SlideShare a Scribd company logo

Group 5 Banking Laws Semi Finals.pptx

Download as PPTX, PDF
S
StephenQuijano3

Banking Laws for Accounting

Business
1 of 29
BANKING LAWS: 2.4 Accountability of Transfer of Information 2.5 Penalties for Violation Group 5 Osin, Riche Osorio, Marian Quiao, Stephenjon Repolidon, Margaret
Questions; 1. Is there a general Accountability obligation for Data Privacy? 2. What are the 5 pillars of data privacy accountability and compliance? 3. Is a Data Protection Officer (DPA) accountable for it's compliance from the PIC or PIP on the Data Privacy Act? 4. Does an organization always need your consent about sharing your personal data without permission? 5. How does the data privacy Act protect individuals from violations? 6. What if the offender is a partnership, corporation, or any juridical person? 7. What are the issues of NPC regarding the Circular on Administrative Fines for data privacy infractions of the PIC or PIP and explain? 8. What are the administrative violations of a PIC or PIP regarding data privacy? 9. What are the amount of fine if the PIC or PIP shall be subject to an administrative violation of data privacy? 10. What will happen if a PIC or PIP that refuses to pay the administrative fine regarding the Circular of data privacy infractions?
Answers; 1. Is there a general Accountability obligation for Data Privacy? Yes, the Personal information Controllers and Personal Information Processors must implement reasonable and appropriate organizational, physical, and technical security measures for the protection of personal data. 2. What are the 5 pillars of data privacy accountability and compliance? (1) Appoint a data protection officer. (2) Conduct a privacy impact assessment to identify capabilities, threats, and risks. (3) Develop a privacy management programme. (4) Implement data privacy governance to ensure proper execution of security measures. (5) Prepare data breach protocols. 3. Is a Data Protection Officer (DPA) accountable for it's compliance from the PIC or PIP on the Data Privacy Act? Yes, a Data Protection Officer shall be accountable for ensuring the compliance by the PIC or PIP with the Data Privacy Act, its Implementing Rules and Regulations (IRR), issuances by the National Privacy Commission (NPC), and other applicable laws and regulations relating to privacy and data protection.
Answers; 4. Does an organization always need your consent about sharing your personal data without permission? No. Organizations don't always need your consent to use your personal data, because anyone can use it without consent if they have a valid reason. 5. How does the data privacy Act protect individuals from violations? The right to erasure or blocking: Under the law, you have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data. 6. What if the offender is a partnership, corporation, or any juridical person? Answer: The law says that the penalty shall be imposed upon the responsible officers, as the case may be, who participated in, or by their gross negligence, allowed the commission of the crime.
5 7. What are the issues of NPC regarding the Circular on Administrative Fines for data privacy infractions of the PIC or PIP and explain? Answer: Depending on whether the violation is grave or major, the NPC will impose administrative fines ranging from 0.5% to 3% and 0.25% to 2%, respectively, of the annual gross income of the PIC or PIP that committed the infraction. If a PIC or PIP has not been operating for more than one year, the base for computing administrative fines will be the entity’s total gross income at the time the violation was committed. 8. What are the administrative violations of a PIC or PIP regarding data privacy? (1) failure to register the true identity or contact details of the PIC, the data processing system, or information on automated decision making; or (2) failure to provide updated information as to the identity or contact details of the PIC, the data processing system, or information on automated decision making. Answers;
Answers; 9.What are the amount of fine if the PIC or PIP shall be subject to an administrative violation of data privacy? The PIC or PIP shall be subject to an administrative fine of not less than Fifty Thousand Pesos (Php 50,000.00) but not exceeding Two Hundred Thousand Pesos (Php 200,000.00). 10. What will happen if a PIC or PIP that refuses to pay the administrative fine regarding the Circular of data privacy infractions? Answer: PICs or PIPs that refuse to pay the administrative fine under the circular may be subject to a Cease and Desist Order, other processes or reliefs as the Commission may be authorized to initiate pursuant to Section 7 of the Data Privacy Act, and appropriate contempt proceedings under the Rules of Court.
REPUBLIC ACT NO. 10173 Accountability for Transfer of Personal Information Section 21 Principle of Accountability - The personal information controller is accountable for complying with the requirements of this Act and shall use contractual or other reasonable means to provide a comparable level of protection while the information are being processed by a third party. - The personal information controller shall designate an individual or individuals who are accountable for the organization’s compliance with this Act. The identity of the individual(s) so designated shall be made known to any data subject upon request.. DATA PRIVACY ACT - It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.
