Académique Documents
Professionnel Documents
Culture Documents
- PHYSICAL
- INFORMATIONAL
PHYSICAL PRIVACY
- could be defined as preventing "intrusions into one's physical space or solitude (state of
being alone)”
INFORMATIONAL PRIVACY
- Is the right to have some control over how your personal information is collected and used
- Is an independent body created under Republic Act No. 10173 or the Data Privacy Act of
2012, mandated to administer and implement the provisions of the Act, and to monitor and
ensure compliance of the country with international standards set for data protection. It is
attached to the Philippines' Department of Information and Communications Technology
(DICT) for purposes of policy coordination, but remains independent in the performance of
its functions. The Commission safeguards the fundamental human right of every individual
to privacy, particularly Information privacy while ensuring free flow of information for
innovation, growth, and national development.
(IRR of DPA was signed on August 24, 2016. It took effect on September 9, 2016)
FREEDOM OF INFORMATION
Requires all executive departments, agencies, bureaus, and offices to disclose public records,
contracts, transactions, and any information requested by a member of the public, except
for matters affecting national security and other information that falls under the inventory
of exceptions (issued by Executive Secretary Salvador Medialdea).
DOLE FOI MANUAL SECTION IV. While providing for access to information, the DOLE offices
shall afford full protection to a person’s right to privacy, as follows:
PERSONAL INFORMATION
- Refers to any information whether recorded in a material form or not, from which the
identity of an individual is apparent (obvious) or can be reasonably and directly ascertained
(made certain, sure) by the entity holding the information, or when put together with other
information would directly and certainly identify an individual.
A.
B. Philippine Hero Born on November 30, 1863
C. Andres De Castro Bonifacio
D. Man born on November 30, 1863
- Race, ethnic origin marital status, age, color, and religious, philosophical or political
affiliations;
- Health, education genetic or sexual life of a person, or to any proceeding for any offense
committed or alleged to have been committed or alleged to have been committed by such
person, the disposal of such proceedings, or the sentence of any court in such proceedings
- Issued by government agencies peculiar to an individual
- Specifically established by an executive order or an act of Congress to be kept classified
PREVILEGED INFORMATION
- Any and all forms of data which under the Rules of the Court and other pertinent laws
constitute privileged communication. One such example would be any information given by
a client to his lawyer. Such information would fall under attorney-client privilege and would,
therefore, be considered privileged information.
PRIVACY NOTICE
A privacy policy is a statement or a legal document (in privacy law) that discloses some or all
of the ways a party gathers, uses, discloses, and manages a customer or client's data. It fulfills a legal
requirement to protect a customer or client's privacy.
EX:
PRIVACY NOTICE
YISRAEL SOLUTIONS AND CONSULTING INC. respects your right to privacy. We collect, acquire, or
generate your personal information, including but not limited to name, profession, employer or
organization you are representing, email address, mobile number, which you provide us upon
confirming to attend to this event through YISCON’s representatives.
We shall only useyour personal information exclusively for this event: “DATA PRIVACY AWARENEESS
AND COMPLIANCE WORKSHOP” which would include exchange of business cards and contact
information for legitimate business interests and accomplishment of feedback forms.
For inquiries, concern and complaints, you may reach YISCON Data Protection officer at
ramil.madriaga@yisrael-dataprivacy.com
Policies and Procedures. The personal information controller or personal information processor
shall implement policies and procedures for guidance of its data breach response team and other
personnel in the event of a security incident. These may include:
a. A procedure for the timely discovery of security incidents, including the identification of
person or persons responsible for regular monitoring and evaluation of security incidents;
b. Clear reporting lines in the event of a possible personal data breach, including the
identification of a person responsible for setting in motion the incident response procedure,
and who shall be immediately contacted in the event of a possible or confirmed personal
data breach;
c. Conduct of a preliminary assessment for purpose of:
d. Assessing, as far as practicable, the nature and scope of the personal data breach and the
immediate damage
e. Determining the need for notification of law enforcement or external expertise; and
f. Implementing immediate measures necessary to secure any evidence, contain the security
incident and restore integrity to the information and communications system;
g. Evaluation of the security incident or personal data breach as to its nature, extent and cause,
the adequacy of safeguards in place, immediate and long-term damage, impact of the
breach, and its potential harm and negative consequences to affected data subjects;
h. Procedures for contacting law enforcement in case the security incident or personal data
breach involves possible commission of criminal acts;
i. Conduct of investigations that will evaluate fully the security incident or personal data
breach;
j. Procedures for notifying the Commission and data subjects when the breach is subject to
notification requirements, in the case of personal information controllers, and procedures
for notifying personal information controllers in accordance with a contract or agreement, in
the case of personal information processors; and
k. Policies and procedures for mitigating the possible harm and negative consequences to a
data subject in the event of a personal data breach. The personal information controller
must be ready to provide assistance to data subjects whose personal data may have been
compromised.
a. Description of the personal data breach, its root cause and circumstances regarding its
discovery;
b. Actions and decisions of the incident response team;
c. Outcome of the breach management, and difficulties encountered; and
d. Compliance with notification requirements and assistance provided to affected data
subjects.
e. A procedure for post-breach review must be established for the purpose of improving the
personal data breach management policies and procedures of the personal information
controller or personal information processor.
Regular Review. The incident response policy and procedure shall be subject to regular revision and
review, at least annually, by the Data Protection Officer, or any other person designated by the Chief
Executive Officer or the Head of Agency, as the case may be. The date of the last review and the
schedule for the next succeeding review must always be indicated in the documentation of the
incident response policy and procedure.
BREACH NOTIFICATION
1. Appoint a Data Protection Officer (an individual designated by the head of agency or
organization to be accountable for its compliance)
2. Conduct Privacy Assessment (Process undertaken to evaluate and manage the impact of a
program, process and /or measure on data privacy) Systems, Process Inventory, Threshold
Analysis, Risk Identification, Risk Management, PIA Report)
3. Create the Privacy Management Program and Privacy Manual
4. Implement Privacy and Protection Measures
5. Regularly Exercise Breach Reporting Procedures
6. Registration
DOLE-NCR COMPLIANCE
Data Protection Officer – May 24, 2018 (Online), July 6, 2018 (Hardcopy to NPC)