CCTV Requirements

TESDA-QP-02-F02
Rev. No.00-03/01/17
TECHNICAL EDUCATION AND SKILLS DEVELOPMENT AUTHORITY

CALABARZON REGION
East Service Road, South Luzon Expressway, Taguig City, Metro Manila, Philippines
S, Trunk lines: (02) 697-4342 1697-5666 / 697-2407 Se Telefax No.: (02) 815-3553
VVebsite: http://www.tesdacalabarzon.com
DOCUMENT TRACKING SLIP

Doc. Control No.: RO4A-20-01059 Cross-Reference No/s:
Subject: GUIDELINES ON THE INSTITUTIONALIZATION AND UTILIZATION OF CCTV RECORDINGS FOR PURPOSES
OF MAINTAINING THE INTEGRITY OF THE CONDUCT OF ASSESSMENT AND CERTIFICATION PROGRAMS
AND COMPLAINCE AUDITS
Origin of Documents: Office of the Director General (ODG) Date/Record: 7/29/2020
To (Recipient):
Ben-Hur (Cavite) Rizal (PTC Rosario) [Cs Lone (PTC Paliparan)
1
,7 AL (Laguna) . Cristeta (JZGMSAT)
17 Re Francis (PTC Calauan)
±9- Rhose (Batangas) 1..7 Gerry (RTC Batangas) 107

. Gerry (RTC Batangas)
gr" Zory (Rizal) •P Julius (PTC Binangonan) 17 Verge I (PTC Cainta)
Fi Irene ( PTC Taytay)
Gerry (Quezon) ‘ Lizza (BPTI)

17 P Ceferino (ONAS)
17
. Yen (ROD) P Milet (FASD) r Others:
Action Required: 17 For Information For Appropriate Action, please I— For File
Remarks! Instructions:
Signature:
Responsible Unit / IN aor

Date Time Action Taken / Remarks Date Time Signature
Personnel
Instruction: Responsible Unit/Personnel taking final action must return this slip with a copy of the documented action, e.g., letter, memo, etc.
(if applicable) to the Regional/ Provincial Records Controller immediately, guided by the required 10-day response time.
TESDA CIRCULAR .30
, 0 TECHNICAL EDULATION AND SX:LI.S DEW LC/ML,
tHOKITY (REGION IV-A)
SUBJECT: Guidelines on the institutionalization and
utilization of CCTV recordings for purposes of
maintaining the integrity of the conduct of
assessment and certification programs and
compliance audits aOtlicsf2eu
Date Issued: Effectivity:
July 20 2020 As Indicated
References:
Republic Act No. 10173 otherwise known as "Data Privacy Act of 2012", and its
pertinent Implementing Rules and Regulations (IRR);
National Privacy Commission Circular No. 16-03 series of 2016 or the Personal
Data Breach Management;
TESDA Circular No. 64, series of 2020, or the Accreditation of Assessment
Centers and Competency Assessors under the Philippine TVET Competency
Assessment and Certification System (PTCACS);
TESDA Memorandum No. 032, series of 2020 with subject TESDA Directions for
CY 2020;
TESDA Legal Division Memorandum No. 05-20119, series of 2020 with subject
Legal Implications on the submission of CCTV Footages;
TESDA Legal Division Memorandum No. 05-20143 and 06-20203, series of 2020
with subject TESDA Circular re Institutionalization and Utilization of Closed-Circuit
Television (CCTV);
TESDA Circular No. 134, series of 2019, or the Strengthening of Section 14,
Sanctions and Penalties of Guidelines on Assessment and Certification under the
Philippine TVET Competency Assessment and Certification System;
TESDA Data Privacy Manual (TESDA- DPA-01) issued on June 3, 2020.
In the interest of the service and in support to the Agency's continuous efforts
to provide quality assured Assessment and Certification programs, the following policy
and procedures on the prescribed use and maintenance of CCTV of accredited
Assessment Centers (ACs) are hereby issued
I. BACKGROUND AND RATIONALE
Pursuant to section 5.1 (k) of TESDA Circular No. 64, series of 2020, or the
Accreditation of Assessment Centers and Competency Assessors under the
Philippine TVET Competency Assessment and Certification System (PTCACS) it
requires ACs among others to install a functional CCTV camera before they can be
accredited. As a matter of fact, TESDA requires all Accredited ACs to install CCTV
inside the assessment room.
Following the approval of the Revised Operating Procedures on Compliance