Accountability for violation of the Act, the Rules and Other Issuances of the Commission A.) Any natural or juridical person, or other body involved in the processing of personal data, who fails to comply with Act, the Rules, and other issuances of the commission, shall be liable for such violation, and shall be subject to its corresponding sanction, penalty, or fine, without prejudice to any civil or criminal liability, as may be applicable.
B.) In cases where a data subject files a complaint for violation of his or her rights as data subjects, and for any injury suffered as a result of the processing of his or her personal data, the Commission may award indemnity on the basis of the applicable provisions of the New Civil Code. C.) In case of criminal acts and their corresponding personal penalties, the person who committed the unlawful act or omission shall be recommended for prosecution by the commission based on substantial evidence. 9 Accountability for violation of the Act, the Rules and Other Issuances of the Commission (Cont.)
DATA BREACH NOTIFICATION A.) The Commission and affected data subjects shall be notified by the personal information controller within 72 hours upon knowledge of, or when there is reasonable belief by the personal information controller or personal information processor that, a personal data breach requiring notification has occurred. B.) Notification of personal data breach shall be required when sensitive personal information or any other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the Commission believes that such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject.
DATA BREACH NOTIFICATION(Cont.) C.) Depending on the nature of the incident, or if there is delay or failure to notify, the Commission may investigate the circumstances surrounding the personal data breach. Investigation may include on- site examination of systems and procedures.
Contents of Notification The notification shall at least describe the nature of the breach, the personal data possibly involved, and the measures taken by the entity to address the breach. The notification shall also include measures taken to reduce the harm or negative consequences of the breach, the representatives of the personal information controller, including their contact details, from whom the data subject can obtain additional information about the breach, and any assistance to be provided to the affected data subjects.
Delay of Notification - Notification may be delayed only to the extent necessary to determine the scope of the breach. To prevent further disclosures, or to restore reasonable integrity to the information and communications system. - In evaluating if notification is unwarranted, the Commission may take into account compliance by the personal information controller with this section and existence of good faith in the acquisition of personal data.
- The Commission may exempt a personal information controller from notification where, in its reasonable judgment, such notification would not be in the public interest, or in the interest of the affected data subjects. - The Commission may authorize postponement of notification where it may hinder the progress of a criminal investigation related to a serious breach. 14 Delay of Notification
Breach Report - The personal information controller shall notify the Commission by submitting a report, whether written or electronic, containing the required contents of notification. The report shall also include the name of a designated representative of the personal information controller, and his or her contact details. - All security incidents and personal data breaches shall be documented through written reports, including those not covered by the notification requirements.
Enforcement of the Data Privacy Act - Pursuant to the mandate of the Commission to administer and implement the Act, and to ensure the compliance of personal information controllers with its obligations under the law, the Commission requires the following: A.) Registration of personal data processing systems operating in the country that involves accessing or requiring sensitive personal information.
B.) Notification of automated processing operations where the processing becomes the sole basis of making decisions. C.) Annual report of the summary of documented security incidents and personal data breaches. D.) Compliance with other requirements that may be provided in other issuances of the Commission. 17 Enforcement of the Data Privacy Act (Cont.)
Registration of Personal Data Processing Systems A.) The contents of registration shall include: 1. The name and address of the personal information controller or personal information processor 2. The purpose or purposes of the processing, and whether processing is being done under an outsourcing or subcontracting agreement; 3. A description of the category or categories of data subjects, and of the data or categories of data relating to them; 4. The recipients or categories of recipients to whom the data might be disclosed; 5. Proposed transfers of personal data outside the Philippines;
