SlideShare a Scribd company logo

Data Privacy- Security of Sensitive Personal Information

JDP Consulting, profile picture
JDP Consulting

The Philippine Data Privacy Law applies to government agencies, making agency heads primarily responsible for ensuring compliance with the security of sensitive personal information. Government employees must obtain security clearance to access this information, and any off-site access requires a request approved by the agency head, with specific limitations on the number of records and security standards. Contractors accessing sensitive data from 1,000 or more individuals must register their information processing systems with the National Privacy Commission.

Law
Related topics:
Small Business StrategiesContract Law Overview Business Intelligence Information Security
1 of 10
Downloaded 70 times
1
2
3
4
5
6
7
8
9
10
Security of Sensitive Personal Information in Government Basics of Philippine Data Privacy Law for Non-Lawyers
Applicability to Government The Data Privacy Law expressly and specifically provides for the applicability of the provisions to Government Agencies. Accordingly, heads of agencies are made primarily responsible for ensuring that their offices are compliant with the security of sensitive personal information that are in their control or custody. Reference: Section 22, R.A. 10173
Responsibility: Heads of Agencies All sensitive personal information maintained by the government, its agencies and instrumentalities shall be secured, as far as practicable, with the use of the most appropriate standard recognized by the information and communications technology industry, and as recommended by the Commission. The head of each government agency or instrumentality shall be responsible for complying with the security requirements mentioned herein while the Commission shall monitor the compliance and may recommend the necessary action in order to satisfy the minimum standards. The heads of agencies are made primarily responsible for compliance with the security requirements set by the Data Privacy Law. The NPC has the authority to monitory compliance and recommend to the agency the necessary to action to comply with the minimum standards. Reference: Section 23, R.A. 10173
Responsibility: Heads of Agencies (a) On-site and Online Access – Except as may be allowed through guidelines to be issued by the Commission, no employee of the government shall have access to sensitive personal information on government property or through online facilities unless the employee has received a security clearance from the head of the source agency. Sensitive personal information with the Government is required to be maintained as strictly confidential and only for those authorized to access them. Accordingly, security clearance is required before a Government employee may be able to access these sensitive personal information. Reference: Section 23, R.A. 10173
Responsibility: Heads of Agencies (b) Off-site Access – Unless otherwise provided in guidelines to be issued by the Commission, sensitive personal information maintained by an agency may not be transported or accessed from a location off government property unless a request for such transportation or access is submitted and approved by the head of the agency in accordance with the following guidelines: (1) Deadline for Approval or Disapproval – In the case of any request submitted to the head of an agency, such head of the agency shall approve or disapprove the request within two (2) business days after the date of submission of the request. In case there is no action by the head of the agency, then such request is considered disapproved; Reference: Section 23, R.A. 10173
Responsibility: Heads of Agencies (2) Limitation to One thousand (1,000) Records – If a request is approved, the head of the agency shall limit the access to not more than one thousand (1,000) records at a time; and (3) Encryption – Any technology used to store, transport or access sensitive personal information for purposes of off-site access approved under this subsection shall be secured by the use of the most secure encryption standard recognized by the Commission. Transportation or access off-site of sensitive personal information with the Government requires an approved request by the head of agency. Further, a 1,000 records at a time limitation is imposed. Most secure encryption standard is required of the technology to be used. Reference: Section 23, R.A. 10173
Government Contractors In entering into any contract that may involve accessing or requiring sensitive personal information from one thousand (1,000) or more individuals, an agency shall require a contractor and its employees to register their personal information processing system with the Commission in accordance with this Act and to comply with the other provisions of this Act including the immediately preceding section, in the same manner as agencies and government employees comply with such requirements. Government contractors and their employees have to register their Personal Information Processing System with the National Privacy Commission – if their contracts involve accessing or requiring sensitive personal information from 1,000 or more individuals. Reference: Section 24, R.A. 10173
Summary 1) Data Privacy Law applies to Government Offices. 2) Heads of Agencies are the ones primarily responsible for compliance. 3) Security clearance is required for Government Employees who are accessing sensitive personal information. 4) A request approved by the Head of the Agency is required prior to transportation or access off-site of sensitive personal information. 5) NPC registration is required for Government Contractors for contracts involving access or requiring senstive personal information from at least 1,000 individuals.
Basics of Philippine Data Privacy Law for Non-Lawyers Atty. Jericho B. Del Puerto SME Business Lawyer For inquiries, comment, or permission to use slides, send us an email : info@jdpconsulting.ph. Security of Sensitive Personal Information in Government
Data Privacy- Security of Sensitive Personal Information

