SlideShare a Scribd company logo

Data Privacy Act of 2012 (R.A. 10173) Briefing 2017

Jay Castillo
Jay Castillo

Briefing on the Data Privacy Act of 2012 (Republic Act 10173) with emphasis on the key concepts, general obligations, accountabilities, penalties

Law
1 of 25
Download to read offline
* March 16, 2017 Atty. Jay C. Castillo
* 1. An Overview of DPA a. Purpose & Scope b. Key Concepts c. General Obligations & Accountability d. Offenses/Penalties 2. The DP Committee a. Functions b. Timelines & Deliverables 2
* PURPOSE *To safeguard the right of every individual to privacy while ensuring free flow of information for innovation, growth and national development. 3
* SCOPE *Defines rights of data subjects *Provides parameters for securing, processing and providing access to personal information, by any natural and juridical person in the government or private sector. *Imposes penal and pecuniary sanctions for unlawful use or disclosure of information. 4
* Any information from which the identity of an individual is apparent or can be ascertained by the entity holding the information or when put together with other information would directly and certainly identify an individual. 5
• race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations • health, education, genetic or sexual life, or to any proceeding for any offense committed or alleged to have been committed by a person, the disposal of such proceeding, or the sentence of any court in such proceedings SENSITIVE PERSONAL INFORMATION 6
SENSITIVE PERSONAL INFORMATION • Issued by government agencies peculiar to an individual, e.g. social security numbers, previous or current health records, licenses or its denials, suspension or revocation, tax returns • Specifically established by an executive order or an act of Congress to be kept classified 7
PROCESSING collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data 8
GENERAL PRINCIPLES • Collection must be for a declared, specified, and legitimate purpose • Personal information shall be processed fairly and lawfully • Processing should ensure data quality • Personal information shall not be retained longer than necessary • Any authorized further processing shall have adequate safeguards 9
ACCESS TO PERSONAL INFORMATION • Must be strictly regulated by agency head thru security clearance • Access rights and identity authentication required for online access by agency personnel • Allocated network drive to prevent saving files to local machine 10
ACCESS TO PERSONAL INFORMATION • Only known devices, properly configured to the agency’s standards can be used • Remote disconnection or deletion of data from lost devices • Access log for paper files or any physical media 11
TRANSFER OF PERSONAL INFORMATION • Encrypt data sent thru email or use secure facility • Access controls must be in place for printing or copying personal information • Manual transfer of personal information through removable physical media, (e.g. compact discs) not allowed • If unavoidable or necessary, personal information must be encrypted if stored in portable media • Facsimile technology not allowed 12
TRANSFER OF PERSONAL INFORMATION • Transmittal of data by mail or post shall use registered mail delivered only to the addressee. • Similar safeguards shall be adopted for documents transmitted between offices or personnel within the agency. 13
* *A process undertaken and used by a government agency to evaluate and manage privacy impacts. 14
* The Privacy Impact Assessment shall include the following: A. A data inventory identifying: 1.) the types of personal data held by the agency, including records of its own employees; 2.) list of all information repositories holding personal data, including their location; 3.) types of media used for storing the personal data; and 4.) risks associated with the processing of the personal data. 15
* B. a systematic description of the processing operations anticipated and the purposes of the processing, including, where applicable, the legitimate interest pursued by the agency; C. an assessment of the necessity and proportionality of the processing in relation to the purposes of the processing; and D. an assessment of the risks to the rights and freedoms of data subjects. 16
* “xxx a comprehensive enumeration of the measures intended to address the risks, including organizational, physical and technical measures to maintain the availability, integrity and confidentiality of personal data and to protect the personal data against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination. Xxx” 17
* 1. Designate a Data Protection Officer 2. Conduct a Privacy Impact Assessment 3. Create privacy and data protection policies 4. Conduct a mandatory, agency-wide training on privacy and data protection policies once a year 18
* 5. Register its data processing systems with the Commission. 6. Cooperate with the NPC when the agency’s privacy and data protection policies are subjected to review and assessment. 19
*Should be complied with by September 2017 *Penalties/ Liabilites: *compliance and enforcement orders, cease and desist orders, temporary or permanent ban on the processing of personal data, or payment of fines, in accordance with a schedule to be published by the Commission. *administrative and disciplinary sanctions against any erring public officer or employee in accordance with existing laws or regulations. 20
* *Head of agencies/ DPOs shall be accountable for complying with the requirements of the Act. (Secs. 21/22, RA 10173; Secs. 50/51, IRR) 21
ACTS PUNISHABLE PENALTY Unauthorized processing of personal information Imprisonment-1 to 3 years Fine- P500K to P2M Unauthorized processing of sensitive personal information Imprisonment- 3 to 6 years Fine- P500K to P4M Accessing personal information due to negligence Imprisonment-1 to 3 years Fine- P500K to P2M Accessing sensitive personal information due to negligence Imprisonment- 3 to 6 years Fine- P500K to P4M Improper disposal of personal information Imprisonment-6 months to 2 years Fine- P100K to P500k Improper disposal of sensitive personal information Imprisonment-1 to 3 years Fine- P100K to P1M What acts are punishable under the DPA? 22
ACTS PUNISHABLE PENALTY Processing of personal information for unauthorized purposes Imprisonment-1 year & 6 mos. to 5 years Fine- P500K to P1M Processing of sensitive personal information for unauthorized purposes Imprisonment- 2 to 7 years Fine- P500K to P2M Unauthorized access or intentional breach Imprisonment-1 to 3 years Fine- P500K to P1M Malicious disclosure Imprisonment- 1 yr. & 6 months to 5 yrs. Fine- P500K to P1M Unauthorized disclosure of personal information Imprisonment-1 to 3 years Fine- P500K to P1M What acts are punishable under the DPA? 23
ACTS PUNISHABLE PENALTY Unauthorized disclosure of sensitive personal information Imprisonment-3 to 5 years Fine- P500K to P2M Combination or series of acts Imprisonment-3 to 6 years Fine- P1M to P5M What acts are punishable under the DPA? Perpetual or temporary absolute disqualification from office in addition to the above penalties. 24
25 THANK YOU! 25 For questions or comments, you may email me at privacy.info.ph@gmail.com

