Data Privacy Act of the Philippines
 Implementing rules and regulations of Republic
Act 10173, known as the "Data Privacy Act of
2012‘
General data privacy principles.
 The processing of personal data shall be
allowed, subject to compliance· with the
requirements of the act and other laws allowing
disclosure of information to the public, and
adherence to the principles of transparency,
legitimate purpose, and proportionality.
Principles of transparency, legitimate purpose and
proportionality.
Transparency.
 The data subject must be aware of the. nature,
purpose, and extent of the processing of his or
her personal data, including the risks and
safeguards involved, the identity of personal
information controller, his or her rights as a
data subject, and how these can be exercised.
 Any information and communication relating to
the processing of personal data should be easy
to access and understand, using clear and plain
language.
Legitimate purpose.
 The processing of information shall be
compatible with a declared and specified
purpose which must not be contrary to law,
morals, or public policy
Proportionality.
 The processing of information shall be
adequate, relevant, suitable, necessary, and not
excessive in relation to a declared and specified
purpose. Personal data shall be processed only
if the purpose of the processing could not
reasonably be fulfilled by other means.
General principles in collection, processing and
retention
 The processing of personal data shall adhere to·
the following general principles in the
collection, processing, and retention of personal
data:
 A. Collection must be for a declared, specified,
and legitimate purpose,
 B. Personal data shall be processed fairly
and .lawfully.
 C. Processing should ensure data: quality.. ,
 D. Personal data shall not be retained longer
than necessary.
 E. Any authorized further processing shall have
adequate safeguards.
Data privacy and security.
 Personal information controllers and personal
information processors shall
implement ,reasonable .and, appropriate
organizational, .. physical, and technical security
measures for the protection of personal data.
 These measures shall be implemented to
protect personal data against natural dangers
such as accidental loss or destruction, and
human dangers such as-unlawful access,
fraudulent misuse, unlawful .destruction,
alteration and contamination.
Privacy
 A state of mind, freedom from intrusion, or
control over the exposure of self or personal
information
Security
 Information security and confidentiality of
personal information represent major concerns
 in today’s society amidst growing reports of Security Measures
stolen and compromised information.
firewalls
Information security
 barrier created from software and hardware
 The protection of information against threats to  User sign-on and passwords or other means of
its integrity, inadvertent disclosure, or identity management
availability determines the survivability of a  Access on a need-to-know basis- level of access
system  automatic sign-off physical restrictions to
systems
Information system security
Identity management
 Ongoing protection of both information housed
on the system and the system itself from  Area that deals with identifying individuals in a
threats or disruption system and controlling their access to resources
 Primary goal within that system By associating user rights
- Protection of client confidentiality and restrictions with the established identity
- Protection of information integrity
authentication
- Ready availability of information when
needed  Process of determining whether someone is
Security planning who he or she professes to be
 methods:
 Saves time - access codes
 Guard against: - logon passwords
- Downtime - digital certificates
- Breeches in confidentiality - public or private keys used for encryption
- Loss of consumer confidence and biometric measures
- Cybercrime
password
- Liability
- Lost productivity  Collection of alphanumeric characters that the
 Helps ensure compliance with regulatory user types into the computer
body/laws  May be required after the entry of an access
code or user name
Steps to Security
 Assigned after successful system training
 Assessment of risks and assets  Inexpensive but not the most effective means of
 An organizational plan authentication
 A "culture" of security
password selection and handling
 The establishment and enforcement of policies
 Do:
Threats to System Security and Information
- Choose passwords that are 8-12 characters
 Thieves long.
 Hackers and crackers - Avoid obvious passwords.
 Denial of service attacks - Keep your password private- ie, do not
 Terrorists share.
 Viruses, worms - Change password frequently.
 Flooding sites  Do not:
 Power fluctuations - Post or write down passwords.
 Revenge attacks - Leave computers or applications running
when not in use.
 - Re-use the same password for different
systems.
- Use the "browser save" feature.
Biometrics
 Identification based on a unique biological trait,
such as:
- a fingerprint
- voice or iris pattern
- retinal scan
- hand geometry
- face recognition
- ear pattern
- smell
- blood vessels in the palm
- gait recognition
Antivirus software
 Computer programs that can locate and
eradicate viruses and other malicious programs
from scanned memory sticks, storage devices,
individual computers, and networks
Spyware Detection Software
 Spyware
- a type of software that installs itself without
the user's permission, collects passwords,
PIN numbers, and account numbers and
sends them to another party
 Spyware Detection Software
- Detects and eliminates spyware
Organizational Security Measures
 Where appropriate, personal information
controllers and personal information processors
shall comply with the following guidelines for
organizational security
 A. Compliance officers
 B. Data protection policies.
 C. Records of processing activities.
 D. Management of human resources.
 E. Processing of personal data
Rights of Data Subjects
 Right to be informed.
 Right to object.
 Right to access.
 Right to rectification.
 Right to erasure or blocking.
