SlideShare une entreprise Scribd logo

Basic Data Privacy for Non Lawyers

JDP Consulting
JDP Consulting

Philippine Data Privacy Law is in Republic Act No. 10173, otherwise known as the " Data Privacy Act of 2012". In summary: 1) Processing of personal information is allowed – so long as it complies with the law. 2) As much as possible, consent should be obtained from the Data Subject for the processing of personal information. 3) The confidentiality, integrity, and availability of the personal information should be ensured. 4) Sensitive and personal information are prohibited – unless in exceptional cases. 5) Philippine Data Privacy Law has extraterritorial application and thus violations may be penalized even if done outside the Philippines.

Droit
1  sur  22
Télécharger pour lire hors ligne
Philippine Data Privacy Law Basics for Non-Lawyers
What is Data Privacy
Data Privacy Data Privacy refers to the act of protecting the integrity, confidentiality, and availability of personal information that are collected, stored, and processed. • Data Privacy is also known as information privacy. To ensure Data Privacy, the Philippines passed into Republic Act No. 10173 or the Data Privacy Act of 2012.
Policy behind the Law Declaration of Policy: “It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.” Reference: Section 2, R.A. 10173
Who are covered Scope of Application: “This Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines subject to the immediately succeeding paragraph: Provided, That the requirements of Section 5 are complied with.” Reference: Section 4, R.A. 10173
Who are covered Extraterritorial Application: The Law applies to an act done or practice engaged in and outside of the Philippines by an entity if: (a) The act, practice or processing relates to personal information about a Philippine citizen or a resident; Reference: Section 6, R.A. 10173
Who are covered Extraterritorial Application: The Law applies to an act done or practice engaged in and outside of the Philippines by an entity if: (b) The entity has a link with the Philippines, and the entity is processing personal information in the Philippines or even if the processing is outside the Philippines as long as it is about Philippine citizens or residents such as, but not limited to, the following: (1) A contract is entered in the Philippines; (2) A juridical entity unincorporated in the Philippines but has central management and control in the country; and (3) An entity that has a branch, agency, office or subsidiary in the Philippines and the parent or affiliate of the Philippine entity has access to personal information; Reference: Section 6, R.A. 10173
Who are covered Extraterritorial Application: The Law applies to an act done or practice engaged in and outside of the Philippines by an entity if: (c) The entity has other links in the Philippines such as, but not limited to: (1) The entity carries on business in the Philippines; and (2) The personal information was collected or held by an entity in the Philippines. Reference: Section 6, R.A. 10173
Who are not covered Excluded in Application: (a) Information about any individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual, including: (1) The fact that the individual is or was an officer or employee of the government institution; (2) The title, business address and office telephone number of the individual; (3) The classification, salary range and responsibilities of the position held by the individual; and (4) The name of the individual on a document prepared by the individual in the course of employment with the government; Reference: Section 4, R.A. 10173
Who are not covered Excluded in Application: (b) Information about an individual who is or was performing service under contract for a government institution that relates to the services performed, including the terms of the contract, and the name of the individual given in the course of the performance of those services; (c) Information relating to any discretionary benefit of a financial nature such as the granting of a license or permit given by the government to an individual, including the name of the individual and the exact nature of the benefit; (d) Personal information processed for journalistic, artistic, literary or research purposes; Reference: Section 4, R.A. 10173
Who are not covered Excluded in Application: (e) Information necessary in order to carry out the functions of public authority which includes the processing of personal data for the performance by the independent, central monetary authority and law enforcement and regulatory agencies of their constitutionally and statutorily mandated functions. Nothing in this Act shall be construed as to have amended or repealed Republic Act No. 1405, otherwise known as the Secrecy of Bank Deposits Act; Republic Act No. 6426, otherwise known as the Foreign Currency Deposit Act; and Republic Act No. 9510, otherwise known as the Credit Information System Act (CISA); (f) Information necessary for banks and other financial institutions under the jurisdiction of the independent, central monetary authority or Bangko Sentral ng Pilipinas to comply with Republic Act No. 9510, and Republic Act No. 9160, as amended, otherwise known as the Anti-Money Laundering Act and other applicable laws; and Reference: Section 4, R.A. 10173
How to Legally Process Personal Information
Data Privacy Principles In General: “The processing of personal information shall be allowed, subject to compliance with the requirements of this Act and other laws allowing disclosure of information to the public and adherence to the principles of transparency, legitimate purpose and proportionality.” Reference: Section 11, R.A. 10173
Data Privacy Principles Personal information must, be: (a) Collected for specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection, and later processed in a way compatible with such declared, specified and legitimate purposes only; (b) Processed fairly and lawfully; (c) Accurate, relevant and, where necessary for purposes for which it is to be used the processing of personal information, kept up to date; inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted; (d) Adequate and not excessive in relation to the purposes for which they are collected and processed; Reference: Section 11, R.A. 10173
Data Privacy Principles Personal information must, be: (e) Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law; and (f) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed: Provided, That personal information collected for other purposes may lie processed for historical, statistical or scientific purposes, and in cases laid down in law may be stored for longer periods: Provided, further, That adequate safeguards are guaranteed by said laws authorizing their processing. Reference: Section 11, R.A. 10173
Criteria: Lawful Processing The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists: (a) The data subject has given his or her consent; (b) The processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract; (c) The processing is necessary for compliance with a legal obligation to which the personal information controller is subject; (d) The processing is necessary to protect vitally important interests of the data subject, including life and health; (e) The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate; or (f) The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution. Reference: Section 12, R.A. 10173
Sensitive Personal Information and Privileged Information General Rule: The processing of sensitive personal information and privileged information shall be prohibited… Exceptions: (a) The data subject has given his or her consent, specific to the purpose prior to the processing, or in the case of privileged information, all parties to the exchange have given their consent prior to processing; (b) The processing of the same is provided for by existing laws and regulations: Provided, That such regulatory enactments guarantee the protection of the sensitive personal information and the privileged information: Provided, further, That the consent of the data subjects are not required by law or regulation permitting the processing of the sensitive personal information or the privileged information; Reference: Section 13, R.A. 10173
Sensitive Personal Information and Privileged Information Exceptions: (c) The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing; (d) The processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations: Provided, That such processing is only confined and related to the bona fide members of these organizations or their associations: Provided, further, That the sensitive personal information are not transferred to third parties: Provided, finally, That consent of the data subject was obtained prior to processing; Reference: Section 13, R.A. 10173
Sensitive Personal Information and Privileged Information Exceptions: (e) The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured; or (f) The processing concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority. Reference: Section 13, R.A. 10173
Summary 1) Processing of personal information is allowed – so long as it complies with the law. 2) As much as possible, consent should be obtained from the Data Subject for the processing of personal information. 3) The confidentiality, integrity, and availability of the personal information should be ensured. 4) Sensitive and personal information are prohibited – unless in exceptional cases. 5) Philippine Data Privacy Law has extraterritorial application and thus violations may be penalized even if done outside the Philippines.
Philippine Data Privacy Law Basics for Non-Lawyers Atty. Jericho B. Del Puerto SME Business Lawyer
Basic Data Privacy for Non Lawyers