Recommended

Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the Philippines
Shirley Ingles-Cruz
 
Basic Data Privacy for Non Lawyers
Basic Data Privacy for Non LawyersBasic Data Privacy for Non Lawyers
Basic Data Privacy for Non Lawyers
JDP Consulting
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
Kittelson & Carpo Consulting
 
Data privacy act
Data privacy actData privacy act
Data privacy act
ansherina erika dejan
 
Data Privacy - Penalties for Non-Compliance
Data Privacy - Penalties for Non-ComplianceData Privacy - Penalties for Non-Compliance
Data Privacy - Penalties for Non-Compliance
JDP Consulting
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)
Kirk Go
 
Data Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptxData Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptx
CeresMargaretMangibi
 
CEU DPA
CEU DPACEU DPA
CEU DPA
BERBERGRACEMARJORIE
 

Recommended

Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the Philippines
Shirley Ingles-Cruz
 
Basic Data Privacy for Non Lawyers
Basic Data Privacy for Non LawyersBasic Data Privacy for Non Lawyers
Basic Data Privacy for Non Lawyers
JDP Consulting
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
Kittelson & Carpo Consulting
 
Data privacy act
Data privacy actData privacy act
Data privacy act
ansherina erika dejan
 
Data Privacy - Penalties for Non-Compliance
Data Privacy - Penalties for Non-ComplianceData Privacy - Penalties for Non-Compliance
Data Privacy - Penalties for Non-Compliance
JDP Consulting
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)
Kirk Go
 
Data Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptxData Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptx
CeresMargaretMangibi
 
CEU DPA
CEU DPACEU DPA
CEU DPA
BERBERGRACEMARJORIE
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperatives
jo bitonio
 
Republic Act 10175: Cybercrime Prevention Act of 2012
Republic Act 10175: Cybercrime Prevention Act of 2012Republic Act 10175: Cybercrime Prevention Act of 2012
Republic Act 10175: Cybercrime Prevention Act of 2012
Michael Roa
 
ra 6713.pptx
ra 6713.pptxra 6713.pptx
ra 6713.pptx
ahelove
 
Cybercrime law in the philippines
Cybercrime law in the philippinesCybercrime law in the philippines
Cybercrime law in the philippines
ian_oguis
 
RA 7877 Sexual Harassment Act
RA 7877 Sexual Harassment ActRA 7877 Sexual Harassment Act
RA 7877 Sexual Harassment Act
Jofred Martinez
 
