NURSING INFORMATICS

NCM 210 LEC MIDTERMS - BSN 2Q

Keep your message brief and specific (a

maximum guideline is one or two e-mail
LESSON 1: NETIQUETTE
screens worth).

5. Make the visual layout of your

NETIQUETTE
- Code of INTERNET because the
internet is a NETWORK and
ETIQUETTE is a CODE.
- Comparable to appropriate manners
in a professional or academic
setting.
USE OF NETIQUETTE
message pleasing for the recipient. It
should be easy to read, watch your spacing,
lower and upper case usage, indentation,
spelling, etc.
6. Do not capitalize an entire message
like this: IT MEANS YOU ARE SHOUTING
IN E-MAIL LAND!!! Use a combination of
upper and lower case characters, just as
you would if you were writing a pen and
paper letter or memo.

- Proper netiquette discourages 7. Always begin an e-mail message with a

people from: descriptive SUBJECT HEADING in five
● Flooding another person’s e-mail words or less. An appropriate subject line
inbox with spam mail or forwarded allows recipients to organize their e-mail
messages or messages using keywords or subject
● Misusing social network sites by headings.
posting personal information
unrelated to the online course
● In addition, especially in an online
class, netiquette includes using
standard fonts and font sizes that
are a readable size

NETIQUETTE GUIDELINES

1. Always be polite and considerate of

others. Never send or keep anything that
you would mind seeing broadcasted on the
Evening News.

2. Do not send mail or reply to mail when

you are "flaming", ...in other words angry,
tired, upset, or irritable. Cool off first. Wait
until you calm down or can speak to the
person directly.

3. Think before you reply!!! Do not write

anything online if you would not say the
same thing to the recipient face-to-face.

Be professional about what you write to

- In e-mail terminology, The difference
others (e-mail can be forwarded, and many
between Cc and Bcc is that carbon
people have ended up having the message
copy (CC) recipients are visible to all
forwarded to the person being gossiped
other recipients whereas those who
about).
are BCCed are not visible to anyone.

4. As a general rule, focus on one

subject or topic per e-mail message.
 - It is common practice to use the
BCC: field when addressing a very
long list of recipients, or a list of
recipients that should not
(necessarily) know each other, e.g.
in mailing lists.

8. Express emotions gracefully. Use

"Smileys" to add an indication of your
emotional intent.

SMILEYS

- Using existing keyboard characters,

you can create smileys which
substitute for non-verbal cues which
would normally be demonstrated
physically and by facial expressions T - IS IT TRUE?
when speaking face-to-face. H - IS IT HELPFUL?
I - IS IT INSPIRING?
N - IS IT NECESSARY?
K - IS IT KIND?

LESSON 2: DATA PRIVACY ACT

Data Privacy Act of 2012

(Republic Act of 10173)
- An act protecting individual personal
information in information and
CHARACTER DEFINITION communications systems in the
government and the private sector,
creating for this purpose a national
privacy commission, and for other
purposes.

Responsible Agency:
- Republic of the Philippines
(Department of Information and
Communications Technology)

Awareness
Breach Management
Compliance
Data protection officer and
Security measures
 ● Creation of the Dept. of Information
NATIONAL PRIVACY COMMISSION and Communications Technology
- To administer and implement the (DITC in 2015 (R.A no. 10844)
provisions of this Act, and to monitor ● The activation of the National
and ensure compliance of the Privacy Commission (NPC) in 2016.
country with International standards ● DPA’s Implementing and
set for data protection. Regulations was put in effect on
sept. 09, 2016.
FUNCTION OF NPC
● Rule making
● Advisory
● Public education
● Compliance and monitoring
● Investigations and complaints
● Enforcement

KEY ROLES IN THE DATA PRIVACY

Data Subjects (YOU)

- Refers to an Individual whose
sensitive personal, or privileged
information is processed.

COMPANY/AGENCY
Personal Information Controller (PIC)
- Controls the processing of personal
data, or instructs another to process
Which is more valuable?
personal data on its behalf.
DATA or MONEY
Personal Information Processor (PIP)
THE JOURNEY OF THE - Organization or individual who or
DATA PRIVACY ACT personal information controller may
outsource or instruct the processing
of personal data pertaining to the
● European Union’s 1995 Data
data of the subject.
Protection Directive
● Electronic commerce Act of 2000
Data Protection Officer (DPO)
(R.A. No 8792) - recognition and use
- Responsible for the overall
of electronic commercial and non
management of compliance to DPA.
commercial transactions and
documents.
REGULATOR
● Membership in the Asia-Pacific
National Privacy Commission
Economic Cooperation (APEC)
- Independent body mandated to
-privacy Framework in 2005.
administer and implement the DPA
● DTI Administrative Order No. in
of 2012, and to monitor and ensure
2006- which prescribed guidelines
compliance of the country with
for a Local data protection
informational standard set for
certification system.
personal data protection
● The DPA was signed into law in
2012, with the local BPO sector as
its most visible endorses.
 CLASSIFICATION OF PERSONAL
DATA