Registration of Personal Data Processing Systems(Cont.) 6. A general description of privacy and security measures for data protection; 7. Brief description of the data processing system; 8. Copy of all policies relating to data governance, data privacy, and information security; 9. Attestation to all certifications attained that are related to information and communications processing; and 10. Name and contact details of the compliance or data protection officer, which shall immediately be updated in case of changes. B.) The procedure for registration shall be in accordance with the rules and other issuances of the commission.
Notification of Automated Processing Operations The notification shall include the following information: 1. Purpose of processing; 2. Categories of personal data to undergo processing; 3. Category or categories of data subject; 4. Consent forms or manner of obtaining consent; 5. The recipients or categories of recipients to whom the data are to be disclosed;
6. The length of time the data are to be stored; 7. Methods and logic utilized for automated processing; 8. Decisions relating to the data subject that would be made on the basis of processed data; 9. Names and contract details of the compliance or data protection officer. No decision with legal effects concerning a data subject shall be made solely on the basis of automated processing without the consent of the data subject. 21 Notification of Automated Processing Operations (Cont.)
Violations, Jurisdiction, Penalties, and Immunity Any person who performs or cause the performance of the following acts shall be liable: - Refusal to accept application or request with complete requirements being submitted by an applicant or requesting party without due cause; - Imposition of additional requirements other than those listed in the Citizen’s Charter;"(c) Imposition of additional costs not reflected in the Citizen’s Charter; - Failure to give the applicant or requesting party a written notice on the disapproval of an application or request;
Violations, Jurisdiction, Penalties, and Immunity(Cont.) - Failure to render government services within the prescribed processing time on any application or request without due cause; - Failure to attend to applicants or requesting parties who are within the premises of the office or agency concerned prior to the end of official working hours and during lunch break. - Failure or refusal to issue official receipts; and - Fixing and/or collusion with fixers in consideration of economic and/or other gain or advantage.
Penalties and Liabilities. Any violations of the preceding actions will warrant the following penalties and liabilities. • Criminal liability - shall also be incurred through the commission of bribery, extortion, or when the violation was done deliberately and maliciously to solicit favor in cash or in kind. In such cases, the pertinent provisions of the Revised Penal Code and other special laws shall apply. • Civil and Criminal Liability - Not Barred. The finding of administrative liability under this Act shall not be a bar to the filing of criminal, civil or other related charges under existing laws arising from the same act or omission as herein enumerated.
• Administrative Jurisdiction. - The administrative jurisdiction on any violation of the provisions of this Act shall be vested in either the CSC, or the Office of the Ombudsman as determined by appropriate laws and issuances." 25 Penalties and Liabilities. (Cont.)
Immunity, Discharge of Co- Respondent/Accused to be a Witness. Any public official or employee or any person having been charged with another offense under this Act and who voluntarily gives information pertaining to an investigation or who willingly testifies therefore, shall be exempt from prosecution in the case/s where his/her information and testimony are given. The discharge may be granted and directed by the investigating body or court upon the application or petition of any of the respondent/accused-informant and before the termination of the investigation:
Immunity, Discharge of Co- Respondent/Accused to be a Witness.(Cont.) Provided, That: A.) There is absolute necessity for the testimony of the respondent/accused- informant whose discharge is requested; B.) There is no other direct evidence available for the proper prosecution of the offense committed, except the testimony of said respondent/accused- informant;" C.) The testimony of said respondent can be substantially corroborated in its material points;"
D.) The respondent/accused-informant has not been previously convicted of a crime involving moral turpitude; and the said respondent/accused-informant does not appear to be the most guilty. Evidence adduced in support of the discharge shall automatically form part of the records of the investigation. Should the investigating body or court deny the motion or request for discharge as a witness, his/her sworn statement shall be inadmissible as evidence. 28 Immunity, Discharge of Co- Respondent/Accused to be a Witness.(Cont.)
THANK YOU FOR READING =)

