Podcast Beta
Questions and Answers
What is the primary role of a Personal Information Controller (PIC)?
Which type of information is classified as Sensitive Personal Information?
What could be a consequence for individuals found liable for data privacy violations?
Which of the following is NOT a type of social engineering attack?
Signup and view all the answers
Which category of information requires higher protection due to its sensitive nature?
Signup and view all the answers
Who is described as a 'data subject'?
Signup and view all the answers
What does the term 'processing' refer to in the context of personal data?
Signup and view all the answers
Which of the following is an example of Privileged Personal Information?
Signup and view all the answers
What significant change began around 1870 in the Industrial Revolution?
Signup and view all the answers
What is a primary focus of the Data Privacy Act of 2012 in the Philippines?
Signup and view all the answers
Which organization was inaugurated on March 7, 2016, related to data privacy in the Philippines?
Signup and view all the answers
Which of the following best defines 'data privacy'?
Signup and view all the answers
What notable event related to the National Privacy Commission occurred in May 2016?
Signup and view all the answers
What distinguishes Industry 4.0 from previous industrial phases?
Signup and view all the answers
Which of the following describes a key aspect of the New Normal?
Signup and view all the answers
What does 'monetization path' refer to in the context provided?
Signup and view all the answers
What information must the personal information controller provide to the data subject regarding their personal data?
Signup and view all the answers
Under what circumstance can personal data be processed without the consent of the data subject?
Signup and view all the answers
What right allows the data subject to obtain a copy of their data in a structured format?
Signup and view all the answers
Which of the following actions can a data subject take concerning their personal data under the right to erasure?
Signup and view all the answers
What should a personal information controller do after correcting any inaccuracies in a data subject's personal data?
Signup and view all the answers
What is required for the data subject to object to the processing of their personal data?
Signup and view all the answers
When might a personal information controller process data without consent even if it is not legally obligated?
Signup and view all the answers
Which of the following is NOT a reason a data subject can request the rectification of their personal data?
Signup and view all the answers
What is the role of a Personal Information Processor (PIP)?
Signup and view all the answers
Which principle ensures that data subjects are aware of how their data will be processed?
Signup and view all the answers
What does the principle of Proportionality emphasize in data collection?
Signup and view all the answers
What is one right of a data subject according to RA 10173?
Signup and view all the answers
What must occur before the collection of personal data?
Signup and view all the answers
What information should the data subject receive before their data is processed?
Signup and view all the answers
Which of the following is NOT a right of a data subject?
Signup and view all the answers
What is included in an Information and Communications System?
Signup and view all the answers
Study Notes
Jonathan M. Santiago
- Jonathan M. Santiago is a certified Data Protection Officer (DPO) and Cybersecurity Professional.
- He holds an MBA and is currently pursuing a Master's degree in Information Technology.
- He is actively involved in various organizations, including the National Privacy Commission, Philippine Institute of Cyber Security Professionals, and Organization of Data Privacy Professionals.
- He serves as the President of the Organization of Data Privacy Professionals and Deputy Data Protection Officer at Baliuag University.
Industrial Revolutions
- Industry 1.0 (1784): Mechanization, steam power, and the weaving loom were introduced marking the beginning of the Industrial Revolution.
- Industry 2.0 (1870): Mass production, assembly lines, and electrical energy transformed manufacturing processes.
- Industry 3.0 (1969): Automation, computers, and electronics ushered in a new era of technological advancements.
- Industry 4.0 (Present): Cyber-physical systems, the Internet of Things, and interconnected networks define the current industrial landscape.
New Normal
- The "new normal" encompasses changes brought about by the pandemic, such as remote learning, virtual events, work-from-home arrangements, and telehealth services.
RA 10173: Data Privacy Act of 2012 (Philippines)
- The Data Privacy Act of 2012 (RA 10173) was signed by President Benigno S. Aquino III on August 15, 2012 to protect the fundamental human right to privacy while promoting information flow for innovation and growth.