PERSONAL INFORMATION
- Refers to any information whether
recorded in a material form or not,
from which the identity of an
individual is apparent or can be
reasonably and directly ascertained
by the entity holding the information ,
or when put together with other
information would directly and PERSONAL INFORMATION EXAMPLES
certainly identify an individual ● Name
● Address
SENSITIVE PERSONAL INFORMATION ● Place or work
Refers to personal information about an ● Telephone number
individual’s: ● Gender
- Race,ethnic origin,marital status, ● Location of an individual at a
age, color, religious, philosophical or particular time
political affiliations, health, ● IP address
education, genetics, sexual life, any ● Birthplace
proceeding for any offense ● Birthdate
committed or alleged to have been ● Country or citizenship
committed, the disposal os such ● Citizenship status
proceedings, the sentence of any ● Payroll and benefits information
court in such proceedings; ● Contact Information

- Also Includes information issued by SENSITIVE PERSONAL INFORMATION

government agencies peculiar to an EXAMPLES
individual which includes, but not ● Race
limited to: (Social security numbers, ● Ethnic origin
previous or current health records, ● Marital status
licenses or its denials, suspension or ● Age
revocation, and tax returns) ● Color
● Religious affiliation
- And specifically established by an ● Philosophical affiliation
executive order or an act of ● Political affiliation
congress to be kept classified ● Health
● Education
● Genetics
PRIVILEGED INFORMATION ● Sexual life
- Privileged means that which is to be ● Proceeding for any offense
only shared between specific parties committed or alleged to have been
and not admissible in court, committed, the disposal of such
protected from a subpoena. proceedings, the sentence of any
court in such proceedings
● Social security number
● Tax returns
● Other personal info issued by
government agencies
● Bank and credit/debit card numbers
● Website visited
● Materials downloaded
● Any other information reflecting
preferences and behaviors of an
individual
● Grievance information
● Discipline information
 ● Leave absence reason
● Licenses or its denials, suspension
or revocation
PRIVILEGED INFO. EXAMPLES
● Data received within the context of a
protected relationship- husband and
wife
● Data received within the context of a
protected relationship - attorney and
client
● Data received within the context of a
protected relationship-priest and
penitent
● Data received within the context of a
protected relationship- Doctor and
patient
RIGHTS OF THE DATA SUBJECT
- Right to be informed - IRR, Section
34.a
- Right to object - IRR, Section 34.b
- Right to access - IRR, Section 34.c
- Right to data portability - IRR,
Section 36
- Right to correct (rectification) - IRR,
Section 34.d
- Right to erasure or blocking - IRR,
Section 34.e
- Right to file a complaint - IRR,
Section 34.a.2
- Right to damages - IRR, Section 34.f
- Transmissibility of Rights - IRR,
Section 35
RIGHT TO BE INFORMED
(a) Be informed whether personal
information pertaining to him or her shall
be, are
being or have been processed;
(b) Be furnished the information indicated
hereunder before the entry of his or her
personal information into the processing
system of the personal information
controller, or at the next practical
opportunity:
(1) Description of the personal information
to be entered into the system;
(2) Purposes for which they are being or are
to be processed;
(3) Scope and method of the personal
information processing;
(4) The recipients or classes of recipients to
whom they are or may be disclosed;
(5) Methods utilized for automated access, if
the same is allowed by the
data subject, and the extent to which such
access is authorized;
(6) The identity and contact details of the
personal information controller or its
representative;
(7) The period for which the information will
be stored;
(8) The existence of their rights, i.e., to
access, correct, as well as the right to lodge
a complaint before the commission.
PRIVACY NOTICE
- Statement made to a data subject
that describes how organization
collects, uses, retains and discloses
- personal information. Sometimes
referred to as a privacy statement,
a fair processing statement.
COOKIES
- is a block of data that a webserver
places on a user’s PC to ease
navigation through the site. It is also
a useful means for the website in
identifying the user, tracking the
user’s path through the site, and
identifying repeat visits to the site by
the same user leading a website
owner to profile an individual user's
browsing habits and done without
the knowledge and consent of the
user.
THE RIGHT TO OBJECT
- The data subject shall have the right
to object to the processing of his
or her personal data, including
processing for direct marketing,
automated processing or
profiling. The data subject shall
also be notified and given an
opportunity to withhold consent to
the processing in case of changes or
any amendment to the information
supplied or declared to the data
