Documente Academic
Documente Profesional
Documente Cultură
Government
Ivy D. Patdu, MD, JD
Deputy Privacy Commissioner
NATIONAL PRIVACY COMMISSION
Right to Privacy
01
11
00
00
01
10
00
01
01
11
01
00
01
10
01
00
01
11
01
01
Which of the Following will you be willing to share 01
11
with someone you just met? 00
00
01
Credit 10
Home
Address Diary Card
Billing
00
01
Statement
01
11
01
00
01
10
01
00
Browsing Phone Facebook
History Messages Password 01
11
01
01
WHO IS WATCHING YOU?
01
11
00
00
01
10
00
01
01
11
01
00
01
10
01
00
01
What can you “buy” with your personal data? 11
01
01
01
11
00
00
generated only in 01
11
01
10
01
00
01
SINTEF, Big Data, for better or worse: 90% of world's data generated over 11
last two years (May 22, 2013) available at
01
https://www.sciencedaily.com/releases/2013/05/130522085217.htm (last
accessed Dec. 27, 2016). 01
“In this digital era,
information is the
currency of power
– valuable,
coveted, but at a
very high risk.”
-Senator Edgardo Angara,
sponsorship speech
for the Data Privacy Act
RIGHT TO INFORMATION PRIVACY
01
11
00
00
01
Data Privacy Act applies to the processing of personal data by any 11
01
natural and juridical person in the government or private sector. 01
Which are personal data?
01
11
00
00
D. 01
A. “Man born on June 19, 10
00
1861” 01
B. “Philippine national
01
11
1861” 01
10
C. “Jose Protacio Rizal” 01
00
01
11
Jose Rizal, available at 01
https://en.wikipedia.org/wiki/Jos%C3%A9_Rizal
01
Data
Privacy
DATA Principles
PRIVACY Security
Measures
ACT Uphold
Rights of
Data Subject
01110000
01100001
01110100
01100100
01110101
LEGITIMATE PURPOSE
PROPORTIONALITY
Rights of Data Subjects 01
11
00
00
1. Right to Information 01
2. Right to Object 10
00
3. Right to Access 01
4. Right to Correct 01
11
5. Right to Erase
01
00
6. Right to Damages 01
10
7. Right to Data Portability 01
00
8. Right to File a Complaint
01
11
01
01
01
11
00
CLEAR
00
01
10
00
01
01
• CONSENT refers to any freely given, specific, informed 11
indication of will, whereby the data subject agrees to 01
00
the collection and processing of personal information
about and/or relating to him or her 01
10
TAXES 00
01
10
00
01
necessary.
01
00
01
10
01
00
01
11
01
01
So, you
want to buy a Application to Buy a Dog 01
11
dog?
• Name:_____________ 00
Fill in the form 00
please. • Birthday:___________ 01
• Address:___________ 10
00
01
• TIN No.:____________
01
• SSS No.:____________ 11
01
• PRC ID No.:__________ 00
01100001
01110100
01100100
01110101
SECURITY MEASURES
SECURITY MEASURES
01110000
01100001
01110100
01100100
01110101
ORGANIZATIONAL SECURITY
MEASURES
Data Protection Officer
01
11
00
00
practices 01
11
• Understanding of the 01
processing operations
00
MANUAL 00
00
01100001
01110100
01100100
01110101
01
10
00
01
01
11
01
00
01
10
01
00
01
11
Innovative Electronic Medical Record System Expands in Malawi (2014) available at 01
http://www.cdc.gov/globalaids/success-stories/innovativemalawi.html (last accessed June 20, 2016). 01
http://www.scmp.com/news/hong-kong/politics/article/2082566/laptops-containing-37-million-hong-kong-
voters-data-stolen
Secure against
natural
disasters,
power
disturbances,
external access,
and other
similar threats.
01100001
01110100
01100100
01110101
01
• There is a need for 10
00
security measures that 01
can easily be 01
implemented to 11
01
strengthen data 00
processing systems. 01
10
01
00
01
11
01
01
Available at http://thehackernews.com/2017/01/ransomware-hotel-smart-lock.html
Technical Security Measures
INCIDENT
SECURITY POLICY SAFEGUARDS: RESPONSE,
SYSTEM MONITORING ENCRYPTION, CORRECT AND
AUTHENTICATION MITIGATE BREACH,
PROCESS RESTORE SYSTEM
01
What should the notification contain? 11
00
00
01
1. Nature of breach 10
00
2. Personal data involved 01
3. Measures taken by the entity to address 01
breach 11
01
4. Measures taken to reduce harm or 00
consequences of breach
01
5. Representatives of PIC from whom the 10
data subjects can inquire about the 01
situation 00
6. Assistance to be provided 01
11
01
01
01110000
01100001
01110100
01100100
01110101
WHY SHOULD PERSONAL
DATA BE PROTECTED?
