessary to protect
vitally important interests of the data the life and health of the data subject or
subject, including life and health; another person, and the data subject is
not legally or physically able to express his
(e) The processing is necessary in order or her consent prior to the processing;
to respond to national emergency, to
comply with the requirements of public (d) The processing is necessary to
order and safety, or to fulfill functions of achieve the lawful and noncommercial
public authority which necessarily includes objectives of public organizations and their
the processing of personal data for the associations: Provided, That such
fulfillment of its mandate; or processing is only confined and related to
the bona fide members of these
(f) The processing is necessary for the organizations or their associations:
purposes of the legitimate interests Provided, further, That the sensitive
pursued by the personal information personal information are not transferred to
controller or by a third party or parties to third parties: Provided, finally, That
whom the data is disclosed, except where consent of the data subject was obtained
such interests are overridden by prior to processing;
fundamental rights and freedoms of the
data subject which require protection (e) The processing is necessary for
under the Philippine Constitution. purposes of medical treatment, is carried
out by a medical practitioner or a medical
SEC. 13. Sensitive Personal Information treatment institution, and an adequate
and Privileged Information. – The level of protection of personal information
processing of sensitive personal is ensured; or
information and privileged information
shall be prohibited, except in the following (f) The processing concerns such personal
cases: information as is necessary for the
protection of lawful rights and interests of
(a) The data subject has given his or her natural or legal persons in court
consent, specific to the purpose prior to proceedings, or the establishment,
the processing, or in the case of privileged exercise or defense of legal claims, or
information, all parties to the exchange
when provided to government or public and other laws for processing of personal
authority. information. The personal information
processor shall comply with all the
SEC. 14. Subcontract of Personal requirements of this Act and other
Information. – A personal information applicable laws.
controller may subcontract the processing
of personal information: Provided, That the SEC. 15. Extension of Privileged
personal information controller shall be Communication. – Personal information
responsible for ensuring that proper controllers may invoke the principle of
safeguards are in place to ensure the privileged communication over privileged
confidentiality of the personal information information that they lawfully control or
processed, prevent its use for process. Subject to existing laws and
unauthorized purposes, and generally, regulations, any evidence gathered on
comply with the requirements of this Act privileged information is inadmissible.
CHAPTER IV
SEC. 16. Rights of the Data Subject. – and the extent to which such access is
The data subject is entitled to: authorized;
(a) Be informed whether personal (6) The identity and contact details of the
information pertaining to him or her shall personal information controller or its
be, are being or have been processed; representative;
(b) Be furnished the information indicated (7) The period for which the information
hereunder before the entry of his or her will be stored; and
personal information into the processing
system of the personal information (8) The existence of their rights, i.e., to
controller, or at the next practical access, correction, as well as the right to
opportunity: lodge a complaint before the Commission.
(c) Reasonable access to, upon demand, (e) Suspend, withdraw or order the
the following: blocking, removal or destruction of his or
her personal information from the personal
(1) Contents of his or her personal information controller’s filing system upon
information that were processed; discovery and substantial proof that the
personal information are incomplete,
(2) Sources from which personal outdated, false, unlawfully obtained, used
information were obtained; for unauthorized purposes or are no
longer necessary for the purposes for
(3) Names and addresses of recipients of
which they were collected. In this case,
the personal information;
the personal information controller may
(4) Manner by which such data were notify third parties who have previously
processed; received such processed personal
information; and
(5) Reasons for the disclosure of the
personal information to recipients; (f) Be indemnified for any damages
sustained due to such inaccurate,
(6) Information on automated processes incomplete, outdated, false, unlawfully
where the data will or likely to be made as obtained or unauthorized use of personal
the sole basis for any decision significantly information.
affecting or will affect the data subject;