More Related Content

PPS
Introduction to Data Protection and Information Security
Jisc Scotland
 
PPTX
Data privacy act
ansherina erika dejan
 
PDF
Privacy & Data Protection in the Digital World
Arab Federation for Digital Economy
 
PPT
Data Protection (Download for slideshow)
Andrew Sharpe
 
PPTX
GDPR
Gopi PD
 
PDF
Privacy by design
Prof. Jacques Folon (Ph.D)
 
PPTX
Physical Security In The Workplace
dougfarre
 
PPTX
Privacy & Data Protection
sp_krishna
 
Introduction to Data Protection and Information Security
Jisc Scotland
 
Data privacy act
ansherina erika dejan
 
Privacy & Data Protection in the Digital World
Arab Federation for Digital Economy
 
Data Protection (Download for slideshow)
Andrew Sharpe
 
GDPR
Gopi PD
 
Privacy by design
Prof. Jacques Folon (Ph.D)
 
Physical Security In The Workplace
dougfarre
 
Privacy & Data Protection
sp_krishna
 

What's hot (20)

PDF
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
PPT
Data protection in_india
Altacit Global
 
PPSX
CRIMINOLOGY REVIEWER LEA POLICE ORGANIZATION
Niño Kabiling
 
PPT
E Signature Presentation
brettlieberman
 
PPTX
Gdpr presentation
Sudarsan Reddy
 
ODP
GDPR: valutazione d'impatto (DPIA) - 11 maggio 2018
Simone Chiarelli
 
ODP
Corporate security
Jarno Niemela
 
PDF
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
PPTX
Training privacy by design
Tommy Vandepitte
 
PDF
DPDP Act 2023.pdf
Priyanka Aash
 
PPTX
skillcast-gdpr-training-presentation-q320.pptx
RahulGarg294918
 
ODP
GDPR: principi - 21 maggio 2018
Simone Chiarelli
 
PPTX
Data Protection Officer Dashboard | GDPR
Corporater
 
PDF
GDPR 2018 - Il nuovo Regolamento Privacy Europeo
M2 Informatica
 
PDF
Data Protection Predictions for 2023.pdf
DarylBallesteros3
 
PDF
Lezione n. 02 - Ordinamento della Polizia Municipale e Locale (1): Polizia am...
Simone Chiarelli
 
PPT
Personal Data Protection in Malaysia
khenghoe
 
PDF
GDPR Demystified
SPIN Chennai
 
PPTX
GDPR e privacy - 6 dicembre 2018
Simone Chiarelli
 
PDF
The principles of the Data Protection Act in detail - uk
- Mark - Fullbright
 
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
Data protection in_india
Altacit Global
 
CRIMINOLOGY REVIEWER LEA POLICE ORGANIZATION
Niño Kabiling
 
E Signature Presentation
brettlieberman
 
Gdpr presentation
Sudarsan Reddy
 
GDPR: valutazione d'impatto (DPIA) - 11 maggio 2018
Simone Chiarelli
 
Corporate security
Jarno Niemela
 
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
Training privacy by design
Tommy Vandepitte
 
DPDP Act 2023.pdf
Priyanka Aash
 
skillcast-gdpr-training-presentation-q320.pptx
RahulGarg294918
 
GDPR: principi - 21 maggio 2018
Simone Chiarelli
 
Data Protection Officer Dashboard | GDPR
Corporater
 
GDPR 2018 - Il nuovo Regolamento Privacy Europeo
M2 Informatica
 
Data Protection Predictions for 2023.pdf
DarylBallesteros3
 
Lezione n. 02 - Ordinamento della Polizia Municipale e Locale (1): Polizia am...
Simone Chiarelli
 
Personal Data Protection in Malaysia
khenghoe
 
GDPR Demystified
SPIN Chennai
 
GDPR e privacy - 6 dicembre 2018
Simone Chiarelli
 
The principles of the Data Protection Act in detail - uk
- Mark - Fullbright
 
Ad

Similar to Data Privacy- Security of Sensitive Personal Information (20)

