Professional Documents
Culture Documents
Material Scope
The law applies to the processing of all types
of personal information and to any natural
person or legal entity involved in personal
information processing.
What information does DPA
apply to?
Territorial Scope
Applies to data controllers and processors who
are located in the Philippines, use equipment
that is located in the Philippines or who
maintain an office, branch or agency in the
Philippines.
• The data subject must be informed about the extent and purpose of
processing.
• Content is needed for the automated processing of personal data
sharing,
• for sharing information with affiliates or mother companies, and
• must be ‘feely given, specific, informed’ and must be evidenced by
recorded means.
• DATA PROCESSING AND RECORDING
• The law requires that when sharing data, the sharing must be covered
by an agreement that provides adequate safeguards for the rights of
the data subjects, and that these agreements are subject to review by
the National Privacy Commission.
Privacy Principles
Preventing Harm Principle
The requirement to notify affected data
subjects of a breach is predicated upon an
assessment of whether the unauthorized
acquisition is likely to give rise to a real risk of
serious harm to any affected data subject.
Data Minimization
Personal data shall be adequate and not
excessive in relation to the purposes for which
they are collected and processed.
Accuracy
Personal data should be accurate, relevant
and, where necessary for purposes for which
it is to be used to the processing of personal
information, kept up to date; inaccurate or
incomplete data must be rectified,
supplemented, destroyed or their further
processing restricted.
Storage Limitation
Personal data shall be retained only for as
long as necessary for the fulfillment of the
purposes for which the data was obtained or
for the establishment, exercise or defense of
legal claims, or for legitimate business
purposes or as provided by law.
Notice and Choice
The data subject is entitled to be informed
of the following:
• Information to be entered
• Purpose
• Scope and method of processing
• Recipients of information
• Methods of access
• Period of storage
• How to file a complaint
The controller must implement reasonable and
appropriate organizational, physical and
technical measures intended for the protection
of personal information against any accidental
CONFIDENTIALITY, or unlawful destruction, alteration and
INTEGRITY
AND disclosure, as well as against any other unlawful
AVAILABILITY
processing.
Penalties
• Ranging from P100,000 to P5,000,000
Please read the herein stated Agreement carefully and evidence your acceptance of its terms by clicking on the Agree
button below:
1. You understand and agree that this Agreement between you and the Dangerous Drugs Board covers the terms and
conditions of your use and access to the Integrated Drug Monitoring and Reporting Information System website online
service.
In offering this Website, DDB is making available to you the services, through the facilities of the Internet, which allow
you to access the IDMRIS database; to encode and view drug surrenderers’ data such as personal information,
intervention and other pertinent information regarding their rehabilitation; and anti-drug related efforts and activities
of your organisation.
2. The Dangerous Drugs Board is responsible for collecting all information and reports submitted to the IDMRIS by
authorised representatives of DDB partners/stakeholders.
3. The data collection is for analysis and monitoring of reports. The information gathered will be used as basis for the
development and improvement of policies and drug abuse intervention programs.
4. The information and reports generated from the IDMRIS may be shared to other authorised organizations, partner agencies
and local government units.
5. You as the DDB partner/stakeholder submitting to IDMRIS may only view, edit and access your own data on drug
surrenderers and anti-drug related efforts and activities.
6. You shall immediately notify us if there are errors or discrepancies in your data. When notifying us of possible security
breaches, please include your:
- Name and user ID
- Name of Agency/Organization
- Contact details
- Date and time of security breach or fraud
- Description or error that has occurred.
7. By your use and/or continued use of this Website, or access and use of the service provided through this Website, you signify
your agreement to indemnify and to keep the DDB, its directors, and employees fully and effectively indemnified against all
actions, liabilities, costs, claims, losses, damages, proceedings and/or expenses (including all legal costs on an indemnity basis)
without prejudice to the filing of any criminal case for violation of any statue or law.
8. Violation of any of the provisions of this agreement shall constitute breach and shall terminate
this agreement immediately without need of notice, without prejudice to criminal prosecution
for violation of RA 10173 otherwise known as the Data Privacy Act of 2012, as well as other
pertinent laws.
9. You understand that you may provide and receive information related to your Accounts via
this Website. By accessing the Website, you hereby agree to the above terms and conditions of
use.
Thank You!