Recommandé

Data privacy act
Data privacy actData privacy act
Data privacy actansherina erika dejan
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Jay Castillo
 
CEU DPA
CEU DPACEU DPA
CEU DPABERBERGRACEMARJORIE
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentationKittelson & Carpo Consulting
 
Data Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data SubjectData Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data SubjectJDP Consulting
 
Data Privacy - Penalties for Non-Compliance
Data Privacy - Penalties for Non-ComplianceData Privacy - Penalties for Non-Compliance
Data Privacy - Penalties for Non-ComplianceJDP Consulting
 

Recommandé

Data privacy act
Data privacy actData privacy act
Data privacy actansherina erika dejan
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Jay Castillo
 
CEU DPA
CEU DPACEU DPA
CEU DPABERBERGRACEMARJORIE
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentationKittelson & Carpo Consulting
 
Data Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data SubjectData Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data SubjectJDP Consulting
 
Data Privacy - Penalties for Non-Compliance
Data Privacy - Penalties for Non-ComplianceData Privacy - Penalties for Non-Compliance
Data Privacy - Penalties for Non-ComplianceJDP Consulting
 
Cybercrime law in the philippines
Cybercrime law in the philippinesCybercrime law in the philippines
Cybercrime law in the philippinesian_oguis
 
Data Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptxData Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptxCeresMargaretMangibi
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesjo bitonio
 
