SlideShare a Scribd company logo

Hexagon presentation light.pptx

Download as PPTX, PDF
P
PabRonaldCalanoc1

This document provides an overview of data privacy, including definitions, principles, roles, and challenges related to complying with data privacy laws. It defines key terms like personal data, sensitive personal information, data subjects, and personal information controllers. It outlines the principles of transparency, legitimate purpose, and proportionality that govern data processing. It also discusses problems organizations may face regarding the difference between personal information controllers and processors. Finally, it provides examples of past data privacy breaches and potential penalties for violations of privacy laws.

Art & Photos
1 of 35
Data Privacy By: Pab Ronald H. Calanoc
Agenda Definition Roles Introduction and Updates Principles Problems Presentation Title Data Privacy 2
Data Privacy, by definition “sometimes also referred to as information privacy, is an area of data protection that concerns the proper handling of sensitive and personal data.” Data Privacy 3
Who stores data about you?
SPEED OF INFORMATION
Which is more valuable? Data Money
“Data is more valuable than Money. If someone takes your money, that's all they have. If you let someone take your data, they may eventually take your money too!“ from: NPC
What is the Data Privacy Act of 2012?  SECTION 1. Short Title. – This Act shall be known as the “Data Privacy Act of 2012”.  Republic Act 10173, the Data Privacy Act of 2012 “AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND COMMUNICATIONS SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER PURPOSES.”
KEY ROLES IN THE DATA PRIVACY ACT • Data Subjects – Refers to an individual whose, sensitive personal, or privileged information is processed personal • Personal Information Controller (PIC) – Controls the processing of personal data, or instructs another to process personal data on its behalf. • Personal Information Processor (PIP) – Organization or individual whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject • Data Protection Officer (DPO) – Responsible for the overall management of compliance to DPA • National Privacy Commission – Independent body mandated to administer and implement the DPA of 2012, and to monitor and ensure compliance of the country with international standards set for personal data protection
AGENDA •Brief update on the Data Privacy Act (DPA) •Motivating principles of the DPA •Issues and challenges in complying with the DPA •Frequently Asked Questions re:DPA of 2012 PRIVACY PRINCIPLES PROBLEMS FAQs
THE RULES Data Privacy Act (Republic Act No. 10173) Implementing Rules and Regulations (IRR) Issuances of the National Privacy Commission (NPC)
THE GOAL PRIVACY FREE FLOW OF INFORMATION
Data Privacy Act, Section 2 It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.
JARGON Processing: any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. [DPA, S3(j)] Personal Data: all types of personal information [IRR, S3(j)] Personal Information: any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual. [DPA, S3(g)]
Introduction and Update Sensitive Personal Information: personal information 1) about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; 2) about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; 3) issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and 4) specifically established by an executive order or an act of Congress to be kept classified. [DPA, S3(l)]
The Data Privacy Act: Introduction and Update Personal Information Controller (PIC): refers to a natural or juridical person, or any other body who controls the processing of personal data, or instructs another to process personal data on its behalf. The term excludes: 1. A natural or juridical person, or any other body, who performs such functions as instructed by another person or organization; or 2. A natural person who processes personal data in connection with his or her personal, family, or household affairs; There is control if the natural or juridical person or any other body decides on what information is collected, or the purpose or extent of its processing [IRR, S39(m)]
The Data Privacy Act: Introduction and Update Privileged Information: any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication. [DPA, Section 3(k)] Personal Information Processor (PIP): any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject [DPA, S3(i)] Data Subject: an individual whose personal information is processed. [DPA, S3(c)]
Principles of the DPA: General PRINCIPLES TRANSPARENCY LEGITIMATE PURPOSE PROPORTIONALITY
The Data Privacy Principles Personal data shall be: 1. processed fairly and lawfully 2. processed only for specified, lawful and compatible purposes 3. adequate, relevant and not excessive 4. accurate and up to date 5. kept for no longer than necessary 6. processed in accordance with the rights of data subjects 7. kept secure 8. shared to other PICs only if there is a DSA.
Principles of the DPA: General TRANSPARENCY • The data subject must be aware of: o nature o purpose o extent of the processing (including the risks and safeguards involved) o identity of personal information controller, o his rights as a data subject o how rights can be exercised • Any information and communication relating to the processing of personal data should be easy to access and understand, using clear and plain language. [IRR, Section 18]
Principles of the DPA: General LEGITIMATE PURPOSE • The processing of information shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy. [IRR, Section 18]
Principles of the DPA: General PROPORTIONALITY • The processing of information shall be: oadequate orelevant osuitable onecessary, and onot excessive in relation to a declared and specified purpose. • Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by other means.[IRR, Section 18]
