[go: up one dir, main page]
Scribd
Upload
265 views24 pages

Data Privacy Act 2012

The document summarizes key aspects of the Data Privacy Act of 2012 in the Philippines, including its scope, classification of personal data, principles of transparency and legitimate purpose, and exceptions. It also describes the roles of data subjects, personal information controllers and processors, as well as the National Privacy Commission which is tasked with implementing the Act and ensuring compliance.

Uploaded by

Sam Naz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
265 views24 pages

Data Privacy Act 2012

The document summarizes key aspects of the Data Privacy Act of 2012 in the Philippines, including its scope, classification of personal data, principles of transparency and legitimate purpose, and exceptions. It also describes the roles of data subjects, personal information controllers and processors, as well as the National Privacy Commission which is tasked with implementing the Act and ensuring compliance.

Uploaded by

Sam Naz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 24

What is the Data Privacy

Act of 2012?
(R.A. 10173)
▣ AN ACT PROTECTING INDIVIDUAL
PERSONAL INFORMATION IN INFORMATION
AND COMMUNICATIONS SYSTEMS IN THE
GOVERNMENT AND THE PRIVATE SECTOR,
CREATING FOR THIS PURPOSE A NATIONAL
PRIVACY COMMISSION, AND FOR OTHER
PURPOSES .
Who stores data about you?
60 seconds
Speed of Information
KEY ROLES IN THE DATA PRIVACY ACT
▣ Data Subjects
□ Refers to an individual whose, sensitive personal, or
privileged information is processed personal
▣ Personal Information Controller (PIC)
□ Controls the processing of personal data, or instructs another
to process personal data on its behalf.
▣ Personal Information Processor (PIP)
□ Organization or individual whom a personal information
controller may outsource or instruct the processing of personal
data pertaining to a data subject
▣ Data Protection Officer (DPO)
□ Responsible for the overall management of compliance to
DPA
▣ National Privacy Commission
□ Independent body mandated to administer and implement
the DPA of 2012, and to monitor and ensure compliance of
the country with international standards set for personal data
protection
▣ SEC. 4. Scope. – This Act applies to the processing of all types of
personal information and to any natural and juridical person
involved in personal information processing including those
personal information controllers and processors who, although
not found or established in the Philippines, use equipment that are
located in the Philippines, or those who maintain an office,
branch or agency in the Philippines.
CLASSIFICATION OF PERSONAL DATA

Personal Information:
▣ Personal information refers to any
information whether recorded in a material
form or not, from which the identity of an
individual is apparent or can be reasonably
and directly ascertained by the entity
holding the information, or when put
together with other information would
directly and certainly identify an
individual.
▣ Sensitive Personal Information.
▣ Refers to personal information about an
individual’s:
□race, ethnic origin, marital status, age,
color, religious, philosophical or political
affiliations, health, education, genetics,
sexual life, any proceeding for any offense
committed or alleged to have been committed,
the disposal of such proceedings, the sentence
of any court in such proceedings;
Also includes information issued by government agencies peculiar to
an individual which includes, but not limited to:

social security numbers, previous or current health


records, licenses or its denials, suspension or revocation,
and tax returns;

and specifically established by an executive order or an act of


Congress to be kept classified.
Principle of Transparency

• aware of the nature, purpose, and extent of the processing


of his or her personal data,

• risks and safeguards involved,

• identity of personal information controller, his or her rights as


a data subject, and how these can be exercised
Principle of Legitimate Purpose
• processing of information shall be compatible with a declared
and specified purpose, which must not be contrary to law,
morals, or public policy.

Principle of Proportionality
• processing of information shall be adequate, relevant, suitable,
necessary, and not excessive in relation to a declared and
specified purpose.
(a) Information about any individual who is or was an officer or employee of a
government institution that relates to the position or functions of the
individual, including:

(1) The fact that the individual is or was an officer or employee of the
government institution;

(2) The title, business address and office telephone number of the individual;
(3) The classification, salary range and responsibilities of the position held by
the individual; and
(4) The name of the individual on a document prepared by the individual in the
course of employment with the government;
(b) Information about an individual who is or was performing service under
contract for a government institution that relates to the services performed,
including the terms of the contract, and the name of the individual given in the
course of the performance of those services;

(c) Information relating to any discretionary benefit of a financial nature such


as the granting of a license or permit given by the government to an
individual, including the name of the individual and the exact nature of the
benefit;

(d) Personal information processed for journalistic, artistic, literary or


research purposes;
(e) Information necessary in order to carry out the functions of public authority
which includes the processing of personal data for the performance by the
independent, central monetary authority and law enforcement and regulatory
agencies of their constitutionally and statutorily mandated functions.

(f) Information necessary for banks and other financial institutions under the
jurisdiction of the independent, central monetary authority or Bangko Sentral ng
Pilipinas to comply with Anti-Money Laundering Act and other applicable laws;
and

(g) Personal information originally collected from residents of foreign jurisdictions


in accordance with the laws of those foreign jurisdictions, including any applicable
data privacy laws, which is being processed in the Philippines.
Extraterritorial Application. –
act done or practice engaged in and outside of the
Philippines :

21
(a) The act, practice or processing relates to personal information about a
Philippine citizen or a resident;

(b) The entity has a link with the Philippines, and the entity is processing
personal information in the Philippines or even if the processing is outside
the Philippines as long as it is about Philippine citizens or residents.

(c) The entity has other links in the Philippines such as, but not limited to:

22
Want big impact?
Use big image.

23
body that is mandated to administer and implement
this law.

rule-making, Place your screenshot here

advisory,
public education,
compliance and monitoring,
investigations and complaints,
and enforcement.

24

You might also like