Data Privacy - Security of Personal Information
Data Privacy - Security of Personal InformationData Privacy - Security of Personal Information
Data Privacy - Security of Personal InformationJDP Consulting
 
Cybercrime law
Cybercrime lawCybercrime law
Cybercrime lawTearsome Llantada
 
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...REVULN
 
Republic Act 10175: Cybercrime Prevention Act of 2012
Republic Act 10175: Cybercrime Prevention Act of 2012Republic Act 10175: Cybercrime Prevention Act of 2012
Republic Act 10175: Cybercrime Prevention Act of 2012Michael Roa
 
Human Trafficking Law and the Safe Spaces Act.pptx
Human Trafficking Law and the Safe Spaces Act.pptxHuman Trafficking Law and the Safe Spaces Act.pptx
Human Trafficking Law and the Safe Spaces Act.pptxCharisseTomaro
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Ra 7610
Ra 7610Ra 7610
Ra 7610ma juna villasis
 
Bill of Rights Edit Version 2017
Bill of Rights Edit Version 2017Bill of Rights Edit Version 2017
Bill of Rights Edit Version 2017Lyceum of the Philippines University- Cavite
 
RA 6713
RA 6713RA 6713
RA 6713JaypeeRojas
 
The Philippine Cybercrime Prevention Act of 2012
The Philippine Cybercrime Prevention Act of 2012The Philippine Cybercrime Prevention Act of 2012
The Philippine Cybercrime Prevention Act of 2012Jim Ayson
 
ra6713
ra6713ra6713
ra6713LarlynErmoso
 
GDPR
GDPRGDPR
GDPRGopi PD
 
Bill of rights (lecture 4)
Bill of rights (lecture 4)Bill of rights (lecture 4)
Bill of rights (lecture 4)John Torres
 
ARTICLE III - Sections11-16
ARTICLE III - Sections11-16ARTICLE III - Sections11-16
ARTICLE III - Sections11-16tzeri_apple
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
Philippine Cyber-Libel
Philippine Cyber-LibelPhilippine Cyber-Libel
Philippine Cyber-LibelLawrence Villamar
 
REVISED Bill of Rights Part 1
REVISED Bill of Rights Part 1REVISED Bill of Rights Part 1
REVISED Bill of Rights Part 1Lyceum of the Philippines University- Cavite
 
Personal Data and Information Classification under Data Privacy Act of the Ph...
Personal Data and Information Classification under Data Privacy Act of the Ph...Personal Data and Information Classification under Data Privacy Act of the Ph...
Personal Data and Information Classification under Data Privacy Act of the Ph...ABLoveria
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxgentlejosh3161
 

Contenu connexe

Tendances

Cybercrime law in the philippines
Cybercrime law in the philippinesCybercrime law in the philippines
Cybercrime law in the philippinesian_oguis
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesjo bitonio
 
Data Privacy - Security of Personal Information
Data Privacy - Security of Personal InformationData Privacy - Security of Personal Information
Data Privacy - Security of Personal InformationJDP Consulting
 
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...REVULN
 
Republic Act 10175: Cybercrime Prevention Act of 2012
Republic Act 10175: Cybercrime Prevention Act of 2012Republic Act 10175: Cybercrime Prevention Act of 2012
Republic Act 10175: Cybercrime Prevention Act of 2012Michael Roa
 
Human Trafficking Law and the Safe Spaces Act.pptx
Human Trafficking Law and the Safe Spaces Act.pptxHuman Trafficking Law and the Safe Spaces Act.pptx
Human Trafficking Law and the Safe Spaces Act.pptxCharisseTomaro
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
The Philippine Cybercrime Prevention Act of 2012
The Philippine Cybercrime Prevention Act of 2012The Philippine Cybercrime Prevention Act of 2012
The Philippine Cybercrime Prevention Act of 2012Jim Ayson
 
Bill of rights (lecture 4)
Bill of rights (lecture 4)Bill of rights (lecture 4)
Bill of rights (lecture 4)John Torres
 
ARTICLE III - Sections11-16
ARTICLE III - Sections11-16ARTICLE III - Sections11-16
ARTICLE III - Sections11-16tzeri_apple
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 

Tendances (20)

Cybercrime law in the philippines
Cybercrime law in the philippinesCybercrime law in the philippines
Cybercrime law in the philippines
 