Ra 7610
Ra 7610Ra 7610
Ra 7610
ma juna villasis
 
Summary Bill or RIGHTS Article 3 Section 1-22
Summary Bill or RIGHTS Article 3 Section 1-22Summary Bill or RIGHTS Article 3 Section 1-22
Summary Bill or RIGHTS Article 3 Section 1-22
Lyceum of the Philippines University- Cavite
 
Labor Code
Labor CodeLabor Code
Labor Code
DOLE e-Learning
 
Ra 9262 (VAWC)
Ra 9262 (VAWC)Ra 9262 (VAWC)
Ra 9262 (VAWC)
F Mad
 
The LABOR CODE made EASY (by Atty. PoL Sangalang)
The LABOR CODE made EASY (by Atty. PoL Sangalang)The LABOR CODE made EASY (by Atty. PoL Sangalang)
The LABOR CODE made EASY (by Atty. PoL Sangalang)
PoL Sangalang
 
Cybercrime law
Cybercrime lawCybercrime law
Cybercrime law
Tearsome Llantada
 
Anti-voyeurism in the Philippines presentation
Anti-voyeurism in the Philippines presentationAnti-voyeurism in the Philippines presentation
Anti-voyeurism in the Philippines presentation
Trix Rodriguez
 
Act no.-3815-revised-penal-code-of-the-phils.-crimes-committed-by-public-offi...
Act no.-3815-revised-penal-code-of-the-phils.-crimes-committed-by-public-offi...Act no.-3815-revised-penal-code-of-the-phils.-crimes-committed-by-public-offi...
Act no.-3815-revised-penal-code-of-the-phils.-crimes-committed-by-public-offi...
cherry Marie Facun
 
Employee benefits and services (Philippines)
Employee benefits and services (Philippines)Employee benefits and services (Philippines)
Employee benefits and services (Philippines)
geomarbalajo
 
Republic Act No. 6713 CODE OF CONDUCT AND ETHICAL STANDARDS FOR THE PUBLIC OF...
Republic Act No. 6713 CODE OF CONDUCT AND ETHICAL STANDARDS FOR THE PUBLIC OF...Republic Act No. 6713 CODE OF CONDUCT AND ETHICAL STANDARDS FOR THE PUBLIC OF...
Republic Act No. 6713 CODE OF CONDUCT AND ETHICAL STANDARDS FOR THE PUBLIC OF...
Rochelle May Canlas
 
Cybersex law
Cybersex lawCybersex law
Cybersex law
Ronnel Fernandez
 
Security Act 2007
Security Act 2007Security Act 2007
Security Act 2007
Jo Balucanag - Bitonio
 
Labor code of the philippines
Labor code of the philippinesLabor code of the philippines
Labor code of the philippines
Allain Flores
 
Title ii crimes against fundamental laws of the state
Title ii crimes against fundamental laws of the stateTitle ii crimes against fundamental laws of the state
Title ii crimes against fundamental laws of the state
Jose Van Tan
 
Social, political, economic & cultural issues of the ph
Social, political, economic & cultural issues of the phSocial, political, economic & cultural issues of the ph
Social, political, economic & cultural issues of the ph
Dyahmm Cabrera
 
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
REVULN
 
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
Dr. Oliver Massmann
 

More Related Content

What's hot

Cybercrime law in the philippines
Cybercrime law in the philippinesCybercrime law in the philippines
Cybercrime law in the philippines
ian_oguis
 
Ra 9262 (VAWC)
Ra 9262 (VAWC)Ra 9262 (VAWC)
Ra 9262 (VAWC)
F Mad
 
Act no.-3815-revised-penal-code-of-the-phils.-crimes-committed-by-public-offi...
Act no.-3815-revised-penal-code-of-the-phils.-crimes-committed-by-public-offi...Act no.-3815-revised-penal-code-of-the-phils.-crimes-committed-by-public-offi...
Act no.-3815-revised-penal-code-of-the-phils.-crimes-committed-by-public-offi...
cherry Marie Facun
 
Labor code of the philippines
Labor code of the philippinesLabor code of the philippines
Labor code of the philippines
Allain Flores
 
Title ii crimes against fundamental laws of the state
Title ii crimes against fundamental laws of the stateTitle ii crimes against fundamental laws of the state
Title ii crimes against fundamental laws of the state
Jose Van Tan
 