Principles of the DPA: Processing CRITERIA FOR LAWFUL PROCESSING PERSONAL INFORMATION SENSITIVE PERSONAL INFORMATION PRIVILEGED INFORMATION Allowed unless prohibited and when at least one of the below exists: Prohibited except in the following cases: Prohibited except in the following cases: • Consent given prior to the collection or as soon as practicable and reasonable • ContractualNecessity • Legal Obligation • Vital Interests of the data subject including life and health • Public Interest or Public Authority • Legitimate Interest • Consent specific to the purpose given prior to processing pursuant to declared, specified and legitimate purpose • Legally mandated with guarantee of protection for the information • Life and Death situation • Lawful noncommercial objectives of public organizations • Medical Treatment • Protection of Lawful Rights, Legal Claims and Provided to Government • All parties gave consent before processing - given prior to processing pursuant to declared, specified and legitimate purpose • Legally mandated with guarantee of protection for the information • Life and Death situation • Lawful noncommercial objectives of public organizations • Medical Treatment • Protection of Lawful Rights, Legal Claims and Provided to Government
Principles of the DPA: Processing Purpose Specification • collected for specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection, and later processed in a way compatible with such declared, specified and legitimate purposes only Fair Obtaining • processed fairly and lawfully Accurate, relevant and up-to-date • inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted GENERAL PROCESSING PRINCIPLES
Principles of the DPA: Processing Adequate and not excessive • in relation to the purposes for which they are collected and processed Retention Time • only for as long as necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law Form Stored • kept in form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed; GENERAL PROCESSING PRINCIPLES
Problems PIC vs. PIP • Difference in Responsibility • Difference in Control • Difference in Form and Substance of Agreement (Data Sharing Agreement vs. Outsourcing/Subcontracting Agreement) Data Privacy vs. Confidentiality • Difference in Objectives • Difference in Drafting Documentation CONCEPTUAL CONFUSION
Problems Data Sharing Agreement o purpose of data sharing o parties to the agreement o term or duration of agreement o overview of the operational details of the sharing o general description of the security measures o how data subject may exercise its rights o PIC responsible for addressing requests or complaints o method for secure return, destruction or disposal of the shared data and the timeline therefor . Data Processing/Service Agreement o Processing only upon documented instructions by PIC o Confidentiality obligation on authorizedpersons o Security measures o Prohibition against subcontracting without PIC prior instruction o Assisting PIC in ensuring compliance with law and regulations o Timely deletion or return of personal data after end of provision of services o Make available information necessary to demonstrate compliance (AUDITS) o Inform PIC if instruction violates data privacy law or regulations PIC vs. PIP
Problems The Agreement. This Confidentiality Agreement (the "Agreement") is entered into by and between ACME CORP and CYBERDYNE CORP ("Receiving Party") for the purpose of preventing the unauthorized disclosure of Confidential Information as defined below… Definition of Confidential Information. For purposes of this Agreement, "Confidential Information" shall include all information or material that has or could have commercial value or other utility in the business in which Disclosing Party is engaged. If Confidential Information is in written form, the Disclosing Party shall label or stamp the materials with the word "Confidential" or some similar warning. If Confidential Information is transmitted orally, the Disclosing Party shall promptly provide a writing indicating that such oral communication constituted Confidential Information. The following shall not be considered as Confidential Information: information that is: (a) publicly known at the time of disclosure or subsequently becomes publicly known through no fault of the Receiving Party; (b) discovered or created by the Receiving Party before disclosure by Disclosing Party; (c) learned by the Receiving Party through legitimate means other than from the Disclosing Party or Disclosing Party's representatives; or (d) is disclosed by Receiving Party with Disclosing Party's prior written approval… Obligations of Receiving Party. Receiving Party shall hold and maintain the Confidential Information in strictest confidence for the sole and exclusive benefit of the Disclosing Party…. Data Privacy vs. Confidentiality: Confidentiality clauses are the wrong tools to address data privacy concerns/reqts.
Examples of Breaches and Live Cases 1. COMELeak (1 and 2) 2. BPI – consent form 3. Hospital – unsecure storage records 4. Student transferred by her parent without her knowledge 5. Clinical record of a student to disclose with her parents 6. List of top students/passers 7. Known Fastfood delivery – disclosing personal info of clients 8. No Data sharing agreement (DSA) between and among Schools and Universities 9. Cedula in malls 10. Security issues in buildings – logbook 11. Profiling of customers from a mall 12. Unjustifiable collection of personal data of a school 13. No Privacy Notice 14. Use of USB 15. Privacy notice 16. Personal laptop stolen 17. Lost a CD in transit 18. An error in viewing of student records in the online system 19. Use of re-cycled papers 20. Raffle stubs 21. Universities and Colleges websites with weak authentication 22. Personal Records stolen from home of an employee 23. Photocopiers re-sold without wiping the hard drives 24. Release of CCTV Footage 25. Hard drives sold online 26. Password hacked/revealed 27. Unencrypted Data
Potential Penalties listed in the Data Privacy Act of 2012 IRR
Presentation title 33
Summary At Contoso, we believe in giving 110%. By using our next-generation data architecture, we help organizations virtually manage agile workflows. We thrive because of our market knowledge and great team behind our product. As our CEO says, “Efficiencies will come from proactively transforming how we do business.” Presentation title 34
Thank you