Data Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptxData Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptx
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperatives
 
Data Privacy - Security of Personal Information
Data Privacy - Security of Personal InformationData Privacy - Security of Personal Information
Data Privacy - Security of Personal Information
 
Cybercrime law
Cybercrime lawCybercrime law
Cybercrime law
 
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
 
Republic Act 10175: Cybercrime Prevention Act of 2012
Republic Act 10175: Cybercrime Prevention Act of 2012Republic Act 10175: Cybercrime Prevention Act of 2012
Republic Act 10175: Cybercrime Prevention Act of 2012
 
Human Trafficking Law and the Safe Spaces Act.pptx
Human Trafficking Law and the Safe Spaces Act.pptxHuman Trafficking Law and the Safe Spaces Act.pptx
Human Trafficking Law and the Safe Spaces Act.pptx
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Ra 7610
Ra 7610Ra 7610
Ra 7610
 
Bill of Rights Edit Version 2017
Bill of Rights Edit Version 2017Bill of Rights Edit Version 2017
Bill of Rights Edit Version 2017
 
RA 6713
RA 6713RA 6713
RA 6713
 
The Philippine Cybercrime Prevention Act of 2012
The Philippine Cybercrime Prevention Act of 2012The Philippine Cybercrime Prevention Act of 2012
The Philippine Cybercrime Prevention Act of 2012
 
ra6713
ra6713ra6713
ra6713
 
GDPR
GDPRGDPR
GDPR
 
Bill of rights (lecture 4)
Bill of rights (lecture 4)Bill of rights (lecture 4)
Bill of rights (lecture 4)
 
ARTICLE III - Sections11-16
ARTICLE III - Sections11-16ARTICLE III - Sections11-16
ARTICLE III - Sections11-16
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
Philippine Cyber-Libel
Philippine Cyber-LibelPhilippine Cyber-Libel
Philippine Cyber-Libel
 
REVISED Bill of Rights Part 1
REVISED Bill of Rights Part 1REVISED Bill of Rights Part 1
REVISED Bill of Rights Part 1
 

Similaire à Basic Data Privacy for Non Lawyers

Personal Data and Information Classification under Data Privacy Act of the Ph...
Personal Data and Information Classification under Data Privacy Act of the Ph...Personal Data and Information Classification under Data Privacy Act of the Ph...
Personal Data and Information Classification under Data Privacy Act of the Ph...ABLoveria
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxgentlejosh3161
 
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 20122019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012Maria Perkins
 
Memorandum on Protection of Personal Data
Memorandum on Protection of Personal DataMemorandum on Protection of Personal Data
Memorandum on Protection of Personal DataMelis Buhan Öncel
 
Data protection
Data protectionData protection
Data protectionjayne45
 
Hexagon presentation light.pptx
Hexagon presentation light.pptxHexagon presentation light.pptx
Hexagon presentation light.pptxPabRonaldCalanoc1
 
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...Dr. Oliver Massmann
 
ENVIRONMENT MANAGEMENT AND HUMAN RIGHTS.pptx
ENVIRONMENT MANAGEMENT AND HUMAN RIGHTS.pptxENVIRONMENT MANAGEMENT AND HUMAN RIGHTS.pptx
ENVIRONMENT MANAGEMENT AND HUMAN RIGHTS.pptxKuriakoseBaby1
 
Bmc pio by shailesh gandhi
Bmc pio by shailesh gandhiBmc pio by shailesh gandhi
Bmc pio by shailesh gandhiDr Rita
 
Rti beginners 5 nov '12 by shailesh gandhi
Rti beginners 5 nov '12 by shailesh gandhiRti beginners 5 nov '12 by shailesh gandhi
Rti beginners 5 nov '12 by shailesh gandhiDr Rita
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
Senate bill 1733 salient points
Senate bill 1733 salient pointsSenate bill 1733 salient points
Senate bill 1733 salient pointsErnesto Neri
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...Dr. Oliver Massmann
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityEmerson Bryan
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxssuser36d167
 

Similaire à Basic Data Privacy for Non Lawyers (20)

Personal Data and Information Classification under Data Privacy Act of the Ph...
Personal Data and Information Classification under Data Privacy Act of the Ph...Personal Data and Information Classification under Data Privacy Act of the Ph...
Personal Data and Information Classification under Data Privacy Act of the Ph...
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
 
