Scribd Logo
Upload

Welcome to Scribd!

  • Pia Dilgncr Ordlegal

    Uploaded by

    gayle baligod
    6 views15 pages
    The document outlines the personal data collection, use, storage and sharing policies for a Public Assistance and Complaints Desk (PACD). It summarizes that PACD collects names, contact information, and other personal details from clients who visit in person or submit complaints via email. The data is collected to address clients' concerns and inquiries, and is stored securely for two years before disposal. Authorized PACD staff can access the data to handle cases. The document also provides guidelines on clients' rights to information, access, objection and rectification of their personal data.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document outlines the personal data collection, use, storage and sharing policies for a Public Assistance and Complaints Desk (PACD). It summarizes that PACD collects names, contact information, and other personal details from clients who visit in person or submit complaints via email. The data is collected to address clients' concerns and inquiries, and is stored securely for two years before disposal. Authorized PACD staff can access the data to handle cases. The document also provides guidelines on clients' rights to information, access, objection and rectification of their personal data.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views15 pages

    Pia Dilgncr Ordlegal

    Uploaded by

    gayle baligod
    The document outlines the personal data collection, use, storage and sharing policies for a Public Assistance and Complaints Desk (PACD). It summarizes that PACD collects names, contact information, and other personal details from clients who visit in person or submit complaints via email. The data is collected to address clients' concerns and inquiries, and is stored securely for two years before disposal. Authorized PACD staff can access the data to handle cases. The document also provides guidelines on clients' rights to information, access, objection and rectification of their personal data.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    1. What Personal data do you collect?

    2. In what form and through which channels?


    3. For what purpose you collect personal data?
    4. How is it used?
    5. To whom is personal data shared with internally and externally?
    6. Who is authorized to access this data?
    7. Where do you keep your data?
    8. How long do you keep your data?
    9. How do you dispose this data?
    Process : Public Assistance and Complaints Desk (PACD)
    Process Owner:
    Date Conducted:
    ORD/Legal
    PERSONAL DATA TYPE Does this activity Y/N Remarks
    (PI/SPI) involve any of these
    personal data flows?
    Name of Client PI Collection Y Others prefer to give their names
    Walk-in Use Y but upon endorsement hide the
    Via email Storage/Retention Y name and contact details
    Disclosure Y/N 2 years retention recommended
    Disposal Y

    Contact information PI Collection Y Others prefer to give their names


    Cell Phone Number Use Y but upon endorsement hide the
    Residential Address Storage/Retention Y name and contact details
    Email address Disclosure Y/N 2 years retention recommended
    Disposal Y
    1. The personal data you collect
    2. The form and channels through which personal data is collected
    3. The purpose for collecting personal data
    4. How personal data is used
    5. To whom personal data is shared whether internally or externally
    6. Who is authorized to access
    7. How and where data is kept
    8. How long data is kept
    9. Disposal of data
    Transparency Yes No N/A Remarks/Justification

    y The client is informed that we have to


    Are the information provided prior to the ask all the information needed for
    collection? Please specify how in the proper reply to be made in the concern
    he raised.
    remarks section.

    y It will be placed in the PACD area


    beside the forms box, so that client can
    Does the privacy notice remain accessible read it also even with the PACD
    any time a data subject wants to know more officer explaining prior.
    about the processing system? Please specify
    how in the remarks section.
    Legitimate Purpose Yes No N/A Remarks/Justification

    Is there a lawful basis for processing personal data? y DILG mandate on conduct of Fact Finding
    Please specify the lawful basis in the remarks Investigations
    section.
    DILG Memorandum, dated May 8, 2012, of
    Asec. Rolando M. Acosta: Re: Conduct of
    Fact-Finding in the Exercise of General.
    Supervision over Local Government Units
    Is the processing compatible with a declared and y 1. Information gathered will only be used
    specified purpose which are not contrary to law, for the concern raised;
    morals, or public policy? Please specify purpose (s) 2. Should the DS request for his name and
    in the remarks section contact information to be withheld in
    Indorsements to be made, PACD will
    adhere to the same and make the
    necessary means to still act on the
    concern.
    Are all the functionalities aligned to the purpose? y
    Proportionality Yes No N/A Remarks/Justification

    Is the processing of personal data adequate, y 1. Information gathered will only be used for
    relevant, suitable, necessary and not excessive in the concern raised;
    relation to its declared and specified purpose?. 2. Should the DS request for his name and
    contact information to be withheld in
    Indorsements to be made, PACD will
    adhere to the same and make the necessary
    means to still act on the concern.
    Has the necessity of processing each personal y Considering all prior complaints, requests
    data been assessed? received, all the info requested are necessary.

    Is it possible to achieve the purpose by processing n Name, contact details (address and email) are
    fewer personal data? Please explain in remarks necessary, as these are to be used for Office to
    section. inform the complainant on any action made on
    a concern raised.
    *Should the DS request for his name and contact information to be
    withheld in Indorsements to be made, PACD will adhere to the
    same and make the necessary means to still act on the concern.
    Will the “need-to-know" principle be adopted y
    when granting access to personal data?
    Proportionality Yes No N/A Remarks/Justification

    Does the processing use the least intrusive y 1. Information gathered will only be used
    for the concern raised;
    & most privacy-preserving method based on
    2. Should the DS request for his name and
    industry standards? contact information to be withheld in
    Indorsements to be made, PACD will
    adhere to the same and make the
    necessary means to still act on the
    concern.
    Will the processing stop once the purpose is y
    achieved?
    Proportionality Procedures to exercise Controls Acceptable Remarks/Justification
    (Y | N)

    Right to be informed The client is informed that we have to DPN will be placed in the y Name, contact details (address and email) are
    ask all the information needed for PACD area beside the necessary, as these are to be used for Office to
    forms box, so that client
    proper reply to be made in the concern inform the complainant on any action made on a
    can read it also even with
    he raised. the PACD officer concern raised.
    explaining prior.
    DPN will be placed in the PACD area *Should the DS request for his name and contact
    beside the forms box, so that client can information to be withheld in Indorsements to be
    read it also even with the PACD officer made, PACD will adhere to the same and make th
    explaining prior. necessary means to still act on the concern.

    Right to access Client writes the information on the form,


    should he not be able to write, PACD
    officer will show the client the information
    Right to object

    Right to erasure

    Right to damages

    Right to file a complaint

    Right to rectify
    1. The personal data you collect
    2. The form and channels through which personal data is collected
    3. The purpose for collecting personal data
    4. How personal data is used
    5. To whom personal data is shared whether internally or externally
    6. Who is authorized to access
    7. How and where data is kept
    8. How long data is kept
    9. Disposal of data
    Data Lifecyle Controls Acceptable Infosec Type Remarks/Justification
    (Y | N |
    N/A)
    C I A O P T

    Collection

    Use

    Storage/Retention

    Disclosure/Sharing

    Disposal
    1. The personal data you collect
    2. The form and channels through which personal data is collected
    3. The purpose for collecting personal data
    4. How personal data is used
    5. To whom personal data is shared whether internally or externally
    6. Who is authorized to access
    7. How and where data is kept
    8. How long data is kept
    9. Disposal of data
    Data Lifecyle Controls Acceptable Infosec Security Measures
    (Y | N | N/A)

    C I A O P T

    Collection

    Use

    Storage/Retention

    Disclosure/Sharing

    Disposal

    You might also like