CPE LAWS AND PROFESSIONAL PRACTICE May 12, 2022

Contemporary
Issues
David, Joshua
Oliveros, Brian
Kenneth
Oserio, Rochelle
CPE LAWS AND PROFESSIONAL PRACTICE

Contemporary
Issues
Are you ready?
CPE LAWS AND PROFESSIONAL PRACTICE

Contemporary Privacy
Issues

A CONTEMPORARY ISSUE CAN IN THE INTERNET, PRIVACY IS ONE OF

BE DEFINED AS ANY MODERN- THE MOST CONCERN OF THE INTERNET
DAY TREND, EVENT, IDEA, USERS AND NON-USERS. IT IS A
OPINION OR TOPIC IN A GIVEN PLATFORM WHERE MULTIPLE TYPES OF
SUBJECT THAT IS RELEVANT TO SYSTEMS COLLECT DATA FROM
MANY PEOPLE IN THE PRESENT CUSTOMERS FOR EVERY INTERACTION
DAY THEY DO.
The Right of Right Privacy

Privacy
What's is rght of privacy?

Privacy is a fundamental human right, it is one of

the main aspects for the protection of human
dignity and it forms the basis of any democratic
society, along with the rights of having the
freedom of expression, information and Coffee before
anything else
association. - Paige
CPE LAWS AND PROFESSIONAL PRACTICE

the right of a person to be

1 free from unwarranted
publicity,

Aspects 2 the unwarranted

appropriation or exploitation

of Right of 3
of one’s personality,
the publicizing of one’s
private affairs with which
Privacy the public has no legitimate
concern, or
4 the wrongful intrusion into one’s
private activities in such manner as
to outrage or cause mental
suffering, shame or humiliation to a
person of ordinary sensibilities
Key Privacy and
Anonymity Issues

Action 1 Action 2 Action 3 Action 4

1 Communication 3 Data encryption 5 Customer 7 Spamming

Surveillance profiling

Government
2 4 Identity theft 6 Need to treat 8 Advanced
electronic customer data surveillance
surveillance responsibly techniques
CPE LAWS AND PROFESSIONAL PRACTICE

Communication
Surveillance
Universal Declaration of
Human Rights
According to the Article 12 of Universal Declaration of
Human Rights, “No one shall be subjected to arbitrary
interference with his privacy, family, home or
correspondence, nor to attacks upon his honor and
reputation. Everyone has the right to the protection of
the law against such interference or attacks.
International Covenant
on1 Civil and Political
Rights
According to the International Covenant on Civil and
Political Rights, Article 1, “All people have the right of
self-determination. By virtue of that right they freely
determine their political status and freely pursue their
economic, social and cultural development.”
Electronics Engineering
Law of 2004 (RA 9292)
In Electronics Engineering Law of 2004, it is stated in
Section 35 (h) that “Any person holding a Certificate of
Registration and Professional Identification Card as
Professional Electronics Engineer, Electronics
Engineer or Electronics Technician who shall be
involved in illegal wire-tapping, cloning, hacking,
cracking, piracy and/or other forms of unauthorized
and malicious electronic eavesdropping and/or the use
of any electronic devices in violation of the privacy of
another or in disregard of the privilege of private
communications and/or safety to life, physical and/or
intellectual property of others, or who shall maintain an
unlicensed and/or unregistered communications
system or device.”
Civil Code of the Philippines
(RA 386 (1949))
Stated in the Article 32 of RA 386, “Any public officer Anti-Wiretapping Act of
or employee, or any private individual, who directly or
indirectly obstructs, defeats, violates or in any manner 1965 (RA 4200)
impedes or impairs any of the following rights and
liberties of another person shall be liable to the latter RA 4200 is an act on preventing any Wire-tapping
for damages.” activities, and any of its various procedures.
In Section 1, it stated that “It shall be unlawful for
any person, not being authorized by all the parties
to any private communication or spoken word, to
tap any wire or cable, or by using any other device
Revised Penal Code (Act or arrangement, to secretly overhear, intercept, or
1 3815 (1930))
No. record such communication or spoken word by
Stated in Article 290 of the Act No, 3815, entitled using a device commonly known as a dictaphone
Discovering Secrets Through Seizure of Correspondence. or dictagraph or dictaphone or walkie-talkie or
“The penalty of prisión correccional in its minimum and tape recorder, or however otherwise described.”
medium periods and a fine not exceeding 500 pesos shall
be imposed upon any private individual who in order to
discover secrets of another, shall seize his papers or letters
and reveal the contents thereof.”
CPE LAWS AND PROFESSIONAL PRACTICE

