DATA PRIVACY AWARENESS

Personal Personal
DATA ECOSYSTEM Information Information
Controller Processor
Data Subject (PIC) (PIP)

provide outsources
personal data the
processing

• Personal Information Third

• Sensitive Personal Parties
Information
• Privilege Information
shares data sub-contracts
 HISTORY

Mandatory Mandatory
Compliance Registration

Data Privacy Act Implementing Rules

(RA 10173) & Regulations
Privacy & Deputy Privacy National Privacy
Commissioners Commission Gov’t Agencies &
Private Companies

DICT Act of 2015

(RA 10844)

DICT

Sept 2017 –
2012 Mar 2016 May 2016 Aug 2016
Mar 2018

*DICT – Department of Information and Communications Technology

** Deadline of Registration:
Phase I: Registration of DPO – until September 9, 2017
Phase II: Registration of personal data processing systems – until March 8, 2018
 TYPES OF DATA
Personal
information
► Information, whether recorded
in a material form or not, from
which the identity of an
individual:
► is apparent, or
► can be reasonably and
directly ascertained by the
entity holding the
information, or
► when put together with
other information would
directly and certainly
identify an individual (IRR)
► Name
► Home address
► Phone number
Sensitive personal Privileged
information information
► Personal information whose leakage ► Anyand all forms of data
could impact the material well being of which under the Rules of
an individual (EU GDPR). Court or other pertinent laws
constituted privileged
► Race, ethnic origin, marital status,
communications. (IRR)
age, color, religious, philosophical or
political affiliation. ► Attorney-client privileged
► Health, education, genetic or sexual information
life, offenses committed or alleged, ► Doctor-patient privileged
disposal of such, or sentences of any information
court.
► Issued by any government agency
peculiar to an individual such as SSS
numbers, previous and current
health records, licenses, denials,
suspension or revocation, and tax
returns.
► Specifically
established by an
executive order or an act of
Congress to be kept classified. (IRR)
KNOWLEDGE CHECK
DATA PI or SPI or N/A?

Gender (Male or Female) SPI

School graduated from
and year graduated SPI
A company’s contact
number N/A
E-mail addresses that is
only collected by PI
websites

Office or home address PI

RIGHTS OF DATA SUBJECT

Consent Object Access Correct

Erase Damages Data

Portability
 What can
you do to
protect
your data?
ROLES OF DATA SUBJECT
Physical Security
Do’s
• Secure storage of hardcopy
documents by locking filing
cabinets and giving access only
to those authorized and
required to fulfill processing of
these documents
• Secure destruction/disposal
of hardcopy documents
• Control over printing of
documents containing personal
data
• Clear the workstation from
any documents containing
personal data.
Technical Security
Do’s
• Do not share passwords with
anyone, use of highly complex
passwords)
• Encrypt sensitive attachments being
sent through e-mail and send the
password in a separate e-mail with a
different subject
• Lock the home screen of the
workstation when leaving it unattended
• Beware of phishing attacks
• Always shut down and/or restart the
computers to keep the operating
systems and anti-virus software up
to date
• Refresh History if you’re using public
PHISHING