What's hot (20)

Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperatives
 
Republic Act 10175: Cybercrime Prevention Act of 2012
Republic Act 10175: Cybercrime Prevention Act of 2012Republic Act 10175: Cybercrime Prevention Act of 2012
Republic Act 10175: Cybercrime Prevention Act of 2012
 
ra 6713.pptx
ra 6713.pptxra 6713.pptx
ra 6713.pptx
 
Cybercrime law in the philippines
Cybercrime law in the philippinesCybercrime law in the philippines
Cybercrime law in the philippines
 
RA 7877 Sexual Harassment Act
RA 7877 Sexual Harassment ActRA 7877 Sexual Harassment Act
RA 7877 Sexual Harassment Act
 
Ra 7610
Ra 7610Ra 7610
Ra 7610
 
Summary Bill or RIGHTS Article 3 Section 1-22
Summary Bill or RIGHTS Article 3 Section 1-22Summary Bill or RIGHTS Article 3 Section 1-22
Summary Bill or RIGHTS Article 3 Section 1-22
 
Labor Code
Labor CodeLabor Code
Labor Code
 
Ra 9262 (VAWC)
Ra 9262 (VAWC)Ra 9262 (VAWC)
Ra 9262 (VAWC)
 
The LABOR CODE made EASY (by Atty. PoL Sangalang)
The LABOR CODE made EASY (by Atty. PoL Sangalang)The LABOR CODE made EASY (by Atty. PoL Sangalang)
The LABOR CODE made EASY (by Atty. PoL Sangalang)
 
Cybercrime law
Cybercrime lawCybercrime law
Cybercrime law
 
Anti-voyeurism in the Philippines presentation
Anti-voyeurism in the Philippines presentationAnti-voyeurism in the Philippines presentation
Anti-voyeurism in the Philippines presentation
 
Act no.-3815-revised-penal-code-of-the-phils.-crimes-committed-by-public-offi...
Act no.-3815-revised-penal-code-of-the-phils.-crimes-committed-by-public-offi...Act no.-3815-revised-penal-code-of-the-phils.-crimes-committed-by-public-offi...
Act no.-3815-revised-penal-code-of-the-phils.-crimes-committed-by-public-offi...
 
Employee benefits and services (Philippines)
Employee benefits and services (Philippines)Employee benefits and services (Philippines)
Employee benefits and services (Philippines)
 
Republic Act No. 6713 CODE OF CONDUCT AND ETHICAL STANDARDS FOR THE PUBLIC OF...
Republic Act No. 6713 CODE OF CONDUCT AND ETHICAL STANDARDS FOR THE PUBLIC OF...Republic Act No. 6713 CODE OF CONDUCT AND ETHICAL STANDARDS FOR THE PUBLIC OF...
Republic Act No. 6713 CODE OF CONDUCT AND ETHICAL STANDARDS FOR THE PUBLIC OF...
 
Cybersex law
Cybersex lawCybersex law
Cybersex law
 
Security Act 2007
Security Act 2007Security Act 2007
Security Act 2007
 
Labor code of the philippines
Labor code of the philippinesLabor code of the philippines
Labor code of the philippines
 
Title ii crimes against fundamental laws of the state
Title ii crimes against fundamental laws of the stateTitle ii crimes against fundamental laws of the state
Title ii crimes against fundamental laws of the state
 
Social, political, economic & cultural issues of the ph
Social, political, economic & cultural issues of the phSocial, political, economic & cultural issues of the ph
Social, political, economic & cultural issues of the ph
 

Similar to Data Privacy Act of 2012 (R.A. 10173) Briefing 2017

Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
REVULN
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Werksmans Attorneys
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection Law
FatmaAkram2
 

Similar to Data Privacy Act of 2012 (R.A. 10173) Briefing 2017 (20)

Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
 
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
 
DR. OLIVER MASSMANN - PRIVACY LAWS IN ASIA
DR. OLIVER MASSMANN - PRIVACY LAWS IN ASIADR. OLIVER MASSMANN - PRIVACY LAWS IN ASIA
DR. OLIVER MASSMANN - PRIVACY LAWS IN ASIA
 
Data Privacy Act.pdf
Data Privacy Act.pdfData Privacy Act.pdf
Data Privacy Act.pdf
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
Data protection
Data protectionData protection
Data protection
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
GDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsGDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and Communications
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
 