PPTX
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
gentlejosh3161
 
PDF
Basic Data Privacy for Non Lawyers
JDP Consulting
 
PPTX
Data Privacy Act of 2012.pptx
CeresMargaretMangibi
 
PDF
Data Privacy - Security of Personal Information
JDP Consulting
 
PPT
The Data Privacy Act of 2012 by Tristan Calaguas
jane649083
 
PPTX
RA 10173 or the Data Privacy Act of 2012.pptx
JordanJalbuna
 
PPTX
Data Privacy Act in the Philippines
Shirley Ingles-Cruz
 
PDF
Philippine Data Privacy Act of 2012 (RA 10173)
Kirk Go
 
PDF
Data privacy act of 2012 presentation
Kittelson & Carpo Consulting
 
PDF
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Jay Castillo
 
DOCX
Module 1- Living in the IT Era GE 12 FOR CHED
ShaneMarizCRoslin
 
PPTX
Group 10 - PDPA II.pptx
Suthaesh Ramash
 
PDF
Data Privacy - Rights of the Data Subject
JDP Consulting
 
PDF
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
Maria Perkins
 
PPTX
MAED 109 emergencies and disasters in education am
WORLDMUSICDEFINER
 
DOC
Personal Data and Information Classification under Data Privacy Act of the Ph...
ABLoveria
 
PPTX
Group 5 Banking Laws Semi Finals.pptx
StephenQuijano3
 
PDF
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
JakeAldrinDegala1
 
PPTX
Data Privacy Protection Competrency Guide by a Data Subject
John Macasio
 
PDF
Information Security: The Trinidad & Tobago Legal Context
Jason Nathu
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
gentlejosh3161
 
Basic Data Privacy for Non Lawyers
JDP Consulting
 
Data Privacy Act of 2012.pptx
CeresMargaretMangibi
 
Data Privacy - Security of Personal Information
JDP Consulting
 
The Data Privacy Act of 2012 by Tristan Calaguas
jane649083
 
RA 10173 or the Data Privacy Act of 2012.pptx
JordanJalbuna
 
Data Privacy Act in the Philippines
Shirley Ingles-Cruz
 
Philippine Data Privacy Act of 2012 (RA 10173)
Kirk Go
 
Data privacy act of 2012 presentation
Kittelson & Carpo Consulting
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Jay Castillo
 
Module 1- Living in the IT Era GE 12 FOR CHED
ShaneMarizCRoslin
 
Group 10 - PDPA II.pptx
Suthaesh Ramash
 
Data Privacy - Rights of the Data Subject
JDP Consulting
 
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
Maria Perkins
 
MAED 109 emergencies and disasters in education am
WORLDMUSICDEFINER
 
Personal Data and Information Classification under Data Privacy Act of the Ph...
ABLoveria
 
Group 5 Banking Laws Semi Finals.pptx
StephenQuijano3
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
JakeAldrinDegala1
 
Data Privacy Protection Competrency Guide by a Data Subject
John Macasio
 
Information Security: The Trinidad & Tobago Legal Context
Jason Nathu
 
Ad

More from JDP Consulting (20)