subject in the preceding paragraph.
Exceptions:
● When personal data is needed
pursuant to a subpoena
 ● when the processing or purposes is
pursuant to a contract between the
personal information controller and
the data subject.
● When the information is being
processed as a result of a legal
obligation
● And in terms of claiming benefits
● And of course a third source of a
legal obligation
RIGHT TO ACCESS
- The data subject has the right to
reasonable access to, upon
demand, the following:
1. Contents of his or her personal data
that were processed
2. Sources from which personal data
were obtained
3. Names and addresses of recipients
of the personal data
4. Manner by which such data were
processed
5. Reasons for the disclosure of the
personal data to recipients, if any
6. Information on automated processes
where the data will, or is like to, be
made as the sole basis for any
decision that significantly affects or
will affect the data subject
7. Data when his or her personal data
concerning the data subject were
last accessed and modified and
8. The designation, name or identity
and address of the personal
information controller.
What can the Data Subject demand
access?
● Personal data
● Contents of my data with the agency
● Sources of personal data from
another agency
● Name and address of recipient of
your data
● The manner and methods of
processing
● The reason of the disclosure
● Information about automated
processes
● Date when the personal data was
last access and modify
● Designated name and personal
information of the comptroller
RIGHT TO RECTIFICATION
- The data subject has the right to
dispute the inaccuracy or error in the
personal data and have the personal
information controller correct it
immediately and accordingly,
unless the request is vexatious or
otherwise unreasonable.
RIGHT TO ERASURE OR BLOCKING
- The data subject shall have the right
to suspend, withdraw or order the
blocking, removal or destruction
of his or her personal data from the
personal information controller’s
filing system.
RIGHT TO ERASE OR BLOCK
- If the data is incomplete
- Outdated false or unlawfully
- Obtained if it’s being used for
another
- Processes purposes if it’s no longer
necessary
- If the data subject withdraws
consent objection to processing and
there is no other legal ground
- The processing becomes unlawful
and if the personal information
controller or personal information
process or violated the rights of the
data subject.
RIGHT TO DAMAGES
- The data subject shall be
indemnified for any damages
sustained due to such inaccurate,
incomplete, outdated, false,
unlawfully obtained or unauthorized
use of personal data, taking into
account any violation of his or her
rights and freedoms as data subject.
RIGHT TO DATA PORTABILITY
- Where his or her personal data is
processed by electronic means and
in a structured and commonly used
format, the data subject shall have
the right to obtain from the personal
information controller a copy of such
data in an electronic or structured
format that is commonly used and
allows for further use by the data
subject.
RIGHT TO COMPLAINT
- Any of the violation of the Rights of
the data subject they can file a
complaint to the NATIONAL
PRIVACY COMMISSION
TRANSMISSIBILITY OF RIGHTS
- Transmissibility of the right if
someone dies the lawful heirs of that
person can continue to invoke the
right of the data subject
 ● Unauthorized access or intentional
APPROACH OF GOVERNMENT TO
breach
ADHERE THE PRINCIPLES
● Concealment of security breaches
involving sensitive personal
1. Principle of Transparency information
- A data subject must be aware of the ● Malicious Disclosure
nature, purpose, and extent of the ● Unauthorized Disclosure
processing of his or her personal
data, including the risks and
safeguards involved, the identity of
the personal information controller,
his or her rights as a data subject,
and how these can be exercised.
Any information and communication
relating to the processing of
personal data should be easy to
access and understand, using clear
and plain language.

2. Principle of Legitimate Purpose

- The processing of information shall
be compatible with a declared and
specified purpose, which must not
be contrary to law, morals, or public
policy.

3. Principle of Proportionally
- The processing of information shall
be adequate, relevant, suitable,
necessary, and not excessive in
relation to a declared and specified
purpose. Personal data shall be
processed only if the purpose of the
processing could not reasonably be
fulfilled by other means.

Avoid this mentality:

“Just in case we need it”
“ this is what we always do”

PENALTIES

- Ranging from P100,000 to

P5,000,000
- Imprisonment of 1 year up to 7
years
● Unauthorized processing of personal
and sensitive personal information
● Accessing personal information and
sensitive personal information due to
negligence
● Improper Disposal of Personal
Information and Sensitive Personal
Information
● Processing of personal information
and sensitive personal information
for Unauthorized Purposes