CRIME IMPRISO FINE 01
NMENT 11
00
Processing of Processing information when purpose not 1yr 6mos Php500,000 to 00
Personal/Sensitive authorized – Php2,000,000
Information for 7 years 01
10
Unauthorized Purpose
00
Access to Persons who provide access due to negligence 1-6 years Php500,000 to 01
Personal/Sensitive shall be liable Php4,000,000
01
Information due to 11
Negligence 01
00
Concealment of Security Duty to notify Privacy Commission in case of 1yr 6mos Php500,000 to
Breach breach – Php1,000,000 01
5 years 10
01
Improper Disposal Negligently dispose, discard or abandon 6 months Php 100,000 to 00
personal data of an in an area accessible to – 3 years Php 1,000,000
the public or placed in its container for trash 01
collection. 11
01
01
Available at https://www.avvo.com/legal-answers/can-i-sue-my-bank-for-privacy-violation---748378.html
Four people nabbed in Recto for 01
11
01
10
00
01
01
11
01
00
01
10
01
00
01
11
01
Gerg Cahiles, CNN Philippines, Four people nabbed in Recto for producing counterfeit documents, available at 01
http://cnnphilippines.com/incoming/2017/02/16/Four-people-nabbed-in-Recto-for-producing-counterfeit-documents.html (accessed Mar. 25, 2017)
Blacklisted workers win
£10m payout from
construction firms
“During 2008/09 the ICO carried out an
investigation into employment
blacklisting in the construction industry.
As part of that investigation, the ICO
seized information from a company
called The Consulting Association. Some
of the information we seized amounted
to a 'blacklist' of individuals who were
considered to pose a risk to their
employers if employed within the
construction industry.”
1. Terry Macalister, Blacklisted workers win £10m payout from construction firms (May 9, 2016) available at
https://www.theguardian.com/business/2016/may/09/blacklisted-workers-win-10m-payout-from-construction-firms (last accessed 2/21/17).
2. Information Commissioner’s Office, Blacklist, available at https://ico.org.uk/for-the-public/construction-blacklist/ (last accessed 2/21/17).
01
11
00
00
01
10
00
01
01
11
01
Cybercrime-based attacks remain the number one cause 00
Human Dignity 00
00
01
Unauthorized use or 10
00
disclosure may put data 01
subjects. 01
11
01
01
01
11
00
00
01
10
00
01
01
https://securityintelligence.com/government-data-woes-2016-compromised-records-surpass-total-for-last-three-years-combined/ last accessed 4/1/2017 11
01
01
https://securityintelligence.com/government-data-woes-2016-compromised-records-
surpass-total-for-last-three-years-combined/ last accessed 4/1/2017
01
GOVERNMENT GOAL
11
00
00
01
10
00
Benefits 01
01
11
01
00
01
Harms
10
01
00
01
11
01
01
National Privacy 01
11
Commission
16-01 SECURITY OF PERSONAL 00
00
DATA IN GOVERNMENT
AGENCIES
Issuances 01
10
00
01
01
10
01
16-04 RULES OF PROCEDURE OF 00
16-03 PERSONAL DATA BREACH
THE NATIONAL PRIVACY
MANAGEMENT 01
COMMISSION
11
01
01
In August, 2016, in a report titled “Data Danger 01
Zones”, the Philippines is ranked as No. 143 out of over 11
00
170 nations evaluated on the ability “to keep digital 00
information safe, private and secure. 01
10
00
01
01
11
01
00
01
10
01
00
01
Available at http://www.telecomasia.net/content/only-four-asian-nations-safe-data-storage 11
01
01
01
11
00
00
01
10
00
01
01
11
01
00
01
01
10
00
01
01
11
01
00
01
10
01
00
01
Source of picture: available at http://www.pmcgregor.com/building-habits-keeping-them/ 11
01
01
Thank
you!