Governmental Electronic
Surveillance

Electronic Communications Privacy Act

Foreign Intelligence Surveillance Act of
of 1986 (ECPA)
1978 (FISA)
TECPA protects wire, oral, and electronic
FISA establishes procedures for the authorization of
communications, while being made, transferred, and
electronic surveillance, use of pen registers and trap
when they are stored on computers.
and trace devices, physical searches, and business
The ECPA protection applies to email, telephone
records for the purpose of gathering foreign
conversations, and electronically stored data.
intelligence.
CPE LAWS AND PROFESSIONAL PRACTICE

Communications
Executive Assistance for Law
Enforcement Act
Order 12333 (CALEA)
A U.S. wiretapping law passed by Congress in 1994.
A U.S. wiretapping law passed by Congress in 1994.
Requires telecommunications providers and
Requires telecommunications providers and
equipment manufacturers to allow law
equipment manufacturers to allow law
enforcement agencies to intercept
enforcement agencies to intercept
communications with a warrant.
communications with a warrant.
The law originally applied only to telephone
The law originally applied only to telephone
conversations, but has been expanded to cover
conversations, but has been expanded to cover
Voice over internet protocol (VoIP) and internet
Voice over internet protocol (VoIP) and internet
traffic.
traffic.
Data Encryption

Data Encryption is the method that translates data into another form, or
code, so that only people with access to a secret key or password can
read it.
The science of encrypting and decrypting information is called
cryptography.
Encrypted data is commonly referred to as ciphertext, while unencrypted
data is called plaintext.
An encryption key is a random string of bits created explicitly for
scrambling and unscrambling data, it is also used to encrypt and decrypt
multiple types of data.
Public Key Encryption is a method of encrypting data with two different
keys, the public key which is available for anyone to use, and the private
key for the main user.
Data Encryption

Data encrypted with the public key can only be decrypted with the
private key, and data encrypted with the private key can only be
decrypted with the public key.
Example of Public Key Encryption - Bob wants to send Alice an encrypted
email. To do this, Bob takes Alice’s public key and encrypts his message to
her. Then, when Alice receives the message, she takes the private key that
is known only to her in order to decrypt the message from Bob.
Private Key Encryption is a method that only uses a single key to encrypt
and decrypt data.
RSA is a public-key cryptosystem or algorithm, widely used for securing
data transmissions.
Identity Theft
Identity theft is the crime of obtaining the personal or financial information of another person to use
their identity to commit fraud.

Identity Theft

The usual data and information stolen are the

The usual data and information stolen are the
following:
following:
Name
Name
Address
Address
Date of birth
Date of birth
Social Security number
Social Security number
Passport number
Passport number
Driver’s license number
Driver’s license number
Mother’s maiden name
Mother’s maiden name
CPE LAWS AND PROFESSIONAL PRACTICE
Phishing
Phishing is a type of identity theft
method in which a target is contacted
through email, telephone or text
message by someone posing as a
legitimate institution to lure individuals
into providing sensitive data such as
personal information, banking and credit
card details, and passwords.
Spear-
Phishing &
Spyware
Spear-Phishing is a variation of phishing that
happens in an organization where the targets are
employees, and the perpetrators pose as high-level
executives.
Spyware is a malicious software designed to enter
your computer device, gather data about you, and
forward it to a third-party without your consent.
Consumer Profiling
Consumer profiling is about
defining, segmenting and profiling
your target consumers to guide
every element of your marketing
and brand strategy.
Cookies are files created by
websites you visit. They make your
online experience easier by saving
browsing information. With
cookies, sites can keep you signed
in, remember your site preferences,
and give you locally relevant
content.
Data stored in a cookie is created by the server
upon your connection. This data is labeled with an
ID unique to you and your computer.
Cookies can be exploited and used to steal
personal information, there are four ways to limit or
even stop the deposit of cookies on hard drives
Setting the browser to limit or stop the use of
cookies
Manually delete cookies from the hard drive
Download and install a cookie-management
program
Use anonymous browsing programs that don’t
accept cookies
CPE LAWS AND PROFESSIONAL PRACTICE

Treating Consumer
Data Responsibly

CPE LAWS AND PROFESSIONAL PRACTICE

There are multiple responsible ways of treating

consumer data, some are stated below:

Minimize data collection

Conducting a Privacy Audit Minimize data collection

A privacy audit is a process of finding out what data is
Every data collected must all be necessary for usage, by
currently collected, how it’s stored and what it's used
minimizing the data collection, any unnecessary data
for.
shall be ignored or passed.
CPE LAWS AND PROFESSIONAL PRACTICE

Provide a transparent track record

By providing a non-intrusive
transparent track record of the data
collected, used, and stored, consumers
are assured that their data is
responsibly protected.
The 1980 Guidelines are well known for their
principles for the collection and handling of
personal data, but they also call for co-
operation in enforcement-related matters

Workplace Monitoring

What's is workplace monitoring?