Audit — Assessment and Certification (TESDA-OP-IAS-02), one way to generate
and validate information during compliance audit is to require the Assessment
Centers (ACs) to present the CCTV footages recording of its actual conduct of
competency assessments.
It must be observed that the CCTV recordings are considered personal

information because the visual images captured by CCTVs can be used to identify
people. (Pursuant to Section 3 (g) of the Data Privacy Act of 2012).
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. jlis Series 2020
assessment and certification programs and Page 2 of 20 pages
compliance audits
Date Issued: Effectivity: Supersedes:
July 20, 2020 As Indicated
Based on the aforecited law, a CCTV recording may only be processed for a
legitimate purpose. TESDA finds its justification that the CCTV recording is for
purposes of maintaining the integrity of assessment and certification programs of
the agency solely used for validation during conduct of compliance audit.
This, in effect, prompts the need to issue guidelines that will set forth the policy
or procedure that must be followed from the time the CCTV footages were obtained
until they are presented to TESDA for validation.
II. OBJECTIVES
To provide and establish the standards, guidelines, processes, and procedures

to be strictly followed and observed by all TESDA Accredited ACs in the
institutionalization and utilization of Closed-Circuit Television (CCTV) system.
The objectives of the CCTV Policy are to:

Protect the integrity of the assessment and certification process.
Ensure the assessment and certification process are strictly observed.
Support the TESDA Internal Audit Service, Regional Offices and
Provincial Offices in a bid to deter and detect non-compliance, by
providing evidence in support of an audit or inquiry.
III. SCOPE / COVERAGE
CCTV monitoring and recording systems will only be installed in or on the

Assessment Center's property after the same has been reviewed and approved by
TESDA Inspection Team.
The CCTV system comprises a number of fixed and fully functional cameras
located in the Assessment Center's building or perimeter. These shall be monitored
by the AC Manager or its designated Authorized User.
IV. DEFINITION OF TERMS
Authorized Users - refers to a personnel assigned in the AC who is/are

responsible and authorized by the AC Manager in the operation of the CCTV
system;
Closed Circuit Television (CCTV) - is a video surveillance camera that is installed

practically everywhere for the security and safety of everyone. It also captures
images of individuals or information relating to individuals. If the camera
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. jgg Series 2020
compliance audits
Date Issued: { Effectivity: Supersedes:
July 20, 2020 I As Indicated
surveillance footage is of good quality, a person with the necessary knowledge

will be able to reasonably ascertain the identity of an individual from the footage;
Consent of the data subject - refers to any freely given, specific, informed
indication of will, whereby the data subject agrees to the collection and
processing of his or her personal, sensitive personal, or privileged information.
Consent shall be evidenced by written, electronic or recorded means. It may also
be given on behalf of a data subject by a lawful representative or an agent
specifically authorized by the data subject to do so;
Data Repository - refers to the designated area wherein all archived video
footage shall be stored/kept;
Data subject - refers to an individual whose personal, sensitive personal, or

privileged information is processed;
Data processing systems - refers to the structure and procedure by which

personal data is collected and further processed in an information and
communications system or relevant filing system, including the purpose and
intended output of the processing;
Data sharing - is the disclosure or transfer to a third party of personal data under
the custody of a personal information controller or personal information
processor. In the case of the latter, such disclosure or transfer must have been
upon the instructions of the personal information controller concerned. The term
excludes outsourcing, or the disclosure or transfer of personal data by a personal
information controller to a personal information processor;
Digital Video Recorder (DVR) — refers to a consumer electronics device or

application software that records video in a digital format to a disk drive, USB
flash drive, SD memory card, SSD or other local or networked mass storage
device;
File Naming Convention - refers to a convention (generally agreed scheme) for

naming things. It is a framework for naming your files in a way that describes
what they contain and how they relate to other files;
Filing system - refers to any set of information relating to natural or juridical

persons to the extent that, although the information is not processed by
equipment operating automatically in response to instructions given for that
purpose, the set is structured, either by reference to individuals or by reference
to criteria relating to individuals, in such a way that specific information relating
to a particular individual is readily accessible;
Information and communications system - refers to a system for generating,

sending, receiving, storing, or otherwise processing electronic data messages or
electronic documents, and includes the computer system or other similar device
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. Issi Series 2020
compliance audits
by which data is recorded, transmitted, or stored, and any procedure related to

the recording, transmission, or storage of electronic data, electronic message, or
electronic document;
I) Live feed — refers to the broadcast of sound or video over the internet from a live
(not recorded) source;
Live streaming — refers to the delivery of video and/or audio data to an audience
over the Internet simultaneously recorded and broadcast it in real time as the
data is created;
Personal data - refers to all types of personal information;
Personal data breach - refers to a breach of security leading to the accidental or

