RA 10173

RA ___ is an act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a national privacy commission, and for other purposes

RA 10173

RA 10173 has __ chapters and ___ section

9 chapters and 45 sections

RA 10173 has been approved on ___

August 15, 2012

This 21st century law ensures that the Philippines complies with International standards set for data protection through ___

National Privacy Commission (NPC)

What is the main agency of RA 10173?

National Privacy Commission (NPC)

What is RA 10173 Sections 1-6 all about?

Definitions and General Provisions

What is RA 10173 Sections 7-10 all about?

The National Privacy Commission

What is RA 10173 Sections 11-21 all about?

Rights of Data Subjects and Obligations of Personal Information Controllers and Processors

What is RA 10173 Sections 22-24 all about?

Provisions Specific to Government

What is RA 10173 Sections 25-27 all about?

Penalties

Data Privacy Act has a vital role of ___ in nation- building

information and communications technology

___ shall refer to the National Privacy Commission created by virtue of this Act

Commission

___ refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her. Consent shall be evidenced by written, electronic, or recorded means. It may also be given on behalf of the data subject by an agent specifically authorized by the data subject to do so

Consent of the data subject

___ refers to an individual whose personal information is processed

Data subject

___ refers to any act of information relating to natural or juridical persons to the extent that, although the information is not processed by equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals in such a way that specific information relating to a particular person is readily accessible

Filing system

refers to a system for generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents and includes the computer system or other similar device by or which data is recorded, transmitted or stored and any procedure related to the recording, transmission or storage of electronic data, electronic message or electronic document

Information and Communications System

refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with the other information would directly and certainly identify an individual

Personal Information

refers to person who controls the collection, holding, processing or use of personal information or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf

Personal Information Controller

individual who collects, holds, or uses personal information in connection with the individual’s personal, family or household affairs

Personal Information Controller

refers to any natural or juridical person qualified to act such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject

Personal Information Processer

refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organizations, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data

Processing

refers to any and all forms of data which under the rules of court and other pertinent laws constitute privileged communication

Privileged Information

This refers to personal information about an individuals’ race, ethnic origin, marital status, age, color and religious, philosophical or political affiliations, individual’s health, education, genetic or sexual life of a persons, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings or the sentence of any court in such proceedings, Issued by government agencies peculiar to an individuals which include, but not limited to social security numbers, previous or current health records, licenses or its denials, suse sions or revocation and tax returns and Specifically established by an executive order or an act of congress to be kept classified

Sensitive Personal Information

This act does not apply to Information about any individual who is or was an ___

officer or employee of a government institution

This act does not apply to Information about an individual who is or was performing service ___

under contract for a government institution

This act does not apply to Information relating to any ___ of a financial nature

discretionary benefit

This act does not apply to Personal information processed for ___

journalistic, artistic, literary or research purposes

This act does not apply to Information necessary in order to carry out the functions of ___

public authority

Nothing in this act shall be construed or as to have amended or repealed by___

RA 1405 (Secretary of Bank Deposits Act), RA 6426 (Foreign Currency Deposit Act)

This act does not apply to Information necessary for banks and other ___

financial institutions

This act does not apply to personal information originally collected from ___

residents of foreign jurisdictions

What section talks about protection afforded to journalists and their sources?

Section 5

RA ___ is about publishers, editors or duly accredited reporters of any newspaper, magazine or periodical of general circulation protection from being compelled to reveal the source of any news report or information appearing in said publication which was related in any confidence to such publisher, editor, or reporter

RA 53

What sections talks about extraterritorial application?

Section 6

This Act applies to an act done or practice engaged ___ by an entity

in and outside of the Philippines

What section talks about the functions of National Privacy Commission?

Section 7

True or False - NPC can issue cease and desist orders, impose a temporary or permanent ban?

TRUE

Recommend to the ___ the prosecution and imposition of penalties specified in Sections 25 to 29 of this act

Department of Justice (DOJ)

NPC review, approve, reject or require ___ voluntarily adhered to by personal information controllers

modification of privacy codes

Section 8 talks about ___

Confidentiality

What section stalks about the organizational structure of the commission?

Section 9

NPC is under what government agency?

Department of Information and Communications Technology

Who is the chairman of the commission?

Privacy Commissioner

What are the 2 deputy privacy commissioners?

Data Processing Systems & Policies and Planning

Who appoints the organizational structure of the commission?