Recommended

Field Theory.pptx
Field Theory.pptxField Theory.pptx
Field Theory.pptx
MalarM11
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
Directorate of Information Security | Ditjen Aptika
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
Digital modulation techniques...
Digital modulation techniques...Digital modulation techniques...
Digital modulation techniques...
Nidhi Baranwal
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Cryptography
CryptographyCryptography
Cryptography
okolo chukwudumebi prince
 
Differential privacy and applications to location privacy
Differential privacy and applications to location privacyDifferential privacy and applications to location privacy
Differential privacy and applications to location privacy
Pôle Systematic Paris-Region
 
Content addressable-memory
Content addressable-memoryContent addressable-memory
Content addressable-memory
Saravanan Ns
 

Recommended

Field Theory.pptx
Field Theory.pptxField Theory.pptx
Field Theory.pptx
MalarM11
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
Directorate of Information Security | Ditjen Aptika
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
Digital modulation techniques...
Digital modulation techniques...Digital modulation techniques...
Digital modulation techniques...
Nidhi Baranwal
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Cryptography
CryptographyCryptography
Cryptography
okolo chukwudumebi prince
 
Differential privacy and applications to location privacy
Differential privacy and applications to location privacyDifferential privacy and applications to location privacy
Differential privacy and applications to location privacy
Pôle Systematic Paris-Region
 
Content addressable-memory
Content addressable-memoryContent addressable-memory
Content addressable-memory
Saravanan Ns
 
digital signal processing lecture 1.pptx
digital signal processing lecture 1.pptxdigital signal processing lecture 1.pptx
digital signal processing lecture 1.pptx
ImranHasan760046
 
Crytography
CrytographyCrytography
Crytography
Mostak Ahmed
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
Jisc Scotland
 
Types of the Signals- Signals and Systems
Types of the Signals- Signals and SystemsTypes of the Signals- Signals and Systems
Types of the Signals- Signals and Systems
Ghansyam Rathod
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimes
Parveen Bala
 
Digital communication unit 1
Digital communication unit 1Digital communication unit 1
Digital communication unit 1
Gangatharan Narayanan
 
signal space analysis.ppt
signal space analysis.pptsignal space analysis.ppt
signal space analysis.ppt
PatrickMumba7
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
fourier transform of DT signals
fourier transform of DT signalsfourier transform of DT signals
fourier transform of DT signals
tejaspatel1998
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for Care
Atlantic Training, LLC.
 
Aperture antennas
Aperture antennasAperture antennas
Aperture antennas
GopinathD17
 
Introduction to Cyber Crimes
Introduction to Cyber CrimesIntroduction to Cyber Crimes
Introduction to Cyber Crimes
atuljaybhaye
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation final
adrigee12
 
Herz & marconi antenna
Herz & marconi antennaHerz & marconi antenna
Herz & marconi antenna
Navin Mandal
 
Antenna in medical applications.pptx
Antenna in medical applications.pptxAntenna in medical applications.pptx
Antenna in medical applications.pptx
AhmedKhaled162185
 
Cryptography
Cryptography Cryptography
Cryptography
shubham Kumar
 
Image encryption and decryption using aes algorithm
Image encryption and decryption using aes algorithmImage encryption and decryption using aes algorithm
Image encryption and decryption using aes algorithm
IAEME Publication
 
presentation on digital signal processing
presentation on digital signal processingpresentation on digital signal processing
presentation on digital signal processing
sandhya jois
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
Kittelson & Carpo Consulting
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
Emerson Bryan
 

More Related Content

What's hot

General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation final
adrigee12
 