unlawful destruction, loss, alteration, unauthorized disclosure of, or access to,
personal data transmitted, stored, or otherwise processed;
Personal information - refers to any information, whether recorded in a material

form or not, from which the identity of an individual is apparent or can be
reasonably and directly ascertained by the entity holding the information, or when
put together with other information would directly and certainly identify an
individual;
Personal information controller - refers to a natural or juridical person, or any

other body who controls the processing of personal data, or instructs another to
process personal data on its behalf. There is control if the natural or juridical
person or any other body decides on what information is collected, or the purpose
or extent of its processing;
Personal information processor - refers to any natural or juridical person or any

other body to whom a personal information controller may outsource or instruct
the processing of personal data pertaining to a data subject;
Processing - refers to any operation or any set of operations performed upon

personal data including, but not limited to, the collection, recording, organization,
storage, updating or modification, retrieval, consultation, use, consolidation,
blocking, erasure or destruction of data. Processing may be performed through
automated means, or manual processing, if the personal data are contained or
are intended to be contained in a filing system;
Security incident - is an event or occurrence that affects or tends to affect data

protection, or may compromise the availability, integrity and confidentiality of
personal data. It includes incidents that would result to a personal data breach,
if not for safeguards that have been put in place;
Storage Media - is any technology (including devices and materials) used to

place, keep and retrieve electronic data. It refers to a physical device or
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. la Series 2020
compliance audits
component in a computing system that receives and retains information e.g. data
disks.
Television Line (WU - is a specification of an analog camera's or monitors

horizontal resolution power. It is alternatively known as Lines of Horizontal
Resolution (LoHR} or lines of resolution. The TVL is one of the most important
resolution measures in a video system.
Video Footage — refers to all recorded data captured by any CCTV installed at
any accredited ACs.
V. OPERATION OF THE CCTV SYSTEM
For purposes of identifying the requisite requirements and relevant references

in the implementation of this Circular, the following are specific guidelines that
applies to all accredited Assessment Centers (ACs):
5.1. Coverage Areas for Camera Placement

5.1.1. Minimum Coverage: the following areas are required to be covered
strategically by CCTV cameras:
Workstations/workshops; and
Supplies, Materials and Equipment Storage Room.
5.1.2. Controlled Camera Placements - camera installations in the following

area on a controlled/specified basis:
Assessment area/room; and
Waiting area/room.
5.1.3. Restricted Camera Placements -the following areas are prohibited to

be covered by cameras:
a) Comfort Rooms and places where there is reasonable expectation
of privacy. Unless, with respect to the latter, the consent of the
individual, whose right to privacy would be affected was obtained.
5.2. Management of the system

5.2.1. The CCTV operating system will be administered and managed by the
AC.
5.2.2. The video quality shall adhere with the minimum standards specification
provided under the TESDA Circular on the Revised Guidelines on the
Accreditation of Assessment Centers and Competency Assessors under
the Philippine WET Competency Assessment and Certification System
(PTCACS). Hence, each unit installed must have appropriate sensitivity
TESDA CIRCULAR
I SUBJECT: Guidelines on the institutionalization and
utilization of CCTV recordings for purposes of No. q Series 2020
compliance audits
factor to illuminate the area and without visual obstruction to the

coverage.
Further, cameras must be capable for audio recording. It may either have
a built-in microphone on the camera or an audio-input connector to
connect an add-on microphone.
This requirement shall be fulfilled by the AC and must be validated by

the TESDA Inspection Team during the accreditation process.
Existing CCTV System of all ACs prior to the effectivity of this Circular
shall abide with the standards set under the TESDA Circular on the
Revised Guidelines on the Accreditation of Assessment Centers and
Competency Assessors under the Philippine WET Competency
Assessment and Certification System (PTCACS) in addition of audio
recording capability of CCTV cameras. A verification process shall be
performed by the respective TESDA Provincial/District Offices to certify
the adherence to these standards.
5.2.3. The day-to-day management will be the responsibility of the AC during

the working week, outside normal hours and on weekends.
5.2.4. All cameras are monitored on the respective site where they operate,
through the display monitor and DVR. It is highly recommended to keep
the DVR inside a locked compartment to avoid intrusion, destruction or
unauthorized access thereof
5.2.5. The CCTV system will be operated on a number of hours a day on the
AC's discretion. However, the AC must in all cases record the entire
duration of every conduct of competency assessment.
The ACs shall assume full responsibility in complying with the Data
Privacy Act requirement on the collection, processing, retention, and
disposal of personal data under their custody.
5.2.6. Warning/notification signs will be prominently placed in all areas covered

