Data Privacy Management

Nelson H. Tejara
[email protected]
Learning Objectives

• At the end of the lesson, you (student) should be able

to:
• Define data privacy
• Identify the classifications of personal data
• Identify the key roles in the Data Privacy Act
• Explain the principle of transparency and proportionality
• Identify ways to improve data security
Data Privacy Management

• relates to how a piece of information or data should

be treated
Classifications of Personal Data

• Personal information
• any information from which the identity of an individual is
apparent or can be reasonably and directly ascertained by
the entity holding the information; or
• any piece of information such that when put together with
other information would directly and certainly identify an
individual whether recorded in a material form or not
Personal Information

• Payroll and • Gender

benefits • Current
information location
• Contact • IP address
information
• Birthdate
• Name
• Birthplace
• Address
• Country of
• Place of work citizenship
• Contact • Citizenship
number status
Classifications of Personal Data

• Sensitive personal information

• sensitive data of an individual.
• e.g. race, ethnic origin, marital status, and age.
• It also includes information provided to a person by some
government agencies that includes, but is not limited to
• social security numbers,
• previous or current health records,
• license or its denials, suspension or revocation, and tax returns.
• It also includes information specifically established by an
executive order or an act of Congress to be kept classified.
Sensitive Personal Information

• Race • Education
• Ethnic origin • Genetics
• Marital status • Sexual life
• Age • Court
• Skin color proceedings
• Religious • ID numbers
affiliation
• Licenses or its
• Political denials,
affiliation suspension or
• Health revocation
Sensitive Personal Information

• Tax returns • Materials

downloaded
• Other personal
information • Any other
information
issued by reflecting
government preferences and
agencies behaviors of an
individual
• Bank account
numbers • Grievance
information
• Debit and credit • Discipline
card numbers information
• Websites visited • Reason for leave
of absence
Privileged Information

• Data received within the context of a protected

relationship
• Examples
• Husband and wife
• Attorney and client
• Priest and penitent
• Doctor and patient
Data Privacy Act of 2012

• An act to protect the fundamental human right of

privacy, of communication while ensuring the free
flow of information to promote innovation and
growth.
Key Roles in the Data Privacy Act

• National Privacy Commission

• an independent body mandated to administer and
implement the Data Privacy Act of 2012
• monitors and ensures compliance of the country with
international standards set for personal data protection
Data Privacy Act of 2012

• The functions of the NPC include:

• rule-making,
• advisory,
• public education,
• compliance and monitoring,
• investigations and complaints, and
• enforcement of the act.
Key Roles in the Data Privacy Act

• Data Subject
• an individual whose, sensitive personal, or privileged
information is processed.
• Personal Information Controller (PIC)
• controls the processing of personal data or instructs
another person or organization to process personal data on
its behalf.
Key Roles in the Data Privacy Act

• Personal Information Processor (PIP)

• the organization or individual whom a personal information
controller may outsource or instruct the processing of
personal data pertaining to a data subject.
• Data Protection Officer (DPO)
• responsible for the overall management of compliance to
the Data Privacy Act.
Key Roles in the Data Privacy Act
Principle of Transparency

• A data subject must be aware of the nature, purpose,

and extent of the processing of his or her personal
data, including the risks and safeguards involved, the
identity of personal information controller, his or her
rights as a data subject, and how these can be
exercised.
Principle of Transparency

• Any information and communication relating to the

processing of personal data should be easy to access
and understand, using clear and plain language.
• E.g. informed consent form
Principle of Proportionality

• The processing of information shall be adequate,

relevant, suitable, necessary, and not excessive in
relation to a declared and specified purpose.
• Personal data shall be processed only if the purpose
of the processing could not reasonably be fulfilled by
other means.
Improving Security

• Safeguard your passwords.

• Do not use passwords, such as your name, address, phone
number, or birthday, that relate to easily obtainable
personal information, minimize using common words.
• At least eight alphanumeric characters should be your
passwords, mixed with upper- and lowercase letters,
numbers, and symbols (“@”, “-“, “.”) and passwords are
case sensitive.
Improving Security

• Protect online accounts.

• Services or organizations that you provided with your
account information do not ask for it again aside from
during the account registration process.
• Never give out your account information to suspicious
entities otherwise, they may be able to use your account for
any malicious intent.
Improving Security

• Don’t transact using public Wi-Fi.

• These types of connections are usually free and open (no
password is needed to connect).
• As such, a number of users may be connected and are
using the connection.
• An identity thief, armed with special tools and software
might be monitoring your actions on the same Wi-Fi
network.
Improving Security

• Turn off ‘Save Password’ Feature.

• If you are using a public computer, do not save your
password in the browser.
• The next person who will use that computer may be able to
log in using your account.
• Purchasing or any financial transactions must also be done
carefully on a public computer.
Improving Security

• Disable any ‘Auto-Complete’ Settings.

• Some devices and applications have an auto-complete
feature which fills blank fields with appropriate information
which you may have filled in or saved prior to a transaction.
• This may be a problem since auto-complete may provide
information without your consent.
Improving Security

• Keep devices under lock and key.

• Devices can now be locked which prevents unauthorized
usage by other entities.
• This is especially convenient for portable devices when not
in use.
Supplemental Videos

• https://youtu.be/Kz-INokaRFs
• https://youtu.be/yrkrngRgrSw
Reference:

• Learning Guide in Living in the Information

Technology Era by Eugene Mangaoang, John Paul
Vitualla, Abegail Peseral & Joy Espinosa.