What's hot (20)

digital signal processing lecture 1.pptx
digital signal processing lecture 1.pptxdigital signal processing lecture 1.pptx
digital signal processing lecture 1.pptx
 
Crytography
CrytographyCrytography
Crytography
 
GDPR
GDPRGDPR
GDPR
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Types of the Signals- Signals and Systems
Types of the Signals- Signals and SystemsTypes of the Signals- Signals and Systems
Types of the Signals- Signals and Systems
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimes
 
Digital communication unit 1
Digital communication unit 1Digital communication unit 1
Digital communication unit 1
 
signal space analysis.ppt
signal space analysis.pptsignal space analysis.ppt
signal space analysis.ppt
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)
 
fourier transform of DT signals
fourier transform of DT signalsfourier transform of DT signals
fourier transform of DT signals
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for Care
 
Aperture antennas
Aperture antennasAperture antennas
Aperture antennas
 
Introduction to Cyber Crimes
Introduction to Cyber CrimesIntroduction to Cyber Crimes
Introduction to Cyber Crimes
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation final
 
Herz & marconi antenna
Herz & marconi antennaHerz & marconi antenna
Herz & marconi antenna
 
Antenna in medical applications.pptx
Antenna in medical applications.pptxAntenna in medical applications.pptx
Antenna in medical applications.pptx
 
Cryptography
Cryptography Cryptography
Cryptography
 
Image encryption and decryption using aes algorithm
Image encryption and decryption using aes algorithmImage encryption and decryption using aes algorithm
Image encryption and decryption using aes algorithm
 
presentation on digital signal processing
presentation on digital signal processingpresentation on digital signal processing
presentation on digital signal processing
 

Similar to Hexagon presentation light.pptx

Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
ClinosolIndia
 

Similar to Hexagon presentation light.pptx (20)

Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPR
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
China-PIPL.pdf
China-PIPL.pdfChina-PIPL.pdf
China-PIPL.pdf
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdf
 
CEU DPA
CEU DPACEU DPA
CEU DPA
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
 
Data privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptxData privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptx
 
Data protection regulation
Data protection regulationData protection regulation
Data protection regulation
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdf
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the Philippines
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxOVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
 

Recently uploaded

Van Gogh Powerpoint for art lesson today
Van Gogh Powerpoint for art lesson todayVan Gogh Powerpoint for art lesson today
Van Gogh Powerpoint for art lesson today
lucygibson17
 
Magical World of Resin Art Creations.pdf
Magical World of Resin Art Creations.pdfMagical World of Resin Art Creations.pdf
Magical World of Resin Art Creations.pdf
CraftHives
 
一比一原版美国西雅图大学毕业证(Seattle毕业证书)毕业证成绩单留信认证
一比一原版美国西雅图大学毕业证(Seattle毕业证书)毕业证成绩单留信认证一比一原版美国西雅图大学毕业证(Seattle毕业证书)毕业证成绩单留信认证
一比一原版美国西雅图大学毕业证(Seattle毕业证书)毕业证成绩单留信认证
khuurq8kz
 
obat aborsi Klaten wa 082135199655 jual obat aborsi cytotec asli di Klaten
obat aborsi Klaten wa 082135199655 jual obat aborsi cytotec asli di Klatenobat aborsi Klaten wa 082135199655 jual obat aborsi cytotec asli di Klaten
obat aborsi Klaten wa 082135199655 jual obat aborsi cytotec asli di Klaten
siskavia95
 
OBAT ABORSI BANYUWANGI 087776558899 💊 OBAT PENGGUGUR KANDUNGAN BANYNYUWANGI
OBAT ABORSI BANYUWANGI 087776558899 💊 OBAT PENGGUGUR KANDUNGAN BANYNYUWANGIOBAT ABORSI BANYUWANGI 087776558899 💊 OBAT PENGGUGUR KANDUNGAN BANYNYUWANGI
OBAT ABORSI BANYUWANGI 087776558899 💊 OBAT PENGGUGUR KANDUNGAN BANYNYUWANGI
Obat Cytotec
 
NON-COMMUNICABLE DISEASES.pptx...........
NON-COMMUNICABLE DISEASES.pptx...........NON-COMMUNICABLE DISEASES.pptx...........
NON-COMMUNICABLE DISEASES.pptx...........
CydeizelMercado1
 
obat aborsi klaten wa 081336238223 jual obat aborsi cytotec asli di klaten54-...
obat aborsi klaten wa 081336238223 jual obat aborsi cytotec asli di klaten54-...obat aborsi klaten wa 081336238223 jual obat aborsi cytotec asli di klaten54-...
obat aborsi klaten wa 081336238223 jual obat aborsi cytotec asli di klaten54-...
yulianti213969
 