Recommended

Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018ProColombia
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
4514611.ppt
4514611.ppt4514611.ppt
4514611.pptssusera4419c
 
Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...
Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...
Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...MSL
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
20131008 agoria big data vs data protection
20131008 agoria big data vs data protection20131008 agoria big data vs data protection
20131008 agoria big data vs data protectionJos Dumortier
 

Recommended

Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018ProColombia
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
4514611.ppt
4514611.ppt4514611.ppt
4514611.pptssusera4419c
 
Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...
Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...
Transatlantic Personal Data Processing: Complying with the new EU-US Privacy ...MSL
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
20131008 agoria big data vs data protection
20131008 agoria big data vs data protection20131008 agoria big data vs data protection
20131008 agoria big data vs data protectionJos Dumortier
 
2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness WorkshopPaul Jacobson
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Getting The Deal Through: Data Protection and Privacy 2016
Getting The Deal Through: Data Protection and Privacy 2016Getting The Deal Through: Data Protection and Privacy 2016
Getting The Deal Through: Data Protection and Privacy 2016Matheson Law Firm
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)BenjaminShalevSalovi
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxssuser36d167
 
SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013- Mark - Fullbright
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!catherinecoulter
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!catherinecoulter
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...Dr. Oliver Massmann
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesCaroline Boscher
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINALImraan Kharwa
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About PrivacyNow Dentons
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!Now Dentons
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 

More Related Content

Similar to Group 5 Banking Laws Semi Finals.pptx

2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness WorkshopPaul Jacobson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Getting The Deal Through: Data Protection and Privacy 2016
Getting The Deal Through: Data Protection and Privacy 2016Getting The Deal Through: Data Protection and Privacy 2016
Getting The Deal Through: Data Protection and Privacy 2016Matheson Law Firm
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)BenjaminShalevSalovi
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxssuser36d167
 
SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013- Mark - Fullbright
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!catherinecoulter
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!catherinecoulter
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...Dr. Oliver Massmann
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About PrivacyNow Dentons
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!Now Dentons
 

Similar to Group 5 Banking Laws Semi Finals.pptx (20)

2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Getting The Deal Through: Data Protection and Privacy 2016
Getting The Deal Through: Data Protection and Privacy 2016Getting The Deal Through: Data Protection and Privacy 2016
Getting The Deal Through: Data Protection and Privacy 2016
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
 
SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About Privacy
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!
 

Recently uploaded

Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCRsoniya singh
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxAbhayThakur200703
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | DelhiFULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | DelhiMalviyaNagarCallGirl
 
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...lizamodels9
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCRsoniya singh
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...Khaled Al Awadi
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptx
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptxBanana Powder Manufacturing Plant Project Report 2024 Edition.pptx
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptxgeorgebrinton95
 

Recently uploaded (20)

Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptx
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | DelhiFULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
 
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
 
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptx
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptxBanana Powder Manufacturing Plant Project Report 2024 Edition.pptx
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptx
 