Data Privacy Act as Applied In Nursing Practice Nurse's
Guidelines to avoid Data Breach
Maintain
 Maintain the integrity of patient confidentiality-
DO NOT SHARE INFORMATION ABOUT THE
PATIENT TO THOSE OUTSIDE OF CARE
Seek
 If you are unsure about disclosing a patient's
information, seek guidance from the Hospital’s
Data Protection Officer (DPO)
Know by
 Know by heart your hospital's Privacy Manual
without fail
Seek
 Never seek information about a patient for
whom you are not providing care.
Maintain
 Always maintain your patient's information
confidential.
Get
 Always get consent in obtaining information as
well as in taking photographs
Ten Rules of Netiquette
 There are Ten rules of Netiquette that everyone
who goes online should follow.
 You should remember them every time you go
online.
 Netiquette is a set of rules for behaving
properly online.
The ten rules are as follows.
Rule No. 1: Remember the Human
 You need to remember that you are talking to a
real person when you are online.
 The internet brings people together who would
otherwise never meet.
 Remember this saying when sending an email:
Would I say this to the person's face.
Rule No.2: Adhere to the same standards online that
you follow in real life
 You need to behave the same way online that
you do in real life.
 You need to remember that you can get caught
doing things you should not be doing online just
like you can in real life.
 You are still talking to a real person with
feelings even though you can't see them.
Rule no. 3: Know where you are in cyberspace.
 Always take a look around when you enter a
new domain when surfing the web.
 Get a sense of what the discussion group is
about before you join it.
Rule no.4: Respect other people's time and bandwidth.
 Remember people have other things to do
besides read your email. You are not the center
of their world.
 Keep your post and emails to a minimum by
saying what you want to say.
 Remember everyone won't answer your
questions.
Rule No. 5: Make yourself look good online.
 Remember to always check your spelling and
grammar before posting.
 Always know what you are talking about and
make sense saying it.
 Be polite and pleasant to everyone.
Rule no. 6: Share expert knowledge
 Ask questions online
 Share what you know online.
 Post the answers to your questions online
because someone may have the same question
you do.
Rule No.7: Help keep flame wars under control
 Netiquette does not forbid flaming.
 Netiquette does however forbid people who
are flaming to hurt discussion groups by putting
the group down.
Rule No. 8: Respect other people's privacy
 Do not read other people's mail without their
permission.
 Going through other people's things could cost
you your job or you could even go to jail.
 Not respecting other people's privacy is bad
Netiquette.
Rule No.9: Don't abuse your power.
 Do not take advantage of other people just
because you have more knowledge or power
than them.
 Treat others as you would want them to treat
you if the roles were reversed.
Rule No. 10: Be forgiving of other people's mistakes.
 Do not point out mistakes to people online.
 Remember that you were once the new kid on
the block.
 You still need to have good manners even
though you are online and can not see the
person face to face.
Email Etiquette
 There are etiquette rules for email messages
also. They are as follows:
 Check your email daily
 Delete unwanted messages.
 Keep messages in your box to a minimum
 Mail messages can be downloaded and save for
future references.
 Never assume that your Email can be read by
no one but yourself.
 Remember there are always be lurking around
online
Ten Commandments of Computer Ethics
Ten commandments taken from the User Guidelines
and Netiquette By Arlene Rinaldi, Ten commandments
are as follows:
 Thou shalt not use computer to harm people.
 Thou shalt not interfere with other people's
work.
 Thou shalt not snoop around other people's
files.
 Thou shalt not use a computer to steal
  Thou shalt not use a computer to bear false
witness
 Thou shalt not use or copy software.
 Thou shalt not use other people's computer
resources.
 Thou shalt not appropriate other people's
intellectual output.
 Thou shalt think about the social consequences
of the program you write.
 Thou shalt use a computer in ways tha show
consideration and respect.
Netiquette
 Remember the Ten rules of Netiquette and the
Ten commandments for computer Ethics while
you are online and you will not have any
problems.
Determine if the following information is considered
(P) Personal Information or (SP) Sensitive Personal
Information:
SET B. Give at least 8 offline measures to keep your
physical data secure:
Answer SET B
 Lock rooms containing confidential information
when not in use.
 Make sure employees don't write their
passwords down.
 Use swipe cards or keypads to access the office.
 Use CCTV cameras to monitor your office space.
 Shield keyboards when inputting passwords.
 Shred confidential waste.
 Use forensic property marking equipment and
spray systems to mark assets.
 Use anti-climb paint on exterior walls and
drains.
 Install an alarm system.
 Place bars on ground floor windows.
 Hide valuable equipment from view when not
in the office.
 Assign a limited number of trustworthy
employees as key safe holders.

SET A Answer Key

 Name p
 Race SPI
 Ethnic Origin SPI
 Place of Work p
 Color SPI
 Marital Status SPI
 Telephone number p
 Gender p
 Genetics SPI
 Sexual Life SPI .
 Health SPI
 Education SPI
 Birth date p
 Citizenship p
 Location at a particular time p
 Political Affiliations SPI