Captain america painting competition -- 13
Captain america painting competition -- 13Captain america painting competition -- 13
Captain america painting competition -- 13
Su Yan-Jen
 
Engineering Major for College_ Environmental Health Engineering by Slidesgo.pptx
Engineering Major for College_ Environmental Health Engineering by Slidesgo.pptxEngineering Major for College_ Environmental Health Engineering by Slidesgo.pptx
Engineering Major for College_ Environmental Health Engineering by Slidesgo.pptx
DanielRemache4
 
ppt seni budaya kelas xi, menganalisis konsep,unsur,prinsip dan teknik
ppt seni budaya kelas xi, menganalisis konsep,unsur,prinsip dan teknikppt seni budaya kelas xi, menganalisis konsep,unsur,prinsip dan teknik
ppt seni budaya kelas xi, menganalisis konsep,unsur,prinsip dan teknik
Agustinus791932
 
obat aborsi wonogiri wa 081336238223 jual obat aborsi cytotec asli di wonogir...
obat aborsi wonogiri wa 081336238223 jual obat aborsi cytotec asli di wonogir...obat aborsi wonogiri wa 081336238223 jual obat aborsi cytotec asli di wonogir...
obat aborsi wonogiri wa 081336238223 jual obat aborsi cytotec asli di wonogir...
yulianti213969
 

Recently uploaded (20)

Van Gogh Powerpoint for art lesson today
Van Gogh Powerpoint for art lesson todayVan Gogh Powerpoint for art lesson today
Van Gogh Powerpoint for art lesson today
 
Magical World of Resin Art Creations.pdf
Magical World of Resin Art Creations.pdfMagical World of Resin Art Creations.pdf
Magical World of Resin Art Creations.pdf
 
Jaro je tady - Spring is here (Judith) 3
Jaro je tady - Spring is here (Judith) 3Jaro je tady - Spring is here (Judith) 3
Jaro je tady - Spring is here (Judith) 3
 
HUMA Final Presentation About Chicano Culture
HUMA Final Presentation About Chicano CultureHUMA Final Presentation About Chicano Culture
HUMA Final Presentation About Chicano Culture
 
一比一原版美国西雅图大学毕业证(Seattle毕业证书)毕业证成绩单留信认证
一比一原版美国西雅图大学毕业证(Seattle毕业证书)毕业证成绩单留信认证一比一原版美国西雅图大学毕业证(Seattle毕业证书)毕业证成绩单留信认证
一比一原版美国西雅图大学毕业证(Seattle毕业证书)毕业证成绩单留信认证
 
"Echoes of Majesty: Navigating Lesotho's Rich Tapestry of History"
"Echoes of Majesty: Navigating Lesotho's Rich Tapestry of History""Echoes of Majesty: Navigating Lesotho's Rich Tapestry of History"
"Echoes of Majesty: Navigating Lesotho's Rich Tapestry of History"
 
Hosewife Bangalore Just VIP Btm Layout 100% Genuine at your Door Step
Hosewife Bangalore Just VIP Btm Layout 100% Genuine at your Door StepHosewife Bangalore Just VIP Btm Layout 100% Genuine at your Door Step
Hosewife Bangalore Just VIP Btm Layout 100% Genuine at your Door Step
 
Star Wars Inspired Lightsaber Battle Assignment
Star Wars Inspired Lightsaber Battle AssignmentStar Wars Inspired Lightsaber Battle Assignment
Star Wars Inspired Lightsaber Battle Assignment
 
obat aborsi Klaten wa 082135199655 jual obat aborsi cytotec asli di Klaten
obat aborsi Klaten wa 082135199655 jual obat aborsi cytotec asli di Klatenobat aborsi Klaten wa 082135199655 jual obat aborsi cytotec asli di Klaten
obat aborsi Klaten wa 082135199655 jual obat aborsi cytotec asli di Klaten
 
OBAT ABORSI BANYUWANGI 087776558899 💊 OBAT PENGGUGUR KANDUNGAN BANYNYUWANGI
OBAT ABORSI BANYUWANGI 087776558899 💊 OBAT PENGGUGUR KANDUNGAN BANYNYUWANGIOBAT ABORSI BANYUWANGI 087776558899 💊 OBAT PENGGUGUR KANDUNGAN BANYNYUWANGI
OBAT ABORSI BANYUWANGI 087776558899 💊 OBAT PENGGUGUR KANDUNGAN BANYNYUWANGI
 
VIP ℂall Girls Bardoli 8527049040 WhatsApp AnyTime Best Surat ℂall Girl Servi...
VIP ℂall Girls Bardoli 8527049040 WhatsApp AnyTime Best Surat ℂall Girl Servi...VIP ℂall Girls Bardoli 8527049040 WhatsApp AnyTime Best Surat ℂall Girl Servi...
VIP ℂall Girls Bardoli 8527049040 WhatsApp AnyTime Best Surat ℂall Girl Servi...
 