PDF
Data Privacy - Penalties for Non-Compliance
JDP Consulting
 
PPTX
Philippine Franchising Law
JDP Consulting
 
PDF
Unfair Labor Practice
JDP Consulting
 
PDF
DOLE D.O. 147-15
JDP Consulting
 
PDF
What is Control in Contracting and Subcontracting?
JDP Consulting
 
PDF
DOLE D.O. 174-17 vs. DOLE D.O. 18-A-11
JDP Consulting
 
PDF
Pag-IBIG Benefits
JDP Consulting
 
PDF
SSS Benefits
JDP Consulting
 
PDF
PhilHealth Benefits
JDP Consulting
 
PDF
ECC Benefits
JDP Consulting
 
PDF
Retirement Pay
JDP Consulting
 
PDF
Separation Pay
JDP Consulting
 
PDF
13th Month Pay
JDP Consulting
 
PDF
Special Leave for Women
JDP Consulting
 
PDF
VAWC Leave
JDP Consulting
 
PDF
Solo Parental Leave
JDP Consulting
 
PDF
Paternity Leave
JDP Consulting
 
PDF
Service Incentive Leave
JDP Consulting
 
PDF
Service Charges
JDP Consulting
 
PDF
Night Shift Differential Pay
JDP Consulting
 
Data Privacy - Penalties for Non-Compliance
JDP Consulting
 
Philippine Franchising Law
JDP Consulting
 
Unfair Labor Practice
JDP Consulting
 
DOLE D.O. 147-15
JDP Consulting
 
What is Control in Contracting and Subcontracting?
JDP Consulting
 
DOLE D.O. 174-17 vs. DOLE D.O. 18-A-11
JDP Consulting
 
Pag-IBIG Benefits
JDP Consulting
 
SSS Benefits
JDP Consulting
 
PhilHealth Benefits
JDP Consulting
 
ECC Benefits
JDP Consulting
 
Retirement Pay
JDP Consulting
 
Separation Pay
JDP Consulting
 
13th Month Pay
JDP Consulting
 
Special Leave for Women
JDP Consulting
 
VAWC Leave
JDP Consulting
 
Solo Parental Leave
JDP Consulting
 
Paternity Leave
JDP Consulting
 
Service Incentive Leave
JDP Consulting
 
Service Charges
JDP Consulting
 
Night Shift Differential Pay
JDP Consulting
 

Recently uploaded (20)

PPTX
R.A. NO. 76 10 OR THE CHILD ABUSE LAW.pptx
DyepoyFigsVjoucher
 
PPTX
Sexual Harassment Prevention training class
lmy1103
 
PPTX
BUSINESS LAW AND IT IN CONTRACT SIGNING AND MANAGEMENT
daudevarist18
 
PDF
A SEP and FRAND Overview 13 Aug 2024.pdf
Jane Lambert
 
PPT
wipo: IP _smes_kul_06_www_6899913 (1).ppt
jyotsnarani13
 
PPTX
Court PROCESS Notes_Law Clinic Notes.pptx
shelynchand
 
PDF
Kayla Coates Wins no-insurance case Against the Illinois Workers’ Benefit Fund
Ankin Law Office, LLC
 
PPT
Gender sensitivity and fair language implementation
MICHAELVERINA1
 
PDF
OpenAi v. Open AI Summary Judgment Order
Mike Keyes
 
PPTX
What Happens to Your Business If You Become Incapacitated
Elder Law Center Of Wisconsin
 
PPTX
BL 2 - Courts and Alternative Dispute Resolution.pptx
blamgaming01
 
PPTX
Constitutional Law 2 Final Report.ppt bill of rights in under the constitution
JAMESJEFFERSONROSALE
 
PDF
250811-FINAL-Bihar_Voter_Deletion_Analysis_Presentation.pdf
sabranghindi
 
PPT
Over view on IPR and its components :ppt
jyotsnarani13
 
PDF
The AI & LegalTech Surge Reshaping the Indian Legal Landscape
Vidhikarya Legal Services LLP
 
PDF
SUMMARY CASES-42-47.pdf tax -1 257++/ hsknsnd
ibrahimnorlainie
 
PDF
Plausibility - A Review of the English and EPO cases
Jane Lambert
 
PPTX
Peter Maatouk Is Redefining What It Means To Be A Local Lawyer Who Truly List...
Maatouks Law Group
 
PPTX
FFFFFFFFFFFFFFFFFFFFFFTA_012425_PPT.pptx
bLackseaL2
 
PPTX
prenuptial agreement ppt my by a phd scholar
rajuyadav42111
 
R.A. NO. 76 10 OR THE CHILD ABUSE LAW.pptx
DyepoyFigsVjoucher
 
Sexual Harassment Prevention training class
lmy1103
 
BUSINESS LAW AND IT IN CONTRACT SIGNING AND MANAGEMENT
daudevarist18
 
A SEP and FRAND Overview 13 Aug 2024.pdf
Jane Lambert
 
wipo: IP _smes_kul_06_www_6899913 (1).ppt
jyotsnarani13
 
Court PROCESS Notes_Law Clinic Notes.pptx
shelynchand
 
Kayla Coates Wins no-insurance case Against the Illinois Workers’ Benefit Fund
Ankin Law Office, LLC
 
Gender sensitivity and fair language implementation
MICHAELVERINA1
 
OpenAi v. Open AI Summary Judgment Order
Mike Keyes
 
What Happens to Your Business If You Become Incapacitated
Elder Law Center Of Wisconsin
 
BL 2 - Courts and Alternative Dispute Resolution.pptx
blamgaming01
 
Constitutional Law 2 Final Report.ppt bill of rights in under the constitution
JAMESJEFFERSONROSALE
 
250811-FINAL-Bihar_Voter_Deletion_Analysis_Presentation.pdf
sabranghindi
 
Over view on IPR and its components :ppt
jyotsnarani13
 
The AI & LegalTech Surge Reshaping the Indian Legal Landscape
Vidhikarya Legal Services LLP
 
