Professional Documents
Culture Documents
Pia Dilgncr Ordlegal
Pia Dilgncr Ordlegal
Is there a lawful basis for processing personal data? y DILG mandate on conduct of Fact Finding
Please specify the lawful basis in the remarks Investigations
section.
DILG Memorandum, dated May 8, 2012, of
Asec. Rolando M. Acosta: Re: Conduct of
Fact-Finding in the Exercise of General.
Supervision over Local Government Units
Is the processing compatible with a declared and y 1. Information gathered will only be used
specified purpose which are not contrary to law, for the concern raised;
morals, or public policy? Please specify purpose (s) 2. Should the DS request for his name and
in the remarks section contact information to be withheld in
Indorsements to be made, PACD will
adhere to the same and make the
necessary means to still act on the
concern.
Are all the functionalities aligned to the purpose? y
Proportionality Yes No N/A Remarks/Justification
Is the processing of personal data adequate, y 1. Information gathered will only be used for
relevant, suitable, necessary and not excessive in the concern raised;
relation to its declared and specified purpose?. 2. Should the DS request for his name and
contact information to be withheld in
Indorsements to be made, PACD will
adhere to the same and make the necessary
means to still act on the concern.
Has the necessity of processing each personal y Considering all prior complaints, requests
data been assessed? received, all the info requested are necessary.
Is it possible to achieve the purpose by processing n Name, contact details (address and email) are
fewer personal data? Please explain in remarks necessary, as these are to be used for Office to
section. inform the complainant on any action made on
a concern raised.
*Should the DS request for his name and contact information to be
withheld in Indorsements to be made, PACD will adhere to the
same and make the necessary means to still act on the concern.
Will the “need-to-know" principle be adopted y
when granting access to personal data?
Proportionality Yes No N/A Remarks/Justification
Does the processing use the least intrusive y 1. Information gathered will only be used
for the concern raised;
& most privacy-preserving method based on
2. Should the DS request for his name and
industry standards? contact information to be withheld in
Indorsements to be made, PACD will
adhere to the same and make the
necessary means to still act on the
concern.
Will the processing stop once the purpose is y
achieved?
Proportionality Procedures to exercise Controls Acceptable Remarks/Justification
(Y | N)
Right to be informed The client is informed that we have to DPN will be placed in the y Name, contact details (address and email) are
ask all the information needed for PACD area beside the necessary, as these are to be used for Office to
forms box, so that client
proper reply to be made in the concern inform the complainant on any action made on a
can read it also even with
he raised. the PACD officer concern raised.
explaining prior.
DPN will be placed in the PACD area *Should the DS request for his name and contact
beside the forms box, so that client can information to be withheld in Indorsements to be
read it also even with the PACD officer made, PACD will adhere to the same and make th
explaining prior. necessary means to still act on the concern.
Right to erasure
Right to damages
Right to rectify
1. The personal data you collect
2. The form and channels through which personal data is collected
3. The purpose for collecting personal data
4. How personal data is used
5. To whom personal data is shared whether internally or externally
6. Who is authorized to access
7. How and where data is kept
8. How long data is kept
9. Disposal of data
Data Lifecyle Controls Acceptable Infosec Type Remarks/Justification
(Y | N |
N/A)
C I A O P T
Collection
Use
Storage/Retention
Disclosure/Sharing
Disposal
1. The personal data you collect
2. The form and channels through which personal data is collected
3. The purpose for collecting personal data
4. How personal data is used
5. To whom personal data is shared whether internally or externally
6. Who is authorized to access
7. How and where data is kept
8. How long data is kept
9. Disposal of data
Data Lifecyle Controls Acceptable Infosec Security Measures
(Y | N | N/A)
C I A O P T
Collection
Use
Storage/Retention
Disclosure/Sharing
Disposal