The document discusses privacy objectives, defining personal information, sensitive data, and the roles of data subjects and controllers under laws such as the Philippines' Data Privacy Act and the UK's Data Protection Act. It outlines data protection principles, emphasizing accountability, transparency, and purposefulness in the processing of personal data, as well as privacy-enhancing tools like encryption and data minimization. Additionally, it addresses invasive methods that compromise privacy, including phishing and identity theft.

1. PRIVACY

2. OBJECTIVES
Personal information
1
Data Privacy Act
2
Data protection principles
3
Data Protection Act
4
Privacy enhancing and invasive
tools/methods.
5

3. It refers to the ability of a person to control and
determine for themselves when, how, and to what extent
personal information about them is shared with or
communicated to others.
What is privacy?
1

4. Personal information refers to any information whether
recorded in a material form or not, from which the
identity of an individual is apparent or can be reasonably
and directly ascertained by the entity holding the
information, or when put together with other information
would directly and certainly identify an individual.
Personal information
A

5. Sensitive Personal Information refers to a type of
personal information that is more highly protected by
laws due to its more vulnerable nature.
Sensitive information
A

6. Data subject and personal information controller
A
refers to an individual whose
personal information is processed.
DATA SUBJECT

7. Data subject and personal information controller
A
• refers to a person or organization who controls the collection, holding, processing or use of personal information,
including a person or organization who instructs another person or organization to collect, hold, process, use,
transfer or disclose personal information on his or her behalf. The term excludes:
• A person or organization who performs such functions as instructed by another person or organization; and
• (2) An individual who collects, holds, processes or uses personal information in connection with the individual’s
personal, family or household affairs.
Personal Information Controller

8. The Republic Act No. 10173 or also known as the Privacy Act
of 2012 was signed into law by the former President Benigno
Aquino III on August 15, 2012. An act protecting individual
personal information in information and communications
systems in the government and the private sector, creating
for this purpose a national privacy commission, and for other
purposes. The DPA created the National Privacy Commission
(NPC) which is tasked to monitor its implementation.
DATA PRIVACY ACT
A

9. The Data Protection Act 2018 is the UK's implementation of
the General Data Protection Regulation (GDPR). Everyone
responsible for using personal data has to follow strict rules
called 'data protection principles'.
DATA PROTECTION ACT
A

10. Data Protection Principles - The processing of personal data
shall be allowed, subject to compliance with the
requirements of the Act and other laws allowing disclosure of
information to the public, and adherence to the principles of
transparency, legitimate purpose, accountability and
proportionality.
Data protection principles
B

11. 4 Data protection principles
B
The data subject must be aware of the
nature, purpose, and extent of the
processing of his or her personal data,
including the risks and safeguards involved,
the identity of personal information
controller, his or her rights as a data subject,
and how these can be exercised.
The processing of personal
information must be in
accordance with a declared and
specified purpose that is not
contrary to law, morals, or public
policy.
Transparency Legitimate Purposes

12. 4 Data protection principles
B
Each personal information controller is
responsible for personal information under
its control or custody, including information
that have been transferred to a third party
for processing, whether domestically or
internationally, subject to cross-border
arrangement and cooperation.
which states that the processing
of personal data shall be
adequate, relevant, suitable
necessary and not excessive in
relation to a declared specified
purpose.
Accountability Proportionality

13. Privacy-enhancing tools are tools that embody fundamental
data protection principles by minimizing personal data use,
maximizing data security, and empowering individuals.
Privacy enhancing tools/methods
C

14. Privacy enhancing and invasive tools/methods
C
Encryption scrambles data so that it can only
be deciphered by authorized users. This
helps to protect personal data from
unauthorized access, even if it is
intercepted.
is a technique used to protect personal data by
replacing identifiable information with fictitious
identifiers. The process involves transforming
personal data into a form that is no longer directly
linked to any specific individual, while still
maintaining the usefulness of the data for
analytical and other purposes
Encryption Pseudonymization

15. Privacy enhancing and invasive tools/methods
C
Data minimization refers to the practice of
collecting only the minimum amount of
personal data necessary for a specific
purpose. This helps to reduce the risk of
data breaches and identity theft.
Access controls limit access to personal data to
authorized users only. This can be done through
techniques such as password protection, role-
based access control, and multi-factor
authentication
Data minimization Access controls

16. Privacy enhancing and invasive tools/methods
C
Also known as data obfuscation, data masking
involves hiding or altering specific pieces of data to
protect sensitive information. This allows
organizations to share data without revealing
confidential details.
Data masking

17. Invasive tools and methods refer to techniques used to
intrude on someone's privacy or manipulate information
without their knowledge or consent. These actions are often
malicious and can result in data breaches, identity theft, or
other forms of cybercrime.
Invasive tools/methods
D

18. Invasive tools/methods
D
This technique involves creating fake
websites or emails that resemble legitimate
ones to trick users into entering sensitive
information, such as passwords or credit
card numbers.
Spyware is a type of malware designed to secretly
collect information about a user, such as
keystrokes, web browsing history, and chat
conversations.
Phishing Spyware

19. Invasive tools/methods
D
Stealing someone's personal information,
such as their name, date of birth, social
security number, or credit card details, to
commit fraud or other crimes under their
name.
also known as data leakage is "the unauthorized
exposure, disclosure, or loss of personal
information.
Identity theft
Data breach

20. Invasive tools/methods
D
Illegal access to computer systems,
networks, or databases to obtain sensitive
information or disrupt operations
In this type of attack, an attacker intercepts
communication between two parties,
impersonating each side to gain access to
confidential information or manipulate
transactions.
Hacking
Man-in-the-middle attacks

21. Invasive tools/methods
D
Tiny cameras can be disguised as everyday objects
to secretly record video and audio.
Hidden cameras

22. thank you!