Data privacy act of 2012.pdf
Data privacy act of 2012.pdfData privacy act of 2012.pdf
Data privacy act of 2012.pdf
 
20230906-Information-Security-and-Data-Priv.pdf
20230906-Information-Security-and-Data-Priv.pdf20230906-Information-Security-and-Data-Priv.pdf
20230906-Information-Security-and-Data-Priv.pdf
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection Law
 
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 20122019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
 
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
 
GDPR: Protecting Your Data
GDPR: Protecting Your DataGDPR: Protecting Your Data
GDPR: Protecting Your Data
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPR
 
Asia Counsel Insights May 2023
Asia Counsel Insights May 2023Asia Counsel Insights May 2023
Asia Counsel Insights May 2023
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCM
 

Recently uploaded

Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
JosephCanama
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
A AA
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
bd2c5966a56d
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
Airst S
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
Aurora Consulting
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
e9733fc35af6
 
一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理
Airst S
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
e9733fc35af6
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
Airst S
 
Corporate Governance (Indian Scenario, Legal frame work in India ) - PPT.ppt
Corporate Governance (Indian Scenario, Legal frame work in India ) - PPT.pptCorporate Governance (Indian Scenario, Legal frame work in India ) - PPT.ppt
Corporate Governance (Indian Scenario, Legal frame work in India ) - PPT.ppt
RRR Chambers
 

Recently uploaded (20)

Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptx
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
Police Misconduct Lawyers - Law Office of Jerry L. Steering
Police Misconduct Lawyers - Law Office of Jerry L. SteeringPolice Misconduct Lawyers - Law Office of Jerry L. Steering
Police Misconduct Lawyers - Law Office of Jerry L. Steering
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
 
Elective Course on Forensic Science in Law
Elective Course on Forensic Science in LawElective Course on Forensic Science in Law
Elective Course on Forensic Science in Law
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
 
Hely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdfHely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdf
 
Corporate Governance (Indian Scenario, Legal frame work in India ) - PPT.ppt
Corporate Governance (Indian Scenario, Legal frame work in India ) - PPT.pptCorporate Governance (Indian Scenario, Legal frame work in India ) - PPT.ppt
Corporate Governance (Indian Scenario, Legal frame work in India ) - PPT.ppt
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 