Workplace Monitoring
Workplace monitoring is a growing practice in which companies use digital tools to track
work, employee performance, and work in progress.
Businesses use different monitoring methods to measure productivity, track attendance,
assess behavior, ensure security, and collect proof of hours worked.
Employers monitor workers and ensures that corporate IT usage policy is followed
The Fourth Amendment cannot be used to limit how a private employer treats its employees,
while public-sector employees have far greater privacy rights than in the private industry
Spamming STOP START
KEEP
GOING

Spamming is the use of electronic messaging systems like e-mails and other digital
delivery systems and broadcast media to send unwanted bulk messages
indiscriminately.
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM Act of
2003) states that it is legal to spam but there must be rules, where:
Spammers cannot disguise their identity.
There must be a label in the message specifying that the e-mail is an ad or solicitation.
They must include a way for recipients to indicate they do not want future mass
mailings
Advanced Advanced Surveillance technology, which encompasses a large
array of technologies used to observe individuals’ activities and
Surveillance communications, advanced at a rapid pace and is becoming more
Technology widely available in the general marketplace. Listed below are some
applications of the advanced surveillance technology.

Action 1 Action 3 Action 4

Camera surveillance Facial recognition Global Positioning

Advance CCTV software System (GPS)
systems in Identifies criminal chips
infrastructures suspects and Placed in many
Smart other undesirable devices
Surveillance characters Precisely
System Yields mixed locate users
results
CPE LAWS AND PROFESSIONAL PRACTICE

SECURITY

IT Security Incidents: A
Worsening Problem

Security of Information technology is one of the top priorities to be implemented, and is given the
highest importance
Protection of confidential data; securing sensitive data of customers, employees, and of the
company.
Protection against a variety of cyber-attacks, malicious acts of theft and disruption.
Maintenance and implementation should be balanced with other needs and issues in business.
Computer Emergency Response Team Coordination Center (CERT/CC)
A response team containing groups of information security experts responsible for an organization’s
cybersecurity protection, detection and response to attacks and incidents.
Established in 1988 at the Software Engineering Institute (SEI), whose headquarters are located at
Pittsburgh, Pennsylvania.
Increasing Complexity
Increases Vulnerability

Increasing Complexity Increases Vulnerability

- Computing environment, especially in very big companies and organizations, can be
extensively complex.
As the complexity of the security or the network itself increases, the number of possible
entry points to penetrate expands as well.
Higher Computer User Expectations

Computer Helpdesks / Customer Service

Required to provide fast responses and assistance to users’ concerns and
questions.
Have to make sure to:
Verify User Identity
Check for Authorization
Validity of Reason and Concern
Expanding and Changing Systems
Introduce New Risks

Network Era
Personal computers are connected to networks along with millions of other computers, and are all
capable of sharing information.
Information Technology
It is the use of any computers, storage and physical devices, networking systems and infrastructure
to create, process, store, secure, and share different forms of electronic data.
It is ubiquitous, and is used by an individual or an organization to achieve goals.
Difficulty increases in keeping up with the pace of technological development.
Increased Reliance on Commercial
Software with Known Vulnerabilities

Exploit
Patch
An attack on information
A “Fix” to resolve issues with functionality,
system
especially addressing system’s security stability
Takes advantage of a specific
and vulnerabilities.
system’s entry point or
Users are responsible to obtain the said patches
vulnerability for benefits.
and install them manually, or the system would
Usually happens when the
undergo an automatic update.
system is still in its early stages,
Delays in installing patches may expose users
and/or due to poor design and
to security breaches.
implementation.
CPE LAWS AND PROFESSIONAL PRACTICE June 1, 2021

Types of Types of Attacks can be of

Attacks the following:
Virus
Worm
Trojan Horse
Frequent attacks are mostly done
on a networked device or computer Denial of Service (DoS)
from an outside source.
Perpetrators

Similar motives as other criminals, doing illegal

activities even in the cyber world.

