ICT Literacy and Competency Development Bureau Program of Instruction

Course Code: ILCDB_R2_GDPP_74

Implementing Agency: DICT Region 02 ‐ Isabela Provincial Office
Course Title: Data Privacy Protection
Date and Time of Conduct: Oct. 23‐27, 2023 | 1:00 pm to 5:00 pm
Training Platform: Online | Zoom Meeting
Target Participants: Government Workforce

Rationale:

The declaration of Republic Act 10173 protects the fundamental human right of privacy of
communication while ensuring the free flow of information to promote innovation and
growth. The State recognizes the vital role of information and communications technology in
nation‐building and its inherent obligation to ensure that personal information in information
and communications systems in the government and in the private sector are secured and
protected.

Republic Act 10844, identifies the power and responsibilities of the Department of Information
and Communications Technology (DICT) and under its Section 2 has listed down the policy
of the state or government related to Data Privacy, namely:

1. To ensure the rights of individuals to privacy and confidentiality of their personal information;
2. To ensure the security of critical ICT infrastructures including information assets of the government,
individuals, and businesses; and
3. To provide oversight over agencies governing and regulating the ICT sector and ensure consumer
protection and welfare, data privacy and security, foster competition, and the growth of the ICT sector.

Under section 6, Consumer Protection and Industry Development, the Department shall
exercise the following powers and functions:

1. Ensure and protect the rights and welfare of consumers and business users to privacy, security, and
confidentiality in matters relating to ICT, in coordination with agencies concerned, the private sector,
and relevant international bodies.

Description:

The Data Privacy Protection training is an online learning to enable the person or entity, which
are mandated to be accountable and responsible in the implementation of R.A. 10173 – Data
Privacy Act of 2012, to understand, decide, and act on the rules and standards of data privacy
protection and personal information security.

The implementation rules and regulation of R.A. 10173, Data Privacy Act of 2012, in particular
Rule VI. Security Measures for the Protection of Personal Data has identified the protection
requirements that the Personal Information Controller and Processor are obligated to execute
in order to provide evidence that the privacy of the personal information will not be violated
in the information and communication system of government agencies and private
organizations.

The training on data privacy protection identifies and elaborates the knowledge, skills, and
attitudes that make the Personal Information Controller and Processor achieve the following
objectives of R.A. 10173 – implementing rules and regulations.
1. Mitigate data privacy violations
2. Organize data privacy governance and oversight
3. Apply the principles of privacy protection in the data processing system

Department of Information and Communications Technology ‐ Region 02

02 Bagay Road, San Gabriel Village, Tuguegarao City, Cagayan 3500
region2@dict.gov.ph | www.dict.gov.ph
4. Enable the process for the exercise of data privacy rights
5. Conduct privacy and security risk assessment and define security level requirements
6. Implement security measures to protect personal information and sensitive personal information
7. Manage breach and information security incident
8. Privacy by design and by default information processing system
9. Ensure data privacy and information security in supplier relationship
10. Observe the registration and report requirements of compliance

The learning process involves the use of existing rules, regulations, and issuance related to
R.A. 10173 implementation, and the globally cited and accepted standards in order to establish
the underpinning knowledge to plan‐do‐check‐act the management of data privacy and
information security.

The online instruction provides the presentation and demonstration of how to understand and
act on the obligations of protecting the individual’s personal information in the information
and communication system of the government and private sector. The learning engagement
elicits, elaborates, analyzes, and documents the valid, verifiable, acceptable, and actionable
normative references of performance.

Methodology:

The course is composed of comprehensive lectures that will be conducted Online via Zoom
meetings.

Modality No. of days No. of hours/day Total training hours

Online 5 4 20

Post‐evaluation forms will be given to the participants. These will serve as the basis for
evaluating: 1) a change in the level of knowledge of the participants; 2) the effectiveness of the
training; 3) the conduciveness of the platforms used, and 4) the efficiency of the instructor.

A Certificate of Participation will be issued to participants who have attended at least 80% of
the total duration of the seminar and submit the training workshop requirements.

A Certificate of Attendance will be given to those who have attended at least 80% of the total
training hours and failed to submit the training workshop requirements.

Target Participants:

Target participants for Digital Workforce Training are for Government Workforce only who
are obligated by the data privacy rules to be accountable and responsible for:

1. Data privacy and information security governance

2. Registry of personal data and information system asset
3. Privacy impact assessment and information security risk management
4. Data Privacy and information security policies
5. Privacy and information security management system
6. Breach and security incident management
7. Privacy and security complaint and concern handling
8. Privacy and security in supplier relationship
9. Awareness training on data privacy and personal information security
10. Compliance reporting and registration

Department of Information and Communications Technology ‐ Region 02

02 Bagay Road, San Gabriel Village, Tuguegarao City, Cagayan 3500
region2@dict.gov.ph | www.dict.gov.ph
Resource Requirements:

A. MANPOWER
● Course Resource Person
● Facilities Assistant / Technical Support

B. FACILITIES/ EQUIPMENT
● Laptops / Desktops with Browsers Mozilla Firefox, Microsoft Edge, or Google Chrome
● Stable Internet Connection
● Headphones
C. MATERIALS
● Visual Presentations
● Registration Materials ‐ Training Attendance Sheet
● Evaluation and Completion Materials including the following:
 Evaluation Form
· Certificates (Attendance and Participation)
· Certificate of Appreciation for the Resource Person

Detailed Course Outline:

Module Instructional
Topics or Module/s:
Number Materials

1. R.A. 10173 ‐ Data Privacy Act of 2012 – Goals,

Objectives, Roles, Accountability and Responsibility
1.1. R.A. 10173 Statutory Goals and Directives to Protect
the Individual’s Personal Information in Government and
1 Private Sector
1.2. Role, Accountability, Responsibility and Competency
Matrix of Data Privacy Protection
1.3. Rules and Standards of Data Privacy Act of 2012
Implementation

2. Global Practice Standards to Guide the

Implementation of R.A. 10173 – Data Privacy Act of 2012 PowerPoint
2.1. The Mandated Control Objectives and Compliance Presentation/ Lecture
2 Evidence of the Data Privacy Act of 2012 Modules/
2.2. The Normative References on Data Privacy Principles Demonstrations
and Data Privacy Management
2.3. The Normative References on Information Security
Principles and Information Security Management

3. Data Privacy and Information Security Risks

Management
3.1. Management Framework of Information Security and
3 Data Privacy
3.2. Information and Communication System Registry and
Risk Criteria
3.3. Privacy Impact Assessment Policy, Requirement,
Responsibility, Process, and Tools

Department of Information and Communications Technology ‐ Region 02

02 Bagay Road, San Gabriel Village, Tuguegarao City, Cagayan 3500
region2@dict.gov.ph | www.dict.gov.ph
 4. Data Privacy and Security Control Policies
4.1. Data Privacy and Security Policies Development Process
4.2. Create Data Privacy Policies on Governance; Privacy
Right Process; Information System Privacy by Design‐By
4 Default; Supplier Relationship; Complaint Handling and
Breach Management
4.3. Create Information Security Policies to Assure
Confidentiality, Integrity, and Availability of Personal
Information

5. Breach and Security Incident Management

5.1. Privacy Management Capability Framework and
Security Incident Management Standards
5 5.2. Create a Security Incident Management Policy and set
up the Breach Incident Response Team
5.3. Security Operation Center of Security Incident
Identification, Protection, Detection, Response, and Recovery

Expected Output:

At the end of the webinar, successful participants will be able to:

 Perform the oversight responsibilities as identified in NPC Advisory 2017‐01;

 Implement the obligation to protect personal data in government as outlined in NPC
Circular 16‐01;
 Create the inventory of information assets and register the information system
associated with personal data processing as required by R.A. 10173 ‐ Rule XI;
 Conduct the privacy impact assessment of the filing system, information, and
communication system, automation program, and project of the organization based on
NPC Advisory 2017‐03;
 Formulate the data privacy and security policies that mitigate both privacy and
security risks based on the privacy impact assessment report and the guidance
provided by R.A. 10173 IRR Rule VI;
 Create the privacy management program and manual on data privacy protection
guided by R.A. 10173 implementing rules and regulations, and globally recognized
practice standards;
 Create a security incident management system to support the handling of data
breaches and other security incidents associated with violation of data privacy;
 Create procedures to handle data privacy complaints and compliance reporting;
 Create the requirements to guide the information system development that is privacy
by design and by default; and
 Create the training plan for the whole‐of‐agency awareness and training on data
privacy and information security.

Department of Information and Communications Technology ‐ Region 02

02 Bagay Road, San Gabriel Village, Tuguegarao City, Cagayan 3500
region2@dict.gov.ph | www.dict.gov.ph
 Budgetary Requirements:
Item Description Total
Resource Person Honoraria
1 24,000.00
1200/hr * 4hrs * 5days
Total Php 24,000.00

Prepared by:
Digitally signed by
Sagaydoro Sheryl
Nacino
SHERYL N. SAGAYDORO
ILCDB, Project Development Officer II

Noted by:
Digitally signed by
Gazzingan Cirilo Jr
Nacino

CIRILO N. GAZZINGAN, JR.

Provincial Officer

Recommending Approval:
Digitally signed by
Gomez Magdalena
Dacuycuy

Engr. MAGDALENA D. GOMEZ

OIC Chief, Technical Operations Division

Approved by:
Digitally signed by
Jimenez Pinky
Tumaliuan

Engr. PINKY T. JIMENEZ, PECE, Ph.D.

Regional Director

Department of Information and Communications Technology ‐ Region 02

02 Bagay Road, San Gabriel Village, Tuguegarao City, Cagayan 3500
region2@dict.gov.ph | www.dict.gov.ph