Professional Documents
Culture Documents
a. Identification of a passport
applicant pursuant to a
scheduled appointment;
Storage
DFA Online Passport Appointment Personal data processed online are stored in the
System- filled out application form DFA Data Center in the Philippines. If applicant
access or use the DFA Online Passport Appointment
System Website outside of the Philippines, personal
data is collected where he/she is at. These are then
transferred to our Data Center in the Philippines,
protected by layers of organizational,
technological, and physical measures. Paper copies
of application forms and other documentary
requirements are stored in a locked fire-proof steel
cabinet at the DFA office.
Transmission
Paper requirements collected from the applicants
will be transmitted from the Passport on Wheels
site to DFA office.
Data Subject/s
Data Life
who are
Cycle
Impacted
Adult Applicants
ACQUISITION/
COLLECTION
Adult Applicants
ACQUISITION/
COLLECTION
Adult Applicants
ACQUISITION/
COLLECTION
Adult Applicants
TRANSFER/
DISCLOSURE:
Adult Applicants
TRANSFER/
DISCLOSURE:
Adult Applicants
RETENTION/
DISPOSAL
Adult Applicants
RETENTION/
DISPOSAL
tification & Assessment & Controls
assessment of the identified risks per privacy domains and principles, against existing controls and recomm
The DFA Online Passport Appointment System Website may contain links to
other websites, apps, content, services, or resources on the Internet which are 1 0
operated by third parties.
Copies of the Application forms submitted by the data subjects and the
Government-issued documents may be lost or destroyed, whether accidentally or
0 0
intentionally, due to unsecure physical storage for the said paper documents.
Availability of the personal data is at risk
The personal data collected by the DFA may be used by a malicious insider that
may leak, sell, and use for other illegitimate purpose not defined in the scope of 1 0
the DPS.
Electronic records that are supposed to be disposed may still be existing because
0 1
there is no standard Retention and Disposal Schedules
ontrols
ng controls and recommend mitigations including quick wins.
Type of Threat
Availability Unauthorized Violation
S L R Risk Level
0 0 1 2 2 4 Low
0 0 1 2 3 6 Medium
0 0 1 2 4 8 Medium
1 0 1 3 2 6 Medium
1 1 1 4 2 8 Medium
1 0 1 4 2 8 Medium
0 1 1 3 2 6 Medium
0 1 1 4 1 4 Low
0 1 1 2 2 4 Low
1 0 1 3 1 3 Low
1 0 1 2 3 6 Medium
0 1 1 2 3 6 Medium
Proposed Control Measures
Organizational Physical
-- --
09/01/2022 09/08/2022 7 1 1 1
-- 09/01/2022 09/30/2022 29 2 1 2
10/01/2022 10/31/2022 30 1 1 1
-- 11/01/2022 11/30/2022 29 3 1 3
-- 11/10/2022 11/20/2022 10 1 1 1
-- 11/20/2022 11/30/2022 10 1 1 1
-- 12/01/2022 12/31/2022 30 2 2 4
Negligible
Low
Low
Negligible
Low
Low
Low
Low
Negligible
Negligible
Low
Low
PRIVACY RISK MAP
BEFORE
HIGH
4 4 8 12 16
3 3 6 9 12
2 2 4 6 8
MEDIUM
1 1 2 3 4
LOW
NEGLIGIBLE
OVERALL ASSESSMENT
Based on the Privacy Impact assessment performed on the program DFA
Passport on Wheels (For new Adult Applicants Only), the DFA Data Privacy
Office is recommending its commencement.
After all the recommended security controls have been implemented, the
identified privacy risks decreased in both likelihood and severity, which led the
team to conclude that the residual risks are negligible compared to the programs
overall benefits. Hence, the program may proceed to its implementation.
CY RISK MAP
AFTER
HIGH
4 4 8 12 16
3 3 6 9 12
2 2 4 6 8
MEDIUM
1 1 2 3 4
LOW
NEGLIGIBLE
Name of Data Processing System
g
ATTACHMENTS
1 Notice of meetings
2 Participants' Attendance
3 Budget
4 Photos
5 Others