Have different objectives and access to varying

resources taking to account the levels of risk
involved to accomplish such
 Hackers
Test the limitations of systems out of intellectual
curiosity.
- Unauthorized users who breach computer network
systems in order to steal, alter, or even destroy any
information present.
- Often, they install malware without the user’s
knowledge or consent.
1 information for profit and personal satisfaction,
Crackers
Outdated term used as a description for someone who
breaks into a computer system, bypassing passwords
and codes, and any other ways to breach cybersecurity
through illegal means.
Motivated by self-satisfaction, malicious intent, and
solely to face the challenge.
Malicious Insiders
One of the top concerns in security for
companies.
- Estimated 85% of all fraud is committed by
employees who left, and/or are still employed.
- Usually, the reason is due to the weaknesses
in internal control procedures.
- Also called a “Turncloak” in which they abuse
legitimate credentials to steal sensitive
maliciously and intentionally.
- Can also be consultants, contractors, or
anyone who has access and works in the
company.
- Can be very difficult to stop once out of
control
Industrial
Spies
They obtain private data
and trade secrets illegally
from other competitors.
- Also known as a “Cyber
Espionage” or the user as a
“Mole”.
- The valuable trade
secrets are protected by the
Economic Espionage Act of
1996.
- Competitive Intelligence
Gather information
shown to the public
using legal techniques.
- Industrial Espionage
- Obtaining sensitive and
private information through
illegal means.
Cybercriminals
Can be a user or a group that
conducts illegal activities using
computers and other devices,
or by the use of the internet.
Engages in all forms of
computer fraud which can
cause a loss of customer trust
towards the company.
Chargebacks are given after a
user successfully disputed a
transaction from their account.
To reduce the potential threat
for online fraud sites.
Implementation of
Encryption Technology
Verification of address
submitted online against
the issuing bank
Request a Card Verification
Value (CVV)
Usage of Transaction-Risk
Scoring Software
Smart Cyberterrorists
Cards
- A group who engages in
- Contains a memory
cyberterrorism, which is the
chip that are updated convergence of cyberspace
with encrypted data and terrorism.
whenever it is used. - Launches illegal attacks
- Commonly used in and threats against
Europe, not much in the computer systems and
U.S. networks, which often
targets the government for
intimidation in order to push
their objectives.
- Causing harm rather than
obtaining information.
- Many experts believe
terrorist groups pose only a
limited threat to information
systems.
Reducing
Vulnerabilities
Risk Assessment
- Better Security
- Proper and Secure
combination of
technology, policy, and
people.
- Requires a variety of
actions to be effective.
- Assessment of threats
towards an organization’s
computers and network
- Identify which actions to
implement that address the
most serious vulnerabilities.
- Educate and assist the
users
- Constant monitoring to
detect possible intrusions
- Create and implement a
clear response plan
An organization should review
the following:
- Potential threats to
computer systems and
network
- Probability of the threats
occurring
- How frequent the
security detects a threat
- Identify and invest on
what’s best that can protect an
organization from the threats
that are most likely serious
- Reasonable assurance
- Improvement of security in
areas with:
- Very high estimated cost
- Poorest level of
protection
- Large number of
employees
Establishing a Educating Employees,
Security Policy Contractors, and
- A security policy defines:
PartTime Workers
- A group who engages in
- Requirements for an organization’s
security cyberterrorism, which is the
- Providing controls and sanctions
convergence of cyberspace
- Rules and guidelines that users need to
comply to and terrorism.
- Specify responsibilities and - Launches illegal attacks
appropriate behavior
and threats against
- Outlines what needs to be done, and
computer systems and
not how to do it
- Automated system policies should networks, which often
reflect written policies
targets the government for
- Trade-off between convenience and
security intimidation in order to push
- Areas of Concern: their objectives.
- E-mail Attachments
- Causing harm rather than
- Wireless Devices
obtaining information.
- External Storage Devices
- VPN can be used to relay - Many experts believe
communications on the internet while terrorist groups pose only a
maintaining privacy through security
limited threat to information
features.
- Encryption of originating and receiving systems.
network addresses for additional security.
 Educating Employees,
Contractors, and
PartTime Workers
- Educate the users about
the importance of security
- Through seminars,
virtual presentations, and
other means
- Encourage them to
understand and follow the
security policy
- Discuss recent security
incidents that have affected
the organization
- Give awareness on
possible threats
- Help protect information
systems by:
- Securing Passwords
- Keep passwords to self
- Applying strict access
controls to protect data
- Report of all unusual
activities
Prevention
- Implement a Layered
Security Solution
- To make computer
security breaches harder
Firewall
Limits network access by
allowing and blocking certain
apps and websites
Antivirus Software
Scans for a specific sequence
of bytes also known as virus
signature.
- Norton’s Antivirus, McAfee
- Regularly updated with
the latest virus detection
and adaptation information,
which is also called as
Definitions.
Departing Employees; secure
the network by promptly deleting
respective user accounts, Log-In
IDs, caches, and passwords.
- Carefully define employee
roles before authorization
- Create and assign roles and
user accounts
- Keep track of specific and
well-known vulnerabilities
- SANS (System Administration,
Networking, and Security)
Institute
- CERT/CC
- Provide back-ups on critical
applications and data regularly
- Perform a security audit and
report.
Detection
Detection systems can
catch intruders red-handed
- Intrusion Detection
System
- Regularly monitors and
checks the system and
network activities and
resources
- Sends out alert and
notifications to the proper
authority
- Intrusion and breach
from the outside
- Misuse and threat within
the organization
- Knowledge-based
Approach
- Behavior-based
Approach
 - Intrusion Prevention Systems
(IPSs)
- A cybersecurity tool that
regularly monitors a network for
unusual and malicious activities,
and takes action to prevent it by
reporting, blocking, or dropping it
when the threat occurs
- Viruses
- Malware
- Malformed Packets
- Other threats
- Placed directly behind the
Firewall
- Honeypot
- Provides possible hackers
with fake information about the
network, baiting and trapping
them if possible.
- E-mail Traps
- Decoy Server
- Malware Honeypot
- Spider Honeypot
- Well-isolated from the rest of
the network
- Can be used to extensively log
activities of the threats
Response
Threat and incident
notification defines;
- Those whom you can notify
- Those to avoid and never
notify
- Cybersecurity experts
recommend not to release
detailed information about a
security breach in public
forums
- Document all the necessary
details of a security incident
- All system events
- Date and Time of incident
- Specific actions done
- All external conversations
- Respond immediately to
contain an attack
- Eradication Effort
- Gather and log all possible
criminal evidence and traces
from the system
- Check and verify if all
backups are up to date and
complete
- Create new backups and
properly store them
- Follow-up
- Determine how the security
was compromised in order to
prevent the incident from
happening again.
- Review
- Determine exactly what
happened
- Evaluate the precautions and
response done by the
organization
- Capture the perpetrator
- Consider the potential for
negative publicity and loss of
trust
- Legal precedent
- Hold organizations
responsible for their own IT
security weaknesses.
CPE LAWS AND PROFESSIONAL PRACTICE