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 20122019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
 
Memorandum on Protection of Personal Data
Memorandum on Protection of Personal DataMemorandum on Protection of Personal Data
Memorandum on Protection of Personal Data
 
China-PIPL.pdf
China-PIPL.pdfChina-PIPL.pdf
China-PIPL.pdf
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
Data protection
Data protectionData protection
Data protection
 
Hexagon presentation light.pptx
Hexagon presentation light.pptxHexagon presentation light.pptx
Hexagon presentation light.pptx
 
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
 
ENVIRONMENT MANAGEMENT AND HUMAN RIGHTS.pptx
ENVIRONMENT MANAGEMENT AND HUMAN RIGHTS.pptxENVIRONMENT MANAGEMENT AND HUMAN RIGHTS.pptx
ENVIRONMENT MANAGEMENT AND HUMAN RIGHTS.pptx
 
Bmc pio by shailesh gandhi
Bmc pio by shailesh gandhiBmc pio by shailesh gandhi
Bmc pio by shailesh gandhi
 
Rti beginners 5 nov '12 by shailesh gandhi
Rti beginners 5 nov '12 by shailesh gandhiRti beginners 5 nov '12 by shailesh gandhi
Rti beginners 5 nov '12 by shailesh gandhi
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
 
Senate bill 1733 salient points
Senate bill 1733 salient pointsSenate bill 1733 salient points
Senate bill 1733 salient points
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
 

Plus de JDP Consulting

Data Privacy- Security of Sensitive Personal Information
Data Privacy- Security of Sensitive Personal InformationData Privacy- Security of Sensitive Personal Information
Data Privacy- Security of Sensitive Personal InformationJDP Consulting
 
Philippine Franchising Law
Philippine Franchising LawPhilippine Franchising Law
Philippine Franchising LawJDP Consulting
 
What is Control in Contracting and Subcontracting?
What is Control in Contracting and Subcontracting?What is Control in Contracting and Subcontracting?
What is Control in Contracting and Subcontracting?JDP Consulting
 
DOLE D.O. 174-17 vs. DOLE D.O. 18-A-11
DOLE D.O. 174-17 vs. DOLE D.O. 18-A-11DOLE D.O. 174-17 vs. DOLE D.O. 18-A-11
DOLE D.O. 174-17 vs. DOLE D.O. 18-A-11JDP Consulting
 
Special Leave for Women
Special Leave for WomenSpecial Leave for Women
Special Leave for WomenJDP Consulting
 
Service Incentive Leave
Service Incentive LeaveService Incentive Leave
Service Incentive LeaveJDP Consulting
 
Night Shift Differential Pay
Night Shift Differential PayNight Shift Differential Pay
Night Shift Differential PayJDP Consulting
 

Plus de JDP Consulting (20)

Data Privacy- Security of Sensitive Personal Information
Data Privacy- Security of Sensitive Personal InformationData Privacy- Security of Sensitive Personal Information
Data Privacy- Security of Sensitive Personal Information
 
Philippine Franchising Law
Philippine Franchising LawPhilippine Franchising Law
Philippine Franchising Law
 
Unfair Labor Practice
Unfair Labor PracticeUnfair Labor Practice
Unfair Labor Practice
 
DOLE D.O. 147-15
DOLE D.O. 147-15DOLE D.O. 147-15
DOLE D.O. 147-15
 
What is Control in Contracting and Subcontracting?
What is Control in Contracting and Subcontracting?What is Control in Contracting and Subcontracting?
What is Control in Contracting and Subcontracting?
 
DOLE D.O. 174-17 vs. DOLE D.O. 18-A-11
DOLE D.O. 174-17 vs. DOLE D.O. 18-A-11DOLE D.O. 174-17 vs. DOLE D.O. 18-A-11
DOLE D.O. 174-17 vs. DOLE D.O. 18-A-11
 