President of the Philippines

The privacy commissioner should be at least __ years of age and a recognized expert in the field of information technology and data privacy

35 yrs old

The Privacy Commissioner shall enjoy the benefits, privileges and emoluments equivalent to the rank of ___

Secretary

Current Privacy Commissioner and Chairman

Atty John Henry D. Naga

They are the recognized experts in the field of information and communications technology and data privacy

Deputy Privacy Commissioners

Deputy Privacy Commissioners shall enjoy the benefits, privileges and emoluments equivalent to the rank of ___

Undersecretary

Current Deputy Privacy Commissioner

Leonardo Angelo Y. Aguirre and Atty Nerissa N. De Jesus

Majority of the members of the Secretariat must have served for at least ___ in any agency of the government involved in the processing of personal information

5 years

What sections talks about the general data privacy principles?

Section 11

Data collected should be for __

specified and legitimate purposes

How long should data be kept and retained?

Retained only for as long as necessary for the fulfillment of the purposes

One of the criteria for lawful processing of personal information is to respond to ___, to comply with the requirements of public order and safety, or to fulfill functions of public authority

national emergency

One of the criteria for lawful processing of personal information is for the purposes of the ___ pursued by the personal information controller or by a third party or parties to whom the data is disclosed

legitimate interests

What is the title of Section 12?

Criteria for Lawful Processing of Personal Information

What sections talks about criteria for Lawful Processing of Personal Information?

Section 12

The processing of sensitive personal information and privileged information shall be?

prohibited

Is the consent of the data subjects required for the processing of Sensitive Personal Information and Privileged Information provided for by existing laws and regulations?

No :p

The processing of Sensitive Personal Information and Privileged Information is allowed when it is necessary to achieve the ___ and ___ objectives of public organizations and their associations

lawful and noncommercial

The processing of Sensitive Personal Information and Privileged Information is allowed for public organizations and their associations when it is only confined and related to the?

bona fide members of these organizations or their associations

What is the title of Section 13?

Sensitive Personal Information and Privileged Information

What sections talks about Sensitive Personal Information and Privileged Information?

Section 13

A ___ may subcontract the processing of personal information.

personal information controller

What title is the section 14?

Subcontract of Personal Information

What sections talks about the subcontract of Personal Information?

Section 14

Personal information controllers may invoke the principle of privileged communication over privileged information that they lawfully control or process. Subject to existing laws and regulations, any evidence gathered on privileged information is ___.

inadmissible

___ may invoke the principle of privileged communication over privileged information that they lawfully control or process. Subject to existing laws and regulations, any evidence gathered on privileged information is inadmissible.

Personal information controllers

What is the title of Section 15?

Extension of Privileged Communication

What sections talks about the Extension of Privileged Communication?

Section 15

What is the title of Chapter 4?

Rights of the Data Subject

What is one of the rights of the data subject to: i.e., to access, correction, as well as the right to lodge a complaint before the Commission?

The existence of their rights,

The rights of the data subject include reasonable access to, upon demand, The designation, or name or identity and address of the ___.

personal information controller

The rights of the data subject include reasonable access to, upon demand, to suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s ____.

filing system

What is the title of Section 16?

Rights of the Data Subject

What section talks about the Rights of the Data Subject?

Section 16

When data subject dies, the transmissibility of rights goes to the ___?

lawful heirs only

What section talks about the Transmissibility of Rights of the Data Subject?

Section 17

What is the title of Section 17?

Transmissibility of Rights of the Data Subject.

What is the title of Section 18?

Right to Data Portability

What sections talks about the Right to Data Portability?

Section 18

Personal information should not to be used for research unless specified that it will be used for

research purposes

What is the title of Section 19?

Non-Applicability

What section talks about how personal information should not to be used for research unless specified that it will be used for research purposes

Section 19

What is the title of Chapter 5?

• Security of Personal Information

The personal information controller shall implement reasonable and appropriate measures to protect personal information against ___.

natural dangers

The ___ must implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information.

personal information controller

The personal information controller must further ensure that ___ processing personal information on its behalf shall implement the security measures

third parties

The personal information controller shall promptly notify ___ and affected data subjects when sensitive personal information or other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person.

the Commission

What is the title of the Section 20?

Security of Personal Information

What section talks about the Security of Personal Information?

Section 20

Each ___ is responsible for personal information under its control or custody, including information that have been transferred to a third party for processing, whether domestically or internationally, subject to cross-border arrangement and cooperation.

personal information controller

What is the title of Chapter 6?

• Accountability for Transfer of Personal Information

What chapter talks about the Accountability for Transfer of Personal Information

Chapter 6

What section talks about the Principle of Accountability?

Section 21

The ___ of each government agency or instrumentality shall be responsible for complying with the security requirements

head

What chapter talks about the Security of Sensitive Personal Information in Government?

Chapter 7

What section talks about the Responsibility of Heads of Agencies?

Section 22