SUMMARY CASES-42-47.pdf tax -1 257++/ hsknsnd
ibrahimnorlainie
 
Plausibility - A Review of the English and EPO cases
Jane Lambert
 
Peter Maatouk Is Redefining What It Means To Be A Local Lawyer Who Truly List...
Maatouks Law Group
 
FFFFFFFFFFFFFFFFFFFFFFTA_012425_PPT.pptx
bLackseaL2
 
prenuptial agreement ppt my by a phd scholar
rajuyadav42111
 

Data Privacy- Security of Sensitive Personal Information

  • 1. Security of Sensitive Personal Information in Government Basics of Philippine Data Privacy Law for Non-Lawyers
  • 2. Applicability to Government The Data Privacy Law expressly and specifically provides for the applicability of the provisions to Government Agencies. Accordingly, heads of agencies are made primarily responsible for ensuring that their offices are compliant with the security of sensitive personal information that are in their control or custody. Reference: Section 22, R.A. 10173
  • 3. Responsibility: Heads of Agencies All sensitive personal information maintained by the government, its agencies and instrumentalities shall be secured, as far as practicable, with the use of the most appropriate standard recognized by the information and communications technology industry, and as recommended by the Commission. The head of each government agency or instrumentality shall be responsible for complying with the security requirements mentioned herein while the Commission shall monitor the compliance and may recommend the necessary action in order to satisfy the minimum standards. The heads of agencies are made primarily responsible for compliance with the security requirements set by the Data Privacy Law. The NPC has the authority to monitory compliance and recommend to the agency the necessary to action to comply with the minimum standards. Reference: Section 23, R.A. 10173
  • 4. Responsibility: Heads of Agencies (a) On-site and Online Access – Except as may be allowed through guidelines to be issued by the Commission, no employee of the government shall have access to sensitive personal information on government property or through online facilities unless the employee has received a security clearance from the head of the source agency. Sensitive personal information with the Government is required to be maintained as strictly confidential and only for those authorized to access them. Accordingly, security clearance is required before a Government employee may be able to access these sensitive personal information. Reference: Section 23, R.A. 10173
  • 5. Responsibility: Heads of Agencies (b) Off-site Access – Unless otherwise provided in guidelines to be issued by the Commission, sensitive personal information maintained by an agency may not be transported or accessed from a location off government property unless a request for such transportation or access is submitted and approved by the head of the agency in accordance with the following guidelines: (1) Deadline for Approval or Disapproval – In the case of any request submitted to the head of an agency, such head of the agency shall approve or disapprove the request within two (2) business days after the date of submission of the request. In case there is no action by the head of the agency, then such request is considered disapproved; Reference: Section 23, R.A. 10173
  • 6. Responsibility: Heads of Agencies (2) Limitation to One thousand (1,000) Records – If a request is approved, the head of the agency shall limit the access to not more than one thousand (1,000) records at a time; and (3) Encryption – Any technology used to store, transport or access sensitive personal information for purposes of off-site access approved under this subsection shall be secured by the use of the most secure encryption standard recognized by the Commission. Transportation or access off-site of sensitive personal information with the Government requires an approved request by the head of agency. Further, a 1,000 records at a time limitation is imposed. Most secure encryption standard is required of the technology to be used. Reference: Section 23, R.A. 10173
  • 7. Government Contractors In entering into any contract that may involve accessing or requiring sensitive personal information from one thousand (1,000) or more individuals, an agency shall require a contractor and its employees to register their personal information processing system with the Commission in accordance with this Act and to comply with the other provisions of this Act including the immediately preceding section, in the same manner as agencies and government employees comply with such requirements. Government contractors and their employees have to register their Personal Information Processing System with the National Privacy Commission – if their contracts involve accessing or requiring sensitive personal information from 1,000 or more individuals. Reference: Section 24, R.A. 10173
  • 8. Summary 1) Data Privacy Law applies to Government Offices. 2) Heads of Agencies are the ones primarily responsible for compliance. 3) Security clearance is required for Government Employees who are accessing sensitive personal information. 4) A request approved by the Head of the Agency is required prior to transportation or access off-site of sensitive personal information. 5) NPC registration is required for Government Contractors for contracts involving access or requiring senstive personal information from at least 1,000 individuals.
  • 9. Basics of Philippine Data Privacy Law for Non-Lawyers Atty. Jericho B. Del Puerto SME Business Lawyer For inquiries, comment, or permission to use slides, send us an email : info@jdpconsulting.ph. Security of Sensitive Personal Information in Government