Pag-IBIG Benefits
Pag-IBIG BenefitsPag-IBIG Benefits
Pag-IBIG Benefits
 
SSS Benefits
SSS BenefitsSSS Benefits
SSS Benefits
 
PhilHealth Benefits
PhilHealth BenefitsPhilHealth Benefits
PhilHealth Benefits
 
ECC Benefits
ECC BenefitsECC Benefits
ECC Benefits
 
Retirement Pay
Retirement PayRetirement Pay
Retirement Pay
 
Separation Pay
Separation PaySeparation Pay
Separation Pay
 
13th Month Pay
13th Month Pay13th Month Pay
13th Month Pay
 
Special Leave for Women
Special Leave for WomenSpecial Leave for Women
Special Leave for Women
 
VAWC Leave
VAWC LeaveVAWC Leave
VAWC Leave
 
Solo Parental Leave
Solo Parental LeaveSolo Parental Leave
Solo Parental Leave
 
Paternity Leave
Paternity LeavePaternity Leave
Paternity Leave
 
Service Incentive Leave
Service Incentive LeaveService Incentive Leave
Service Incentive Leave
 
Service Charges
Service ChargesService Charges
Service Charges
 
Night Shift Differential Pay
Night Shift Differential PayNight Shift Differential Pay
Night Shift Differential Pay
 

Dernier

Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersJillianAsdala
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理bd2c5966a56d
 
Hely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdfHely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdfBritto Valan
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Nilendra Kumar
 
一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理Airst S
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理Airst S
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理Airst S
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理Airst S
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxfilippoluciani9
 
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...Sangyun Lee
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理ss
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategyJong Hyuk Choi
 
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理Fir La
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYJulian Scutts
 
Career As Legal Reporters for Law Students
Career As Legal Reporters for Law StudentsCareer As Legal Reporters for Law Students
Career As Legal Reporters for Law StudentsNilendra Kumar
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxelysemiller87
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxadvabhayjha2627
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理Airst S
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理e9733fc35af6
 

Dernier (20)

Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
 
Hely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdfHely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdf
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.
 
一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
 
Career As Legal Reporters for Law Students
Career As Legal Reporters for Law StudentsCareer As Legal Reporters for Law Students
Career As Legal Reporters for Law Students
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptx
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
 

