Professional Documents
Culture Documents
Information Privacy
Privacy involves the policies, procedures, and other controls that determine which
personal information is collected, how it is used, with whom it is shared, and how individuals
who are the subject of that information are informed and involved in this process. 1 Even though
Information Privacy is not a technological concept, discussions about privacy are intertwined
The Information Age, despite all of its benefits, must be looked upon as having been
disastrous from the perspective of protecting one’s personal privacy. Sharing private
information has become such a common activity that many people share highly sensitive
information freely about themselves, their lives, and their preferences without ever considering
the consequences. Moreover, access to private information is easily threatened with the use of
To prevent data leaks and protect people’s identity and safety, countries around the
world have developed regulations, such as the Health Insurance Portability and Accountability
Act in the U.S, and the EU General Data Protection Regulation, to oblige businesses that work
with data to employ certain security measures. However, it is somewhat paradoxical in that
organizations and governments are also asking for and collecting more private or sensitive
personal information (e.g Foreign Account Tax Compliance Act in the U.S, and China’s
One caveat in implementing privacy laws is the requirement for personal data to be
protected but simultaneously be readily available for monitoring of illegal activities. The two
juxtaposed requirements differ in severity depending on the country and the context of how
data is used.
definition of "sensitive personal data" specified in the laws. Vietnamese law does not
differentiate between general personal information and sensitive personal information, except
for highly controlled industries such as banking and finance. Vietnam does not have a
consolidated piece of legislation on the protection of personal data. 3 Instead, rules and
regulations on personal data protection can be found in several laws, including general laws
such as the Civil Code and the Law on Cyberinformation Security and sectoral laws such as the
privacy and personal data are under the responsibility of the Ministry of Information and
Communications (MIC). 4
The legal framework for privacy remains underdeveloped and in practice, privacy,
confidentiality and anonymity are not seen as important. Without data privacy legislation and a
single national data protection authority in the country, my personal data is easily collected and
used. Companies can disclose personal information to third parties for the purpose of
marketing without obtaining consent. Mobile users in Vietnam are plagued with frequent
invasive spam text messages, random alerts, gambling services advertisements, and cold calls
With the rise of foreign investors in Vietnam, The Ministry of Public Security has issued a
Draft Decree on Personal Data Protection last year to consolidate all data protection laws and
regulations into one comprehensive data protection law.6 The draft decree covers other issues
As an educator, the kinds of information we collect from students in school can be very
detailed. It can range from behavioral and disciplinary information, health declaration (in
regards to CoVid-19) and traditional aspects like grades and classroom performance. Since the
laws regarding the collection, processing, and publication of children’s data are minimal, it is
the teacher’s responsibility to treat the data privacy of the students following one of the
principles in the Draft Decree - Principle of Simplification. Personal data shall only be collected if
Teachers also need to have an active role in imparting students the importance of
information privacy. With students’ awareness of their digital behavior, and the knowledge of
internet service providers & cloud storage having access to their information and activity, they
can apply online security practices such as using VPN, and limiting social network information
sharing. Teaching and modeling responsible digital behavior support the school in safe digital
practice.
.
Artria Grace Alimurung
The HIPPA is a United States federal law that protects the privacy and security of
patients’ health-related data and personal information. Regulations are conducted by the Office
for Civil Rights of the U.S Department of Health and Human Services. HIPAA has 3 main rules:
(1) The Privacy Rule safeguards people’s health information (PHI) and medical records of
individuals - with limits and conditions on the various uses and disclosures that can and cannot
be made without patient authorization. (2) The Security Rule, on the other hand, describes
steps an organization has to take to protect patient data. That includes administrative,
technical, and physical aspects of data security measures. Finally, the (3) Breach Notification
Rule establishes protocols on how to react and who to notify if a data leak happens. 7
Private or sensitive health information is commonly sold or shared for research and case
study. Patients typically have little knowledge or control over such exchanges. HIPPA
regulations dictate institutions how to use and disclose personal information, how to manage
security and assess risks, and how to respond to security incidents. HIPPA compliance lowers
The FATCA is a United States federal law, with extraterritorial effects, that enforces the
requirement for American citizens, including those living outside the U.S., to file yearly reports
on their non-U.S. financial accounts to the Financial Crimes Enforcement Network. This citizen-
based taxation was implemented as a reaction to banking scandals where wealthy Americans
financial institutions to report back to the Internal Revenue Service (IRS) details of any
American that has accounts outside the U.S. If these banks don’t comply, they face harsh severe
penalties such as 30% tax and exclusion from the U.S financial system. 8
With regard to information privacy, the banks need to be transparent and tell the
customers what they’re going to do with their data. Personal data should only be processed to
the extent that it’s necessary, to achieve the objective. Although it is a deterrent to banking
secrecy, there remains a critical threat: data collection. The FATCA allows massive amounts of
private financial data to be collected, shared, and analyzed across countries via the internet.
The information is also routinely collected without the explicit consent of individuals
themselves. And because that is how data is exchanged, it exposes a compliant citizen to huge
risks of hacking. The government cannot provide any reliable assurance that the private
financial information obtained on millions of U.S. and non-U.S. citizens can be in any meaningful
The AMLA (Republic Act 9160) was passed by Congress in order to protect and preserve
the integrity and confidentiality of bank accounts and to ensure that the Philippines shall not be
9
used as a money-laundering site for the process of any unlawful activity. Republic Act 11521
introduces amendments to the Anti-Money Laundering Act to strengthen its provisions. Section
3 of the same Act adds two new covered persons: (1) offshore gaming operators and their
service providers that are regulated by PAGCOR, and (2) real estate developers and brokers.
These covered persons are now required to report covered and suspicious single cash
transactions exceeding Php 5 million and Php 7.5 million respectively to the Anti-Money
Laundering Council. 10
When it comes to real estate, there are many ways to finance the purchase of a
property - the most common is bank financing and cash. Real estate has been used in the past
to clean up “dirty money”. Funds are acquired illegally, and then real estate is bought and
resold to legitimate funds. In disclosing the transactions to the council, the two new covered
persons should follow the principles of limited use, purpose specification, and safeguarding
security. Personal data should only be collected for specified, explicit, and legitimate purposes
and not further processed in a manner that is incompatible with those purposes. Procedures
11
must be established to protect sensitive information from being lost, damaged, or misused.
Artria Grace Alimurung
References:
1 Lauren Steinfeld and Kathleen Sutherland Archuleta, "Privacy Protection and Compliance in
Higher Education: The Role of the CPO," EDUCAUSE Review, vol. 41, no. 5 (September/October
2 Stanford Education
https://plato.stanford.edu/entries/it-privacy/
http://en.bocongan.gov.vn/news-events/pm-requests-stepping-up-national-digital-
transformation-project-t8739.html
https://www.mic.gov.vn/mic_2020/Pages/VanBan/danhsachvanban.aspx?LVB=100
http://english.mic.gov.vn/Pages/TinTuc/144407/OTT-messages-advertising-illegal-gambling-
are-harassing-mobile-phone-users.html
http://en.bocongan.gov.vn/news-events/workshop-on-personal-data-protection-on-
cyberspace-t7542.html
https://www.cdc.gov/phlp/publications/topic/hipaa.html
https://www.irs.gov/businesses/corporations/foreign-account-tax-compliance-act-fatca
http://www.amlc.gov.ph
10 http://www.amlc.gov.ph/images/PDFs/RA%2011521.pdf
11 UK Legislation
https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted