Data Privacy Act

Orientation
Republic Act 10173

Data Protection Office

Byron Joseph A. Hallar, DIT
Chief, Data Protection Office
“Data is the pollution
problem of the
Information Age, and
protecting Privacy is
the environmental Bruce Schneir
Renowned Cryptographer,
challenge.” Public-Interest Technologist
Lecturer, Harvard University
Image source: https://www.oecd-forum.org/users/332166-bruce-schneier
 Data
Image source: https://datareportal.com/global-digital-overview Protection
Office
Data Never
Sleeps:
How much
data generated
every minute?
Data
Protection
Image source: Lori Lewis Office
Who stores data about you?

Data
Protection
Image source: PSITE DPO Training Participant Guide
Office
 Even your
devices
know a
lot about
you.
Data
Protection
Image source: PSITE DPO Training Participant Guide Office
 What does
Google
know?
Find out yourself by visiting:
www.google.com/dashboard

Data
Protection
Image source: PSITE DPO Training Participant Guide Office
“In the future, job interviews will
be done by machines. And they
won’t even have to ask you a
single question. They’ll just
search your social media
history.”

Data
Protection
Image source: PSITE DPO Training Participant Guide
Office
 Data
Philippines: 25th Most Cyber-Attacked Attacked Country Protection
Image source: https://cybermap.kaspersky.com/ Office
 Data
Protection
Source: Data Protection and Management Presentation by Prof. James Patrick Acang Office
 Data
Protection
Source: Data Protection and Management Presentation by Prof. James Patrick Acang Office
 Data
Protection
Source: https://www.pna.gov.ph/articles/1166375 Office
 Data
Protection
Image Source: PSITE DPO Training Participant Guide Office
 Data
Protection
Image source: https://www.privacy.gov.ph/
Office
 Data Privacy Act of 2012
RA 10173 assures the “free flow of
information to promote innovation and
growth” (Republic Act No. 10173, Ch. 1, Sec. 2)
while protecting the user’s fundamental rights
to privacy.
Data
Protection
Office
 Data Privacy Act of 2012
RA 10173 provides standards that
regulate the collection, handling and
disposal of all personal information.

Data
Protection
Office
 CLASSIFICATON OF PERSONALLY IDENTIFIABLE INFORMATION
PERSONAL INFORMATION SENSITIVE PERSONAL INFORMATION PRIVILEGED INFORMATION
PI (List based on IRR)
SPI (List based on Rules of Court)
Name Race, Color and Ethnic origin Data received within the context of a
Address Marital status protected relationship – husband and
wife
Place of work Age
Telephone Number Health Data received within the context of a
protected relationship – attorney and
Gender Philosophical affiliation
client
Location of an individual at a particular Religious and Political affiliation Data received within the context of a
time protected relationship – priest and
penitent
IP Address Education
Birthdate and Birthplace Genetics and sexual life
Country of citizenship Proceeding for any offense committed Data received within the context of a
or alleged to have been committed, protected relationship – doctor and
Payroll and benefits information
the disposal of such proceedings, the patient
Contact information sentence of any court in such
proceedings Source: Data Protection and Management Presentation by Prof. James Patrick Acang
 Scope of Data Privacy Act
RA 10173 applies to the processing
personal data by any natural and
juridical person in government or private
sector, in the country and even abroad,
subject to certain qualifications.
Data
Protection
Office
 Exceptions to the DPA
1. PI processed for allowing public
access to information that fall within
matters of public concern.
2. PI processed for journalistic, artistic
or literary purpose intended for a
public benefit. Data
Protection
Office
 Exceptions to the DPA
3. PI that is processed for research
purpose intended for public benefit.
4. Info that is needed to carry out
functions of public authority (legal
authorities, law enforcement).
Data
Protection
Office
 Data Privacy Principles
Transparency

Legitimate Purpose

Proportionality

Data
Source: Data Protection and Management Presentation by Prof. James Patrick Acang
Protection
Office
 Data
Protection
Source: Data Protection and Management Presentation by Prof. James Patrick Acang Office
 Data
Protection
Source: Data Protection and Management Presentation by Prof. James Patrick Acang Office
 Data
Protection
Source: Data Protection and Management Presentation by Prof. James Patrick Acang Office
 Data
Protection
Image source: https://www.dreamstime.com/stock-photo-know-your-rights-concept-render-illustration-title-legal-documents-image66412116
Office
 Data
Protection
Source: Data Protection and Management Presentation by Prof. James Patrick Acang Office
 Data
Protection
Source: Data Protection and Management Presentation by Prof. James Patrick Acang Office
 Data
Protection
Source: Data Protection and Management Presentation by Prof. James Patrick Acang Office
 Personal Data Life Cycle

Acquisition/ Transfer / Retention /

Storage Use
Collection Share Destruction

Retention/Disposal should be based on:

1. Law
2. Industry Best Practice
3. Business Needs

Data
Protection
Source: Data Protection and Management Presentation by Prof. James Patrick Acang Office
Example of Improper Data Disposal

Data
Protection
Source: Data Protection and Management Presentation by Prof. James Patrick Acang Office
In Conclusion:
• Data Privacy is a serious concern today.
• Your data is a valuable asset that should be
protected, like any other property that you own.
• The Data Privacy Act is intended to protect us, not
to inconvenience us.
• Be sensible NOT paranoid.
• Know your rights. When in doubt, ask questions.
“If someone steals
your password, you
can change it. But if
someone steals your
thumbprint, you can’t Bruce Schneir
Renowned cryptographer,
get a new thumb.” public-interest technologist,
lecturer of Harvard University
Image source: https://www.oecd-forum.org/users/332166-bruce-schneier