DPA

Question 1

What are the 5 main parts of the Data privacy act?

Answer 1

1. Definition & General Provision (Section 1-6)
2. National Privacy Commission (Section 7-10)
3. Rights of a data subject and obligations of controllers/processors (Section 11-21) (Focus on this for Sir)
4. Provisions for government (Section 22-24)
5. Penalties (Section 25 to 37)

Question 2

The National Privacy Commission is under what department?

Answer 2

Department of Information and Communications Technology

Question 3

Does the law prevent the processing of personal information?

Answer 3

No
The law does not prohibit the processing of personal information
It just balances the fundamental human right of privacy and the free flow of information

Question 4

What are the rights of a data subject?

Answer 4

1. Right to be informed
2. Right to object
3. Right to access
4. Right to rectification
5. Right to erasure of blocking (or being forgotten)
6. Right to damages

These rights are not applicable when the processed personal data is used only for the needs of scientific and statistical research. Provided also that the personal data shall be held under strict confidentiality and used only for its intended purpose.

Also not applicable to investigations in relation to crime and liabilities of a data subject.
In any case for both exceptions, the limitations for the rights are only the bare minimum necessary to achieve the purpose for either exception

Question 5

What are other rights afforded to a data subject as a result of the DPA

Answer 5

7. Right to data portability - Where Data is processed by electronic means, in a structured and commonly used format, the data subject has the right to obtain a copy for further use by the data subject
8. Right to file a complaint
9. Transmissibility right - Lawful heirs and assigns may invoke the rights of the data subject if the data subject is incapacitated or incapable of exercising the rights

Question 6

Processing of personal data shall be allowed subject to the following principles:

Answer 6

1. Transparency - Data subject must be aware of the nature, purpose, and extent of the processing of their data
2. Proportionality - Processing of information shall be adequate, relevant, suitable, necessary and NOT excessive in relation to Legitimate Purpose
3. Legitimate Purpose - Processing of information shall be compatible with a declared and specified purpose (Which must not be contrary to law, morals, public policy)

Question 7

What is a data subject according to the law?

Answer 7

An individual (natural person) whose information is processed

Whether it be
Personal Information
Sensitive Personal Information
Privileged Information

Key note, a data subject can be dead

Question 8

What is Personal Information?

Answer 8

Any information, whether recorded in material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual

In simple terms, any information that can confirm your identity on its own or when paired with other information

Question 9

What are the elements of personal information?

Answer 9

1. Any Information
2. Identity of an Individual
3. Apparent, or can reasonably and directly ascertain
4. Must be natural person

Question 10

What is Sensitive Personal Information?

Answer 10

It refers to personal information that is

1. About an individual’s race, ethnicity. marital status. age. color. religion and affiliation
2. About an individual’s health. education, genetic/sexual life or any preceding for any offence committed or alleged to have been committed by such person
3. Information issued by government agencies peculiar to an individual (Stuff like your SSN, Licenses, Tax returns)
4. Information specifically established by executive order or act of congress to be kept classifed

Question 11

What is Privileged Information?

Answer 11

Any and all forms of data which under the rules of court and other pertinent laws constitute privileged communication (Spouse, Lawyer, Doctor, Clergy, Public Office)

(Privileged information is considered sensitive personal information under the DPA)

Question 12

What is a Personal Information Processor?

Answer 12

Any natural, juridical, or any other body to whom a personal information controller may:
1. Outsource the processing of personal data pertaining to a data subject
2. Instruct the processing of personal data pertaining to a data subject

Question 13

What is a Personal Information Controller?

Answer 13

Any natural, juridical, or any other body who

1. Controls the processing of personal data
2. Instructs another to process personal data

Excluded are natural person who process personal data in connection with their personal family

Question 13

What is processing?

Answer 13

Any operation performed upon personal data (collection, recording, organizing, etc.)

May be automated or manual

Question 13

What is the general rule for processing of personal information?

Answer 13

Processing personal information = Allowed
Exceptions: If prohibited by law

Question 13

For processing of personal information to be lawful any of the 7 conditions must be complied with, these conditions are?

Answer 13

1. Consent
2. Fulfillment of Contract
3. Legal Obligation
4. Life & Health (Only if there’s no other way)
5. Vitally important interest
6. Public function
7. Legitimate interest of PIC/PIP

Question 13

What is the general rule for processing of Sensitive personal information?

Answer 13

General Rule: Prohibited
Except: If allowed by law

Question 13

For processing of Sensitive Personal Information to be lawful, any of 6 conditions can be met, these conditions are?

Answer 13

1. Consent
2. Laws and Regulations
3. Life and Health
4. Lawful and Noncommercial Objectives
5. Medical Treatment
6. Lawful rights and Interests