NON-COMMUNICABLE DISEASES.pptx...........
NON-COMMUNICABLE DISEASES.pptx...........NON-COMMUNICABLE DISEASES.pptx...........
NON-COMMUNICABLE DISEASES.pptx...........
 
obat aborsi klaten wa 081336238223 jual obat aborsi cytotec asli di klaten54-...
obat aborsi klaten wa 081336238223 jual obat aborsi cytotec asli di klaten54-...obat aborsi klaten wa 081336238223 jual obat aborsi cytotec asli di klaten54-...
obat aborsi klaten wa 081336238223 jual obat aborsi cytotec asli di klaten54-...
 
Young & Hot ℂall Girls Pandesara 8849756361 WhatsApp Number Best Rates of Sur...
Young & Hot ℂall Girls Pandesara 8849756361 WhatsApp Number Best Rates of Sur...Young & Hot ℂall Girls Pandesara 8849756361 WhatsApp Number Best Rates of Sur...
Young & Hot ℂall Girls Pandesara 8849756361 WhatsApp Number Best Rates of Sur...
 
SB_ Dragons Riders of Berk_ Rough_ RiverPhan (2024)
SB_ Dragons Riders of Berk_ Rough_ RiverPhan (2024)SB_ Dragons Riders of Berk_ Rough_ RiverPhan (2024)
SB_ Dragons Riders of Berk_ Rough_ RiverPhan (2024)
 
Captain america painting competition -- 13
Captain america painting competition -- 13Captain america painting competition -- 13
Captain america painting competition -- 13
 
Engineering Major for College_ Environmental Health Engineering by Slidesgo.pptx
Engineering Major for College_ Environmental Health Engineering by Slidesgo.pptxEngineering Major for College_ Environmental Health Engineering by Slidesgo.pptx
Engineering Major for College_ Environmental Health Engineering by Slidesgo.pptx
 
ppt seni budaya kelas xi, menganalisis konsep,unsur,prinsip dan teknik
ppt seni budaya kelas xi, menganalisis konsep,unsur,prinsip dan teknikppt seni budaya kelas xi, menganalisis konsep,unsur,prinsip dan teknik
ppt seni budaya kelas xi, menganalisis konsep,unsur,prinsip dan teknik
 
obat aborsi wonogiri wa 081336238223 jual obat aborsi cytotec asli di wonogir...
obat aborsi wonogiri wa 081336238223 jual obat aborsi cytotec asli di wonogir...obat aborsi wonogiri wa 081336238223 jual obat aborsi cytotec asli di wonogir...
obat aborsi wonogiri wa 081336238223 jual obat aborsi cytotec asli di wonogir...
 
VIP ℂall Girls Hazira 8527049040 WhatsApp AnyTime Best Surat ℂall Girl Serviℂ...
VIP ℂall Girls Hazira 8527049040 WhatsApp AnyTime Best Surat ℂall Girl Serviℂ...VIP ℂall Girls Hazira 8527049040 WhatsApp AnyTime Best Surat ℂall Girl Serviℂ...
VIP ℂall Girls Hazira 8527049040 WhatsApp AnyTime Best Surat ℂall Girl Serviℂ...
 