Data Privacy Act of 2012 (R.A. 10173) Briefing 2017

  • 1. * March 16, 2017 Atty. Jay C. Castillo
  • 2. * 1. An Overview of DPA a. Purpose & Scope b. Key Concepts c. General Obligations & Accountability d. Offenses/Penalties 2. The DP Committee a. Functions b. Timelines & Deliverables 2
  • 3. * PURPOSE *To safeguard the right of every individual to privacy while ensuring free flow of information for innovation, growth and national development. 3
  • 4. * SCOPE *Defines rights of data subjects *Provides parameters for securing, processing and providing access to personal information, by any natural and juridical person in the government or private sector. *Imposes penal and pecuniary sanctions for unlawful use or disclosure of information. 4
  • 5. * Any information from which the identity of an individual is apparent or can be ascertained by the entity holding the information or when put together with other information would directly and certainly identify an individual. 5
  • 6. • race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations • health, education, genetic or sexual life, or to any proceeding for any offense committed or alleged to have been committed by a person, the disposal of such proceeding, or the sentence of any court in such proceedings SENSITIVE PERSONAL INFORMATION 6
  • 7. SENSITIVE PERSONAL INFORMATION • Issued by government agencies peculiar to an individual, e.g. social security numbers, previous or current health records, licenses or its denials, suspension or revocation, tax returns • Specifically established by an executive order or an act of Congress to be kept classified 7
  • 8. PROCESSING collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data 8
  • 9. GENERAL PRINCIPLES • Collection must be for a declared, specified, and legitimate purpose • Personal information shall be processed fairly and lawfully • Processing should ensure data quality • Personal information shall not be retained longer than necessary • Any authorized further processing shall have adequate safeguards 9
  • 10. ACCESS TO PERSONAL INFORMATION • Must be strictly regulated by agency head thru security clearance • Access rights and identity authentication required for online access by agency personnel • Allocated network drive to prevent saving files to local machine 10
  • 11. ACCESS TO PERSONAL INFORMATION • Only known devices, properly configured to the agency’s standards can be used • Remote disconnection or deletion of data from lost devices • Access log for paper files or any physical media 11
  • 12. TRANSFER OF PERSONAL INFORMATION • Encrypt data sent thru email or use secure facility • Access controls must be in place for printing or copying personal information • Manual transfer of personal information through removable physical media, (e.g. compact discs) not allowed • If unavoidable or necessary, personal information must be encrypted if stored in portable media • Facsimile technology not allowed 12
  • 13. TRANSFER OF PERSONAL INFORMATION • Transmittal of data by mail or post shall use registered mail delivered only to the addressee. • Similar safeguards shall be adopted for documents transmitted between offices or personnel within the agency. 13
  • 14. * *A process undertaken and used by a government agency to evaluate and manage privacy impacts. 14
  • 15. * The Privacy Impact Assessment shall include the following: A. A data inventory identifying: 1.) the types of personal data held by the agency, including records of its own employees; 2.) list of all information repositories holding personal data, including their location; 3.) types of media used for storing the personal data; and 4.) risks associated with the processing of the personal data. 15
  • 16. * B. a systematic description of the processing operations anticipated and the purposes of the processing, including, where applicable, the legitimate interest pursued by the agency; C. an assessment of the necessity and proportionality of the processing in relation to the purposes of the processing; and D. an assessment of the risks to the rights and freedoms of data subjects. 16
  • 17. * “xxx a comprehensive enumeration of the measures intended to address the risks, including organizational, physical and technical measures to maintain the availability, integrity and confidentiality of personal data and to protect the personal data against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination. Xxx” 17
  • 18. * 1. Designate a Data Protection Officer 2. Conduct a Privacy Impact Assessment 3. Create privacy and data protection policies 4. Conduct a mandatory, agency-wide training on privacy and data protection policies once a year 18
  • 19. * 5. Register its data processing systems with the Commission. 6. Cooperate with the NPC when the agency’s privacy and data protection policies are subjected to review and assessment. 19
  • 20. *Should be complied with by September 2017 *Penalties/ Liabilites: *compliance and enforcement orders, cease and desist orders, temporary or permanent ban on the processing of personal data, or payment of fines, in accordance with a schedule to be published by the Commission. *administrative and disciplinary sanctions against any erring public officer or employee in accordance with existing laws or regulations. 20
  • 21. * *Head of agencies/ DPOs shall be accountable for complying with the requirements of the Act. (Secs. 21/22, RA 10173; Secs. 50/51, IRR) 21
  • 22. ACTS PUNISHABLE PENALTY Unauthorized processing of personal information Imprisonment-1 to 3 years Fine- P500K to P2M Unauthorized processing of sensitive personal information Imprisonment- 3 to 6 years Fine- P500K to P4M Accessing personal information due to negligence Imprisonment-1 to 3 years Fine- P500K to P2M Accessing sensitive personal information due to negligence Imprisonment- 3 to 6 years Fine- P500K to P4M Improper disposal of personal information Imprisonment-6 months to 2 years Fine- P100K to P500k Improper disposal of sensitive personal information Imprisonment-1 to 3 years Fine- P100K to P1M What acts are punishable under the DPA? 22
  • 23. ACTS PUNISHABLE PENALTY Processing of personal information for unauthorized purposes Imprisonment-1 year & 6 mos. to 5 years Fine- P500K to P1M Processing of sensitive personal information for unauthorized purposes Imprisonment- 2 to 7 years Fine- P500K to P2M Unauthorized access or intentional breach Imprisonment-1 to 3 years Fine- P500K to P1M Malicious disclosure Imprisonment- 1 yr. & 6 months to 5 yrs. Fine- P500K to P1M Unauthorized disclosure of personal information Imprisonment-1 to 3 years Fine- P500K to P1M What acts are punishable under the DPA? 23
  • 24. ACTS PUNISHABLE PENALTY Unauthorized disclosure of sensitive personal information Imprisonment-3 to 5 years Fine- P500K to P2M Combination or series of acts Imprisonment-3 to 6 years Fine- P1M to P5M What acts are punishable under the DPA? Perpetual or temporary absolute disqualification from office in addition to the above penalties. 24
  • 25. 25 THANK YOU! 25 For questions or comments, you may email me at privacy.info.ph@gmail.com