Untitled Quiz

Questions and Answers

What types of personal information does this Act apply to?

Personal information from foreign jurisdictions only

All types of personal information processed by entities in the Philippines (correct)

Only financial information under specific laws

Only information about government employees

Which of the following is NOT included under the exceptions of this Act?

Information regarding private company employees (correct)

Information necessary for compliance with banking laws

Personal information of government officials related to their roles

Personal data originally collected from foreign residents

Which right is NOT explicitly listed as a general right of data subjects?

Right to ACCESS

Right to DELETE (correct)

Right to CORRECT

Right to INFORMATION

What does the Act state regarding non-resident entities using equipment in the Philippines?

They must comply with the regulations outlined in the Act

Which piece of information about government employees is included under the exceptions of the Act?

Their job titles and responsibilities

What is a Personal Information Controller?

A person or organization that controls the collection and use of personal information.

Which condition allows government employees access to sensitive information?

Employees must have received security clearance.

Which of the following is NOT classified as sensitive personal information?

A grocery list for personal household use.

When can personal information be transported or accessed offsite?

If a request for offsite access is approved.

What must agreements for sharing data provide?

Adequate safeguards for data subjects' rights.

Study Notes

Data Privacy Act of 2012 (RA 10173)

• An act protecting personal information in government and private sectors
• Creates a National Privacy Commission
• Responsible agencies: Department of Information and Communications Technology, National Privacy Commission

Data Privacy Act of 2012 (DPA) - Key Provisions

• General Provisions

• The National Privacy Commission

• Processing of Personal Information

• Rights of the Data Subject

• Security of Personal Information

• Accountability for Transfer of Personal Information

• Security of Sensitive Personal Information in Government

• Penalties

• Miscellaneous Provisions

• Scope (slide 1 of 5) – Excludes various types of information

• Scope (slide 2 of 5) – Information about government officials, employees

• Scope (slide 3 of 5) – Information on individuals performing services under contract for government institutions

• Scope (slide 4 of 5) – Personal information processed for journalistic, artistic, literary or research purposes

• Scope (slide 5 of 5) – Information necessary for banks

Data Privacy Act of 2012 (DPA) - General Rights of Data Subjects

• Right to information
• Right to access
• Right to correct
• Right to remove
• Right to damages
• Right to data portability

Data Privacy Act of 2012 (DPA) - General Rights of Data Subjects - Exceptions

• Processed personal information used for scientific or statistical research
• Processing of personal information related to criminal, administrative or tax liabilities

Data Processing and Consent

• Collection of personal data must be declared and specified
• Consent is required for all personal data collection
• Data subject must be informed about data processing extent and purpose
• Consent is not required for fulfilling contractual agreements
• Consent is not required in cases of data subject protection

Sensitive Personal Information

• The law defines sensitive personal information (Includes race, ethnicity, marital status, gender, religion, political affiliation, health, etc.)
• Processing prohibited except in certain circumstances
• Consent of the data subject where required
• Security of sensitive personal info in government

Personal Information Controllers

• The term refers to someone who controls collection, holding, processing or use of personal information
• Excludes persons performing functions as instructed
• Individuals collecting information for personal use

Penalties for violations of the DPA

• Fines ranging from $2,000 to $100,000
• Imprisonment from 1 year to 6 years

Benefits of Technology

• Easier access to medical information, improved patient relationships
• Faster results for medical testing
• Better treatments and equipment

Challenges of Technology

• Interoperability issues
• Keeping up with outdated technology
• Difficult user interfaces - Difficult user interfaces
• Exacerbating Malpractice Claims

Current Technology Issues and Dilemmas

• Privacy and confidentiality: Controlling access to health information - Security measures to protect data integrity
• Security breaches: Firewalls, antivirus software needed to protect data integrity