-
Key Dates:
- March 7, 2016: The National Privacy Commission (NPC) was inaugurated.
- August 24, 2016: The Implementing Rules and Regulations (IRR) of the Data Privacy Act were signed.
- September 9, 2016: The IRR took effect.
- The NPC investigated the Commission on Elections (COMELEC) in 2016 and 2017 for data breaches involving voter information.
- New commissioners were appointed to the NPC, with Atty. John Henry D. Naga as Privacy Commissioner and Chairman, from December 5, 2019 to present.
Data Privacy Concepts
- Privacy: The right to be left alone.
- Data Privacy: An individual's right to the protection of their personal information.
-
Monetization Paths: Data privacy can facilitate monetization through:
- Defining, creating, or analyzing efficiencies or outputs.
- Creating new services and products.
- Creating new markets.
Core Areas of Data Privacy
- Protecting individual personal data.
- Information and communications systems.
- Government and the private sector.
- National Privacy Commission.
Penalties
- Fines and imprisonment are imposed for violating the Data Privacy Act.
- Individuals and responsible employees or officers of companies can be held liable.
Social Engineering Attacks
- Common social engineering attacks include smishing attacks, phishing attacks, hacking, and scams.
Data Subject
- A data subject is an individual whose personal, sensitive personal, or privileged information is processed.
Personal Information
- Information, in any form, from which an individual's identity can be directly or reasonably ascertained by the entity holding the information.
Sensitive Personal Information
- Information about an individual's race, ethnic origin, marital status, age, color, religious, philosophical, or political affiliations; health, education, genetic or sexual life; or legal proceedings for offenses committed or alleged to have been committed.
Privileged Personal Information (PPI)
- Information that is accorded a higher level of protection due to its sensitive nature. Includes:
- Communications: Such as privileged attorney-client communications or doctor-patient confidentiality.
- Trade Secrets: Proprietary information critical to a company’s competitive advantage.
- Journalistic Sources: Information that identifies sources of journalistic, literary, or artistic work.
Processing
- Any operation performed on personal data, including collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction.
Personal Information Controller (PIC)
- The person or organization that controls or processes the data.
Personal Information Processor (PIP)
- A natural or juridical person to whom a PIC outsources the processing of personal data.
Data Processing Systems
- The structure and procedure for collecting and processing personal data in an information and communications system or filing system.
Information & Communications System
- A system for generating, sending, receiving, storing, or processing electronic data messages or documents, including the computer system or device used for recording, transmitting, or storing data.
Data Privacy Principles
- Transparency: Data subjects must be informed about the nature, purpose, and extent of processing.
- Legitimate Purpose: Processing must be compatible with a declared and specified purpose.
- Proportionality: Only necessary and proportionate data should be collected.
Rights of a Data Subject
- Right to be Informed: The data subject has the right to be informed about how their personal information is being processed.
- Right to Access: The data subject has the right to access their personal data, including its source, recipients, and modification history.
- Right to Object: The data subject has the right to object to the processing of their personal information, including processing for direct marketing or automated processing.
- Right to Erasure or Blocking: The data subject has the right to request the deletion or removal of inaccurate, outdated, or unlawfully obtained data.
- Right to Data Portability: The data subject has the right to obtain a copy of their personal data in a readily usable format.
- Right to Rectify: The data subject has the right to dispute and rectify any inaccuracies or errors in their data held by the PIC.
Other Key Points
- Data Privacy Act of 2012 (RA 10173) in the Philippines is a landmark law that establishes policies and regulations for protecting personal information.
- National Privacy Commission (NPC) is the independent body responsible for enforcing the Data Privacy Act.
- Understanding data privacy principles and rights is crucial for individuals, organizations, and government agencies in the Philippines.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Explore the four major industrial revolutions that have transformed manufacturing and technology from 1784 to the present. This quiz covers key innovations such as mechanization, mass production, automation, and the rise of cyber-physical systems. Test your knowledge on how these changes have shaped modern industry.