Hexagon presentation light.pptx

  • 3. Data Privacy, by definition “sometimes also referred to as information privacy, is an area of data protection that concerns the proper handling of sensitive and personal data.” Data Privacy 3
  • 4.
  • 5. Who stores data about you?
  • 7. Which is more valuable? Data Money
  • 8. “Data is more valuable than Money. If someone takes your money, that's all they have. If you let someone take your data, they may eventually take your money too!“ from: NPC
  • 9. What is the Data Privacy Act of 2012?  SECTION 1. Short Title. – This Act shall be known as the “Data Privacy Act of 2012”.  Republic Act 10173, the Data Privacy Act of 2012 “AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND COMMUNICATIONS SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER PURPOSES.”
  • 10. KEY ROLES IN THE DATA PRIVACY ACT • Data Subjects – Refers to an individual whose, sensitive personal, or privileged information is processed personal • Personal Information Controller (PIC) – Controls the processing of personal data, or instructs another to process personal data on its behalf. • Personal Information Processor (PIP) – Organization or individual whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject • Data Protection Officer (DPO) – Responsible for the overall management of compliance to DPA • National Privacy Commission – Independent body mandated to administer and implement the DPA of 2012, and to monitor and ensure compliance of the country with international standards set for personal data protection
  • 11. AGENDA •Brief update on the Data Privacy Act (DPA) •Motivating principles of the DPA •Issues and challenges in complying with the DPA •Frequently Asked Questions re:DPA of 2012 PRIVACY PRINCIPLES PROBLEMS FAQs
  • 12. THE RULES Data Privacy Act (Republic Act No. 10173) Implementing Rules and Regulations (IRR) Issuances of the National Privacy Commission (NPC)
  • 13. THE GOAL PRIVACY FREE FLOW OF INFORMATION
  • 14. Data Privacy Act, Section 2 It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.
  • 15. JARGON Processing: any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. [DPA, S3(j)] Personal Data: all types of personal information [IRR, S3(j)] Personal Information: any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual. [DPA, S3(g)]
  • 16. Introduction and Update Sensitive Personal Information: personal information 1) about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; 2) about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; 3) issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and 4) specifically established by an executive order or an act of Congress to be kept classified. [DPA, S3(l)]
  • 17. The Data Privacy Act: Introduction and Update Personal Information Controller (PIC): refers to a natural or juridical person, or any other body who controls the processing of personal data, or instructs another to process personal data on its behalf. The term excludes: 1. A natural or juridical person, or any other body, who performs such functions as instructed by another person or organization; or 2. A natural person who processes personal data in connection with his or her personal, family, or household affairs; There is control if the natural or juridical person or any other body decides on what information is collected, or the purpose or extent of its processing [IRR, S39(m)]
  • 18. The Data Privacy Act: Introduction and Update Privileged Information: any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication. [DPA, Section 3(k)] Personal Information Processor (PIP): any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject [DPA, S3(i)] Data Subject: an individual whose personal information is processed. [DPA, S3(c)]
  • 19. Principles of the DPA: General PRINCIPLES TRANSPARENCY LEGITIMATE PURPOSE PROPORTIONALITY
  • 20. The Data Privacy Principles Personal data shall be: 1. processed fairly and lawfully 2. processed only for specified, lawful and compatible purposes 3. adequate, relevant and not excessive 4. accurate and up to date 5. kept for no longer than necessary 6. processed in accordance with the rights of data subjects 7. kept secure 8. shared to other PICs only if there is a DSA.
  • 21. Principles of the DPA: General TRANSPARENCY • The data subject must be aware of: o nature o purpose o extent of the processing (including the risks and safeguards involved) o identity of personal information controller, o his rights as a data subject o how rights can be exercised • Any information and communication relating to the processing of personal data should be easy to access and understand, using clear and plain language. [IRR, Section 18]
  • 22. Principles of the DPA: General LEGITIMATE PURPOSE • The processing of information shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy. [IRR, Section 18]
  • 23. Principles of the DPA: General PROPORTIONALITY • The processing of information shall be: oadequate orelevant osuitable onecessary, and onot excessive in relation to a declared and specified purpose. • Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by other means.[IRR, Section 18]
  • 24. Principles of the DPA: Processing CRITERIA FOR LAWFUL PROCESSING PERSONAL INFORMATION SENSITIVE PERSONAL INFORMATION PRIVILEGED INFORMATION Allowed unless prohibited and when at least one of the below exists: Prohibited except in the following cases: Prohibited except in the following cases: • Consent given prior to the collection or as soon as practicable and reasonable • ContractualNecessity • Legal Obligation • Vital Interests of the data subject including life and health • Public Interest or Public Authority • Legitimate Interest • Consent specific to the purpose given prior to processing pursuant to declared, specified and legitimate purpose • Legally mandated with guarantee of protection for the information • Life and Death situation • Lawful noncommercial objectives of public organizations • Medical Treatment • Protection of Lawful Rights, Legal Claims and Provided to Government • All parties gave consent before processing - given prior to processing pursuant to declared, specified and legitimate purpose • Legally mandated with guarantee of protection for the information • Life and Death situation • Lawful noncommercial objectives of public organizations • Medical Treatment • Protection of Lawful Rights, Legal Claims and Provided to Government
