Social Data Protection and Privacy

PRIVACY

• consent

• confidential

• a right

• Privacy is a fundamental aspect of human dignity and autonomy, and it encompasses various domains including personal, informational, and physical spaces.

PERSONAL INFORMATION

•   Full name (especially if uncommon)

•   Home address or current location

•   Phone number

•   Email address

•   National ID, passport, or driver's license details

•   Birthdate (or at least the full date)

•   Bank account details or financial information

SENSITIVE AND SECURITY-RELATED DATA

•   Passwords or security questions

•   Work or school schedules

•   Travel plans (to avoid burglars targeting your home)

•   Personal conversations (screenshots of private chats)

SOCIAL AND RELATIONSHIP MATTERS

•   Family conflicts or drama

•   Breakups and arguments

•   Personal grievances about work or school

•   Photos of other people without their consent

PROFESSIONAL AND ACADEMIC INFORMATION

•   Negative comments about your workplace, school, or teachers

•   Exam answers, confidential work data, or trade secrets

•   Private details about colleagues, classmates, or employees

CHILDREN AND MINORS' PRIVACY

•   Full names, schools, or locations of children

•   Daily routines that could endanger their safety

PERSONAL HABITS AND ROUTINES

•   Frequent check-ins to specific locations

•   Too many details about daily life that could make stalking easier

KEY ASPECTS OF PRIVACY

PERSONAL PRIVACY

•   The right to control access to one's body, home, and personal activities. This includes protection from unwarranted surveillance or intrusion.

INFORMATIONAL PRIVACY

•   The right to control how personal data (like name, address, medical records, financial information) is collected, used, and shared by others, especially organizations and governments.

COMMUNICATIONAL PRIVACY

•   The right to private conversations, whether verbal or digital and to protect such communication from being intercepted or monitored.

DATA PRIVACY

•   In today's digital age, this refers to the rights and responsibilities associated with personal data collected through online interactions, platforms, apps, and services. It focuses on how companies and governments collect, store, and handle personal data, like browsing habits, location, or social media content.

TYPES OF DATA BEING COLLECTED

1. PERSONAL IDENTIFIABLE INFORMATION (PII)

This includes any data that can identify an individual either directly or indirectly.

Examples: Name, address, email, phone number, social security number, date of birth, passport number, and driver's license.

2. BEHAVIORAL DATA

Data is collected from an individual's actions, especially online or while using apps and services.

Examples: Clicks, page visits, search history, purchase history, browsing patterns, and time spent on websites.

3. HEALTH DATA

Sensitive data related to an individual's health, physical or mental condition, and medical history.

Examples: Medical records, prescriptions, health conditions, genetic data, and fitness data from wearable devices (like heart rate, and activity

levels).

4. FINANCIAL DATA

Information related to an individual's financial activities and status.

Examples: Bank account numbers, credit card details,

transaction history, income, credit

score, and loan details.

5. GOVERNMENT AND LEGAL DATA

This refers to records maintained by government bodies, and used for regulatory or identification purposes.

Examples: Tax records, criminal records, property ownership, voter registration, and driver's license details.

RISKS OF DATA COLLECTION

Data Breaches: When companies fail to protect data, it can be exposed in hacks or breaches.

This can lead to identity theft or fraud.

Phishing: Cybercriminals use your data to create fake emails or messages to trick you into giving up more personal information.

Tracking and Surveillance: Governments, companies, or hackers can track what you do online, leading to a loss of privacy.

DATA BREACHERS CASES

FACEBOOK-CAMBRIDGE ANALYTICA SCANDAL (2018)

• What happened: Cambridge Analytica, a political consulting firm, harvested personal data from up to 87 million Facebook users without their consent through a third-party app. This data was used to create detailed voter profiles and influence political campaigns, including the 2016 U.S. Presidential election.

• Impact: Facebook faced global scrutiny for failing to protect user data, resulting in a $5 billion fine from the Federal Trade Commission (FTC) and regulatory investigations worldwide.