Group 5 Banking Laws Semi Finals.pptx

  • 1. BANKING LAWS: 2.4 Accountability of Transfer of Information 2.5 Penalties for Violation Group 5 Osin, Riche Osorio, Marian Quiao, Stephenjon Repolidon, Margaret
  • 2. Questions; 1. Is there a general Accountability obligation for Data Privacy? 2. What are the 5 pillars of data privacy accountability and compliance? 3. Is a Data Protection Officer (DPA) accountable for it's compliance from the PIC or PIP on the Data Privacy Act? 4. Does an organization always need your consent about sharing your personal data without permission? 5. How does the data privacy Act protect individuals from violations? 6. What if the offender is a partnership, corporation, or any juridical person? 7. What are the issues of NPC regarding the Circular on Administrative Fines for data privacy infractions of the PIC or PIP and explain? 8. What are the administrative violations of a PIC or PIP regarding data privacy? 9. What are the amount of fine if the PIC or PIP shall be subject to an administrative violation of data privacy? 10. What will happen if a PIC or PIP that refuses to pay the administrative fine regarding the Circular of data privacy infractions?
  • 3. Answers; 1. Is there a general Accountability obligation for Data Privacy? Yes, the Personal information Controllers and Personal Information Processors must implement reasonable and appropriate organizational, physical, and technical security measures for the protection of personal data. 2. What are the 5 pillars of data privacy accountability and compliance? (1) Appoint a data protection officer. (2) Conduct a privacy impact assessment to identify capabilities, threats, and risks. (3) Develop a privacy management programme. (4) Implement data privacy governance to ensure proper execution of security measures. (5) Prepare data breach protocols. 3. Is a Data Protection Officer (DPA) accountable for it's compliance from the PIC or PIP on the Data Privacy Act? Yes, a Data Protection Officer shall be accountable for ensuring the compliance by the PIC or PIP with the Data Privacy Act, its Implementing Rules and Regulations (IRR), issuances by the National Privacy Commission (NPC), and other applicable laws and regulations relating to privacy and data protection.
  • 4. Answers; 4. Does an organization always need your consent about sharing your personal data without permission? No. Organizations don't always need your consent to use your personal data, because anyone can use it without consent if they have a valid reason. 5. How does the data privacy Act protect individuals from violations? The right to erasure or blocking: Under the law, you have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data. 6. What if the offender is a partnership, corporation, or any juridical person? Answer: The law says that the penalty shall be imposed upon the responsible officers, as the case may be, who participated in, or by their gross negligence, allowed the commission of the crime.
  • 5. 5 7. What are the issues of NPC regarding the Circular on Administrative Fines for data privacy infractions of the PIC or PIP and explain? Answer: Depending on whether the violation is grave or major, the NPC will impose administrative fines ranging from 0.5% to 3% and 0.25% to 2%, respectively, of the annual gross income of the PIC or PIP that committed the infraction. If a PIC or PIP has not been operating for more than one year, the base for computing administrative fines will be the entity’s total gross income at the time the violation was committed. 8. What are the administrative violations of a PIC or PIP regarding data privacy? (1) failure to register the true identity or contact details of the PIC, the data processing system, or information on automated decision making; or (2) failure to provide updated information as to the identity or contact details of the PIC, the data processing system, or information on automated decision making. Answers;
  • 6. Answers; 9.What are the amount of fine if the PIC or PIP shall be subject to an administrative violation of data privacy? The PIC or PIP shall be subject to an administrative fine of not less than Fifty Thousand Pesos (Php 50,000.00) but not exceeding Two Hundred Thousand Pesos (Php 200,000.00). 10. What will happen if a PIC or PIP that refuses to pay the administrative fine regarding the Circular of data privacy infractions? Answer: PICs or PIPs that refuse to pay the administrative fine under the circular may be subject to a Cease and Desist Order, other processes or reliefs as the Commission may be authorized to initiate pursuant to Section 7 of the Data Privacy Act, and appropriate contempt proceedings under the Rules of Court.
  • 7. REPUBLIC ACT NO. 10173 Accountability for Transfer of Personal Information Section 21 Principle of Accountability - The personal information controller is accountable for complying with the requirements of this Act and shall use contractual or other reasonable means to provide a comparable level of protection while the information are being processed by a third party. - The personal information controller shall designate an individual or individuals who are accountable for the organization’s compliance with this Act. The identity of the individual(s) so designated shall be made known to any data subject upon request.. DATA PRIVACY ACT - It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.