HEALTH &
SAFETY
CPE LAWS AND PROFESSIONAL PRACTICE

Why Workplace
Safety Ethics
important ?
Every employee values workplace safety because workers should
work in a secure and protected setting. Employees and employers
both benefit from working in a healthy and safe workplace.
Health Mental Health
It is important at every stage of life. Our
Concerns emotional, psychological, and social well-
being are all part of our mental health. It
has an impact on our thoughts, feelings,
and behaviors

Physical Health
ITaking care of one's physical health has
1 Mental Health been shown to boost one's emotional well-
being and can have an impact on others if
one's condition worsens.
2 Physical Health
 Repetitive Strain Injury
(RSI)

Health Iit is a condition that causes pain in the

muscles, nerves, and tendons as a result of
overuse.

Concerns Carpal Tunnel Disorder

3 Repetitive Strain Injury (RSI)
4 Carpal Tunnel Disorder
Moreale
5 Moreale
ICarpal tunnel syndrome is a condition in
which the hand and wrist experience pain,
numbness, tingling, and weakness. It occurs
when the median nerve, which runs through
the wrist, is under increasing strain. The
thumb, index, and middle fingers, as well as
half of the ring finger, are all supplied with
sensation by this nerve.
Employee morale refers to how employees feel
when they arrive at work, how they perform at
work, and how they approach their work tasks.
In a nutshell, moreale is the sum total of
employee contentment, outlook, and attitude.
How to include Workplace Safety
Ethics?

Encourage active employee participation and decision

making.
Clearly define employees' duties and responsibilities.
Promote work-life balance.
Encourage respectful and non-derogatory behaviors.
Manage workloads.
Allow continuous learning.
CPE LAWS AND PROFESSIONAL PRACTICE

Thank Have a great

day ahead.

you!