  • 25. Principles of the DPA: Processing Purpose Specification • collected for specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection, and later processed in a way compatible with such declared, specified and legitimate purposes only Fair Obtaining • processed fairly and lawfully Accurate, relevant and up-to-date • inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted GENERAL PROCESSING PRINCIPLES
  • 26. Principles of the DPA: Processing Adequate and not excessive • in relation to the purposes for which they are collected and processed Retention Time • only for as long as necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law Form Stored • kept in form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed; GENERAL PROCESSING PRINCIPLES
  • 27. Problems PIC vs. PIP • Difference in Responsibility • Difference in Control • Difference in Form and Substance of Agreement (Data Sharing Agreement vs. Outsourcing/Subcontracting Agreement) Data Privacy vs. Confidentiality • Difference in Objectives • Difference in Drafting Documentation CONCEPTUAL CONFUSION
  • 28. Problems Data Sharing Agreement o purpose of data sharing o parties to the agreement o term or duration of agreement o overview of the operational details of the sharing o general description of the security measures o how data subject may exercise its rights o PIC responsible for addressing requests or complaints o method for secure return, destruction or disposal of the shared data and the timeline therefor . Data Processing/Service Agreement o Processing only upon documented instructions by PIC o Confidentiality obligation on authorizedpersons o Security measures o Prohibition against subcontracting without PIC prior instruction o Assisting PIC in ensuring compliance with law and regulations o Timely deletion or return of personal data after end of provision of services o Make available information necessary to demonstrate compliance (AUDITS) o Inform PIC if instruction violates data privacy law or regulations PIC vs. PIP
  • 29. Problems The Agreement. This Confidentiality Agreement (the "Agreement") is entered into by and between ACME CORP and CYBERDYNE CORP ("Receiving Party") for the purpose of preventing the unauthorized disclosure of Confidential Information as defined below… Definition of Confidential Information. For purposes of this Agreement, "Confidential Information" shall include all information or material that has or could have commercial value or other utility in the business in which Disclosing Party is engaged. If Confidential Information is in written form, the Disclosing Party shall label or stamp the materials with the word "Confidential" or some similar warning. If Confidential Information is transmitted orally, the Disclosing Party shall promptly provide a writing indicating that such oral communication constituted Confidential Information. The following shall not be considered as Confidential Information: information that is: (a) publicly known at the time of disclosure or subsequently becomes publicly known through no fault of the Receiving Party; (b) discovered or created by the Receiving Party before disclosure by Disclosing Party; (c) learned by the Receiving Party through legitimate means other than from the Disclosing Party or Disclosing Party's representatives; or (d) is disclosed by Receiving Party with Disclosing Party's prior written approval… Obligations of Receiving Party. Receiving Party shall hold and maintain the Confidential Information in strictest confidence for the sole and exclusive benefit of the Disclosing Party…. Data Privacy vs. Confidentiality: Confidentiality clauses are the wrong tools to address data privacy concerns/reqts.
  • 30. Examples of Breaches and Live Cases 1. COMELeak (1 and 2) 2. BPI – consent form 3. Hospital – unsecure storage records 4. Student transferred by her parent without her knowledge 5. Clinical record of a student to disclose with her parents 6. List of top students/passers 7. Known Fastfood delivery – disclosing personal info of clients 8. No Data sharing agreement (DSA) between and among Schools and Universities 9. Cedula in malls 10. Security issues in buildings – logbook 11. Profiling of customers from a mall 12. Unjustifiable collection of personal data of a school 13. No Privacy Notice 14. Use of USB 15. Privacy notice 16. Personal laptop stolen 17. Lost a CD in transit 18. An error in viewing of student records in the online system 19. Use of re-cycled papers 20. Raffle stubs 21. Universities and Colleges websites with weak authentication 22. Personal Records stolen from home of an employee 23. Photocopiers re-sold without wiping the hard drives 24. Release of CCTV Footage 25. Hard drives sold online 26. Password hacked/revealed 27. Unencrypted Data
  • 31. Potential Penalties listed in the Data Privacy Act of 2012 IRR
  • 32.
  • 34. Summary At Contoso, we believe in giving 110%. By using our next-generation data architecture, we help organizations virtually manage agile workflows. We thrive because of our market knowledge and great team behind our product. As our CEO says, “Efficiencies will come from proactively transforming how we do business.” Presentation title 34

Editor's Notes

  1. In today’s data-driven economy, what is more valuable? Data or Money? Sa pera, sino ang nakabantay? Bangko Sino ang nagbabantay sa bango? BSP Sa data, sinot ang nag-kokolekta? Sino and nagbabantay? Maa-asahan nyo ba itong mga to? Ibibigay nyo ba ang data nyo sa hindi nyo kilala? Sino ang nagbabantay, kagaya na BSP? Kami – ang NPC.