  • 8. Accountability for violation of the Act, the Rules and Other Issuances of the Commission A.) Any natural or juridical person, or other body involved in the processing of personal data, who fails to comply with Act, the Rules, and other issuances of the commission, shall be liable for such violation, and shall be subject to its corresponding sanction, penalty, or fine, without prejudice to any civil or criminal liability, as may be applicable.
  • 9. B.) In cases where a data subject files a complaint for violation of his or her rights as data subjects, and for any injury suffered as a result of the processing of his or her personal data, the Commission may award indemnity on the basis of the applicable provisions of the New Civil Code. C.) In case of criminal acts and their corresponding personal penalties, the person who committed the unlawful act or omission shall be recommended for prosecution by the commission based on substantial evidence. 9 Accountability for violation of the Act, the Rules and Other Issuances of the Commission (Cont.)
  • 10. DATA BREACH NOTIFICATION A.) The Commission and affected data subjects shall be notified by the personal information controller within 72 hours upon knowledge of, or when there is reasonable belief by the personal information controller or personal information processor that, a personal data breach requiring notification has occurred. B.) Notification of personal data breach shall be required when sensitive personal information or any other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the Commission believes that such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject.
  • 11. DATA BREACH NOTIFICATION(Cont.) C.) Depending on the nature of the incident, or if there is delay or failure to notify, the Commission may investigate the circumstances surrounding the personal data breach. Investigation may include on- site examination of systems and procedures.
  • 12. Contents of Notification The notification shall at least describe the nature of the breach, the personal data possibly involved, and the measures taken by the entity to address the breach. The notification shall also include measures taken to reduce the harm or negative consequences of the breach, the representatives of the personal information controller, including their contact details, from whom the data subject can obtain additional information about the breach, and any assistance to be provided to the affected data subjects.
  • 13. Delay of Notification - Notification may be delayed only to the extent necessary to determine the scope of the breach. To prevent further disclosures, or to restore reasonable integrity to the information and communications system. - In evaluating if notification is unwarranted, the Commission may take into account compliance by the personal information controller with this section and existence of good faith in the acquisition of personal data.
  • 14. - The Commission may exempt a personal information controller from notification where, in its reasonable judgment, such notification would not be in the public interest, or in the interest of the affected data subjects. - The Commission may authorize postponement of notification where it may hinder the progress of a criminal investigation related to a serious breach. 14 Delay of Notification
  • 15. Breach Report - The personal information controller shall notify the Commission by submitting a report, whether written or electronic, containing the required contents of notification. The report shall also include the name of a designated representative of the personal information controller, and his or her contact details. - All security incidents and personal data breaches shall be documented through written reports, including those not covered by the notification requirements.
  • 16. Enforcement of the Data Privacy Act - Pursuant to the mandate of the Commission to administer and implement the Act, and to ensure the compliance of personal information controllers with its obligations under the law, the Commission requires the following: A.) Registration of personal data processing systems operating in the country that involves accessing or requiring sensitive personal information.
  • 17. B.) Notification of automated processing operations where the processing becomes the sole basis of making decisions. C.) Annual report of the summary of documented security incidents and personal data breaches. D.) Compliance with other requirements that may be provided in other issuances of the Commission. 17 Enforcement of the Data Privacy Act (Cont.)
  • 18. Registration of Personal Data Processing Systems A.) The contents of registration shall include: 1. The name and address of the personal information controller or personal information processor 2. The purpose or purposes of the processing, and whether processing is being done under an outsourcing or subcontracting agreement; 3. A description of the category or categories of data subjects, and of the data or categories of data relating to them; 4. The recipients or categories of recipients to whom the data might be disclosed; 5. Proposed transfers of personal data outside the Philippines;