• Cause: Lax oversight over third-party apps and inadequate user privacy protections.

COMELEC DATA BREACH (2016)

• What happened: The Commission on Elections (COMELEC) experienced one of the largest government data breaches in the world. Hackers leaked the personal information of around 55 million registered Filipino voters, including sensitive information such as full names, birth dates, home addresses, passport numbers, and fingerprint data.

• Impact: This breach, referred to as "COMELEC hack" or "COMELeak", posed a significant threat to privacy and security, including risks of identity theft and fraud. It was ranked as one of the biggest government-related data breaches globally. It raised questions about the vulnerability of government systems in protecting personal information.

• Cause: The breach was carried out by hacking groups who defaced the COMELEC website and subsequently leaked voter data online.

LAZADA PHILIPPINES DATA BREACH (2020)

• What happened: Lazada, one of the largest e-commerce platforms in Southeast Asia, suffered a data breach in its Philippines branch, which exposed the personal information of around 1.1 million Filipino customers. The exposed data included names, email addresses, encrypted passwords, and shipping addresses.

• Impact: Although payment information was not

compromised, the exposure of personally identifiable information raised concerns about phishing attacks, identity theft, and fraud targeting affected customers.

• Cause: The breach was traced to a database leak, though Lazada stated that it occurred on a third-party service used by the platform.

DATA PROTECTION

DATA PROTECTION

Data Protection refers to the practice of safeguarding personal information from unauthorized access, breaches, and misuse.

Here's how to protect your privacy:

• Use strong passwords: Create unique, complex passwords and change them regularly.

• Enable multi-factor authentication (MFA): Add an extra layer of security to your accounts.

• Limit data sharing: Share only necessary information with apps and websites.

• Update software: Regularly update devices and apps to fix security vulnerabilities.

• Be cautious with public Wi-Fi: Avoid sharing sensitive data over unsecured networks.

• Use privacy settings: Adjust privacy controls on social media and online services.

• Backup data: Regularly back up important files to protect against loss or theft.

• Watch for phishing scams: Be wary of suspicious emails or links asking for personal info.

• Install firewalls and antivirus software: Protect devices from malware and cyber threats.

DATA PROTECTION LAWS

DATA PRIVACY ACT OF 2012 (REPUBLIC ACT NO. 10173)

This comprehensive law aims to protect the personal information of individuals in both the public and private sectors. It establishes principles for the collection, processing, and storage of personal data, requiring organizations to obtain consent from data subjects before processing their information. The law also mandates the implementation of appropriate security measures to protect data from unauthorized access, and it grants individuals rights such as access to their deletion. data, correction, and deletion. The law emphasizes accountability and imposes penalties for non-compliance, including fines and imprisonment.

CYBERCRIME PREVENTION ACT OF 2012 (REPUBLIC ACT NO. 10175):

This law addresses cybercrimes, including those that threaten data privacy, such as hacking, identity theft, and data interference. establishes penalties for unauthorized access to data, the illegal interception of communications, and other cyber offenses. The law also also provides the

government with tools to investigate and prosecute cybercrimes, ensuring that personal data is protected in the digital space.

E-COMMERCE ACT OF 2000 (REPUBLIC ACT NO. 8792)

This act provides legal recognition for electronic transactions and documents. It includes provisions requiring organizations to implement data protection measures to secure electronic documents and transactions. The law emphasizes the importance of data integrity and confidentiality in e-commerce, thereby enhancing consumer confidence in online transactions.

ANTI-PHOTO AND VIDEO VOYEURISM ACT OF 2009 (REPUBLIC ACT NO. 9995)

this law in the Philippines is designed to protect

individuals' privacy by prohibiting unauthorized recording and distribution of intimate or private photos and videos. The law aims to address the rise of voyeuristic activities and revenge porn by criminalizing actions that violate the right to privacy.