Basic Data Privacy for Non Lawyers

  • 3. Data Privacy Data Privacy refers to the act of protecting the integrity, confidentiality, and availability of personal information that are collected, stored, and processed. • Data Privacy is also known as information privacy. To ensure Data Privacy, the Philippines passed into Republic Act No. 10173 or the Data Privacy Act of 2012.
  • 4. Policy behind the Law Declaration of Policy: “It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.” Reference: Section 2, R.A. 10173
  • 5. Who are covered Scope of Application: “This Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines subject to the immediately succeeding paragraph: Provided, That the requirements of Section 5 are complied with.” Reference: Section 4, R.A. 10173
  • 6. Who are covered Extraterritorial Application: The Law applies to an act done or practice engaged in and outside of the Philippines by an entity if: (a) The act, practice or processing relates to personal information about a Philippine citizen or a resident; Reference: Section 6, R.A. 10173
  • 7. Who are covered Extraterritorial Application: The Law applies to an act done or practice engaged in and outside of the Philippines by an entity if: (b) The entity has a link with the Philippines, and the entity is processing personal information in the Philippines or even if the processing is outside the Philippines as long as it is about Philippine citizens or residents such as, but not limited to, the following: (1) A contract is entered in the Philippines; (2) A juridical entity unincorporated in the Philippines but has central management and control in the country; and (3) An entity that has a branch, agency, office or subsidiary in the Philippines and the parent or affiliate of the Philippine entity has access to personal information; Reference: Section 6, R.A. 10173
  • 8. Who are covered Extraterritorial Application: The Law applies to an act done or practice engaged in and outside of the Philippines by an entity if: (c) The entity has other links in the Philippines such as, but not limited to: (1) The entity carries on business in the Philippines; and (2) The personal information was collected or held by an entity in the Philippines. Reference: Section 6, R.A. 10173
  • 9. Who are not covered Excluded in Application: (a) Information about any individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual, including: (1) The fact that the individual is or was an officer or employee of the government institution; (2) The title, business address and office telephone number of the individual; (3) The classification, salary range and responsibilities of the position held by the individual; and (4) The name of the individual on a document prepared by the individual in the course of employment with the government; Reference: Section 4, R.A. 10173
  • 10. Who are not covered Excluded in Application: (b) Information about an individual who is or was performing service under contract for a government institution that relates to the services performed, including the terms of the contract, and the name of the individual given in the course of the performance of those services; (c) Information relating to any discretionary benefit of a financial nature such as the granting of a license or permit given by the government to an individual, including the name of the individual and the exact nature of the benefit; (d) Personal information processed for journalistic, artistic, literary or research purposes; Reference: Section 4, R.A. 10173
  • 11. Who are not covered Excluded in Application: (e) Information necessary in order to carry out the functions of public authority which includes the processing of personal data for the performance by the independent, central monetary authority and law enforcement and regulatory agencies of their constitutionally and statutorily mandated functions. Nothing in this Act shall be construed as to have amended or repealed Republic Act No. 1405, otherwise known as the Secrecy of Bank Deposits Act; Republic Act No. 6426, otherwise known as the Foreign Currency Deposit Act; and Republic Act No. 9510, otherwise known as the Credit Information System Act (CISA); (f) Information necessary for banks and other financial institutions under the jurisdiction of the independent, central monetary authority or Bangko Sentral ng Pilipinas to comply with Republic Act No. 9510, and Republic Act No. 9160, as amended, otherwise known as the Anti-Money Laundering Act and other applicable laws; and Reference: Section 4, R.A. 10173
  • 12. How to Legally Process Personal Information
  • 13. Data Privacy Principles In General: “The processing of personal information shall be allowed, subject to compliance with the requirements of this Act and other laws allowing disclosure of information to the public and adherence to the principles of transparency, legitimate purpose and proportionality.” Reference: Section 11, R.A. 10173
  • 14. Data Privacy Principles Personal information must, be: (a) Collected for specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection, and later processed in a way compatible with such declared, specified and legitimate purposes only; (b) Processed fairly and lawfully; (c) Accurate, relevant and, where necessary for purposes for which it is to be used the processing of personal information, kept up to date; inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted; (d) Adequate and not excessive in relation to the purposes for which they are collected and processed; Reference: Section 11, R.A. 10173
  • 15. Data Privacy Principles Personal information must, be: (e) Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law; and (f) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed: Provided, That personal information collected for other purposes may lie processed for historical, statistical or scientific purposes, and in cases laid down in law may be stored for longer periods: Provided, further, That adequate safeguards are guaranteed by said laws authorizing their processing. Reference: Section 11, R.A. 10173
  • 16. Criteria: Lawful Processing The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists: (a) The data subject has given his or her consent; (b) The processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract; (c) The processing is necessary for compliance with a legal obligation to which the personal information controller is subject; (d) The processing is necessary to protect vitally important interests of the data subject, including life and health; (e) The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate; or (f) The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution. Reference: Section 12, R.A. 10173
  • 17. Sensitive Personal Information and Privileged Information General Rule: The processing of sensitive personal information and privileged information shall be prohibited… Exceptions: (a) The data subject has given his or her consent, specific to the purpose prior to the processing, or in the case of privileged information, all parties to the exchange have given their consent prior to processing; (b) The processing of the same is provided for by existing laws and regulations: Provided, That such regulatory enactments guarantee the protection of the sensitive personal information and the privileged information: Provided, further, That the consent of the data subjects are not required by law or regulation permitting the processing of the sensitive personal information or the privileged information; Reference: Section 13, R.A. 10173
  • 18. Sensitive Personal Information and Privileged Information Exceptions: (c) The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing; (d) The processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations: Provided, That such processing is only confined and related to the bona fide members of these organizations or their associations: Provided, further, That the sensitive personal information are not transferred to third parties: Provided, finally, That consent of the data subject was obtained prior to processing; Reference: Section 13, R.A. 10173
  • 19. Sensitive Personal Information and Privileged Information Exceptions: (e) The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured; or (f) The processing concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority. Reference: Section 13, R.A. 10173
  • 20. Summary 1) Processing of personal information is allowed – so long as it complies with the law. 2) As much as possible, consent should be obtained from the Data Subject for the processing of personal information. 3) The confidentiality, integrity, and availability of the personal information should be ensured. 4) Sensitive and personal information are prohibited – unless in exceptional cases. 5) Philippine Data Privacy Law has extraterritorial application and thus violations may be penalized even if done outside the Philippines.
  • 21. Philippine Data Privacy Law Basics for Non-Lawyers Atty. Jericho B. Del Puerto SME Business Lawyer