Untitled Quiz

Questions and Answers

What types of personal information does this Act apply to?

Personal information from foreign jurisdictions only

All types of personal information processed by entities in the Philippines (correct)

Only financial information under specific laws

Only information about government employees

Which of the following is NOT included under the exceptions of this Act?

Information regarding private company employees (correct)

Information necessary for compliance with banking laws

Personal information of government officials related to their roles

Personal data originally collected from foreign residents

Which right is NOT explicitly listed as a general right of data subjects?

Right to ACCESS

Right to DELETE (correct)

Right to CORRECT

Right to INFORMATION

What does the Act state regarding non-resident entities using equipment in the Philippines?

They must comply with the regulations outlined in the Act (B)

Which piece of information about government employees is included under the exceptions of the Act?

Their job titles and responsibilities (D)

What is a Personal Information Controller?

A person or organization that controls the collection and use of personal information. (B)

Which condition allows government employees access to sensitive information?

Employees must have received security clearance. (B)

Which of the following is NOT classified as sensitive personal information?

A grocery list for personal household use. (B)

When can personal information be transported or accessed offsite?

If a request for offsite access is approved. (A)

What must agreements for sharing data provide?

Adequate safeguards for data subjects' rights. (D)

Flashcards

Sensitive Personal Information

Information about an individual's race, religion, health, education, genetics, sexual life, or any legal actions. It also includes uniquely identifying information by government agencies, such as social security numbers, and classified data.

Personal Information Controller

The person or organization who decides how and why personal information is collected, held, used, processed, or transferred.

Data Subject

The individual whose personal information is being collected, processed, or used

Data Sharing Agreement

A legally binding agreement, scrutinized by a national privacy commission, that must include adequate protections for people's rights when data is shared.

Personal Information Processor

A person or organization that processes personal information on behalf of the controller. Excludes those that only follow instruction.

Scope of the Act

This Act covers the processing of all types of personal information by any person involved in processing, including those located outside the Philippines but using Philippine-based equipment or having an office there.

Exclusions from the Act's Scope

The Act does not apply to certain types of information, such as information about government employees related to their job, information for banks complying with anti-money laundering laws, or personal information collected from foreign residents under foreign laws and processed in the Philippines.

Government Employee Data

Information about a government employee, including their title, contact information, duties, and presence as an employee, is excluded.

Bank and Financial Information

Information needed for compliance with anti-money laundering laws and other financial regulations by banks and related institutions is exempted.

Foreign Data Processed in the Philippines

Personal information originally collected from foreign residents under their local laws and processed in the Philippines isn't governed by this specific Act.

Study Notes

Data Privacy Act of 2012 (RA 10173)

• An act protecting personal information in government and private sectors
• Creates a National Privacy Commission
• Responsible agencies: Department of Information and Communications Technology, National Privacy Commission

Data Privacy Act of 2012 (DPA) - Key Provisions

• General Provisions

• The National Privacy Commission

• Processing of Personal Information

• Rights of the Data Subject

• Security of Personal Information

• Accountability for Transfer of Personal Information

• Security of Sensitive Personal Information in Government

• Penalties

• Miscellaneous Provisions

• Scope (slide 1 of 5) – Excludes various types of information

• Scope (slide 2 of 5) – Information about government officials, employees

• Scope (slide 3 of 5) – Information on individuals performing services under contract for government institutions

• Scope (slide 4 of 5) – Personal information processed for journalistic, artistic, literary or research purposes

• Scope (slide 5 of 5) – Information necessary for banks

Data Privacy Act of 2012 (DPA) - General Rights of Data Subjects

• Right to information
• Right to access
• Right to correct
• Right to remove
• Right to damages
• Right to data portability

Data Privacy Act of 2012 (DPA) - General Rights of Data Subjects - Exceptions

• Processed personal information used for scientific or statistical research
• Processing of personal information related to criminal, administrative or tax liabilities

Data Processing and Consent

• Collection of personal data must be declared and specified
• Consent is required for all personal data collection
• Data subject must be informed about data processing extent and purpose
• Consent is not required for fulfilling contractual agreements
• Consent is not required in cases of data subject protection

Sensitive Personal Information

• The law defines sensitive personal information (Includes race, ethnicity, marital status, gender, religion, political affiliation, health, etc.)
• Processing prohibited except in certain circumstances
• Consent of the data subject where required
• Security of sensitive personal info in government

Personal Information Controllers

• The term refers to someone who controls collection, holding, processing or use of personal information
• Excludes persons performing functions as instructed
• Individuals collecting information for personal use

Penalties for violations of the DPA

• Fines ranging from $2,000 to $100,000
• Imprisonment from 1 year to 6 years

Benefits of Technology

• Easier access to medical information, improved patient relationships
• Faster results for medical testing
• Better treatments and equipment

Challenges of Technology

• Interoperability issues
• Keeping up with outdated technology
• Difficult user interfaces - Difficult user interfaces
• Exacerbating Malpractice Claims

Current Technology Issues and Dilemmas

• Privacy and confidentiality: Controlling access to health information - Security measures to protect data integrity
• Security breaches: Firewalls, antivirus software needed to protect data integrity