  • 19. Registration of Personal Data Processing Systems(Cont.) 6. A general description of privacy and security measures for data protection; 7. Brief description of the data processing system; 8. Copy of all policies relating to data governance, data privacy, and information security; 9. Attestation to all certifications attained that are related to information and communications processing; and 10. Name and contact details of the compliance or data protection officer, which shall immediately be updated in case of changes. B.) The procedure for registration shall be in accordance with the rules and other issuances of the commission.
  • 20. Notification of Automated Processing Operations The notification shall include the following information: 1. Purpose of processing; 2. Categories of personal data to undergo processing; 3. Category or categories of data subject; 4. Consent forms or manner of obtaining consent; 5. The recipients or categories of recipients to whom the data are to be disclosed;
  • 21. 6. The length of time the data are to be stored; 7. Methods and logic utilized for automated processing; 8. Decisions relating to the data subject that would be made on the basis of processed data; 9. Names and contract details of the compliance or data protection officer. No decision with legal effects concerning a data subject shall be made solely on the basis of automated processing without the consent of the data subject. 21 Notification of Automated Processing Operations (Cont.)
  • 22. Violations, Jurisdiction, Penalties, and Immunity Any person who performs or cause the performance of the following acts shall be liable: - Refusal to accept application or request with complete requirements being submitted by an applicant or requesting party without due cause; - Imposition of additional requirements other than those listed in the Citizen’s Charter;"(c) Imposition of additional costs not reflected in the Citizen’s Charter; - Failure to give the applicant or requesting party a written notice on the disapproval of an application or request;
  • 23. Violations, Jurisdiction, Penalties, and Immunity(Cont.) - Failure to render government services within the prescribed processing time on any application or request without due cause; - Failure to attend to applicants or requesting parties who are within the premises of the office or agency concerned prior to the end of official working hours and during lunch break. - Failure or refusal to issue official receipts; and - Fixing and/or collusion with fixers in consideration of economic and/or other gain or advantage.
  • 24. Penalties and Liabilities. Any violations of the preceding actions will warrant the following penalties and liabilities. • Criminal liability - shall also be incurred through the commission of bribery, extortion, or when the violation was done deliberately and maliciously to solicit favor in cash or in kind. In such cases, the pertinent provisions of the Revised Penal Code and other special laws shall apply. • Civil and Criminal Liability - Not Barred. The finding of administrative liability under this Act shall not be a bar to the filing of criminal, civil or other related charges under existing laws arising from the same act or omission as herein enumerated.
  • 25. • Administrative Jurisdiction. - The administrative jurisdiction on any violation of the provisions of this Act shall be vested in either the CSC, or the Office of the Ombudsman as determined by appropriate laws and issuances." 25 Penalties and Liabilities. (Cont.)
  • 26. Immunity, Discharge of Co- Respondent/Accused to be a Witness. Any public official or employee or any person having been charged with another offense under this Act and who voluntarily gives information pertaining to an investigation or who willingly testifies therefore, shall be exempt from prosecution in the case/s where his/her information and testimony are given. The discharge may be granted and directed by the investigating body or court upon the application or petition of any of the respondent/accused-informant and before the termination of the investigation:
  • 27. Immunity, Discharge of Co- Respondent/Accused to be a Witness.(Cont.) Provided, That: A.) There is absolute necessity for the testimony of the respondent/accused- informant whose discharge is requested; B.) There is no other direct evidence available for the proper prosecution of the offense committed, except the testimony of said respondent/accused- informant;" C.) The testimony of said respondent can be substantially corroborated in its material points;"
  • 28. D.) The respondent/accused-informant has not been previously convicted of a crime involving moral turpitude; and the said respondent/accused-informant does not appear to be the most guilty. Evidence adduced in support of the discharge shall automatically form part of the records of the investigation. Should the investigating body or court deny the motion or request for discharge as a witness, his/her sworn statement shall be inadmissible as evidence. 28 Immunity, Discharge of Co- Respondent/Accused to be a Witness.(Cont.)