by the AC's CCTV cameras for purposes of notifying data subjects
(candidates/assessors) of the AC's need of their consent.
The AC Manager or its representative must inform and clearly notify the
data subjects, through a notice that the establishment is being monitored
by a CCTV camera. Likewise, it must state how the data is being
collected and its definite purpose for installing such equipment, as well
as the relevance of the footages to be obtained in achieving the specified
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. jay Series 2020
compliance audits
purpose of the recording. (Appendix A — Suggested CCTV Privacy

Notice)
5.3. System Control - Monitoring procedures

5.3.1. On a regular basis the system will be checked by the AC
Manager/Authorized User to confirm the efficiency of the system,
ensuring that:
5.3.1.1. The cameras are fully functional
5.3.1.2. The equipment is properly recording
5.3.2. Access to the CCTV System shall be made any time provided that such
access shall be strictly limited to the following:
AC Manager/Authorized User
Personal Information Controller of TESDA POs
TESDA Regional Directors and Provincial Directors
TESDA Internal Audit Service (IAS) Director and Auditors
TESDA Designated Auditors for the conduct of Compliance
Audits.
Unauthorized persons are not permitted to view live or pre-recorded

footage.
5.3.3. Personal information, Materials or knowledge secured as a result of the

CCTV recording will not be used for any commercial purpose.
5.3.4. Guidelines for Technical Security Measures
Personal information controllers and personal information processors

shall adopt and establish the following technical security measures:
5.3.4.1. A security policy with respect to the processing of personal
data;
5.3.4.2. Safeguards to protect their computer network against

accidental, unlawful or unauthorized usage, any interference
which will affect data integrity or hinder the functioning or
availability of the system, and unauthorized access through
an electronic network;
5.3.4.3. The ability to ensure and maintain the confidentiality,

integrity, availability, and resilience of their processing
systems and services;
5.3.4.4. Regular monitoring for security breaches, and a process

both for identifying and accessing reasonably foreseeable
vulnerabilities in their computer networks, and for taking
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. .(2y4 Series 2020
compliance audits
Date Issued. Effectivity: Supersedes:
preventive, corrective, and mitigating action against security

incidents that can lead to a personal data breach;
5.3.4.5. The ability to restore the availability and access to personal

data in a timely manner in the event of a physical or technical
incident;
5.3.4.6. A process for regularly testing, assessing, and evaluating

the effectiveness of security measures;
5.3.4.7. Encryption of personal data during storage, authentication

process, and other technical security measures that control
and limit access.
5.4. Exemptions
The CCTV system is designed to ensure maximum effectiveness and
efficiency in the conduct of competency assessment and certification programs,
but it is not possible to guarantee that the system will cover or detect every
single incident taking place in the areas of coverage.
VI. GENERAL PROCEDURES IN THE COLLECTION/RECORDING,

PROCESSING, RETENTION AND DISPOSAL
Pursuant to Section 19 of the IRR of the Data Privacy Act of 2012, the collection,
processing, and retention of personal data shall adhere to the following:
6.1 Collection/Recording
6.1.1. Consent from the data subject must be required prior to the collection
and processing of personal data (Appendix B - Suggested Consent
Form). The attached Consent Form (Appendix B) is a modified version
of the consent form as required in Appendix B (TESDA Consent
Agreement Form -- TESDA-DPA Form 2) of the TESDA Data Privacy
Manual.
Consent Form must be accomplished in two copies (AC Copy and

TESDA Copy). Consent forms will be accomplished by the assessment
candidates at the time of their application for assessment while Consent
Form of the designated Assessor will be accomplished together with
his/her acceptance of the Letter of Appointment (TESDA-OP-00-05-
F28). TESDA Copy of consent forms must be submitted by the AC to
TESDA Provincial/District Offices for proper safekeeping.
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. j22.4 Series 2020
compliance audits
6.1.2. During Competency Assessment, the Assessor shall include in its

conduct of orientation to the assessment candidates the information that
their personal data will be collected, processed, retained, and disposed
of pursuant to the Data Privacy Act.
6.1.3. Consent given by the data subject may be withdrawn
6.1.4. Only personal data that is necessary and compatible with declared,
specified, and legitimate purpose shall be collected.
6.1.5. The accomplished AC copy of consent forms must be filed and retained
at the Assessment Center.
6.1.6. In view of Section 11 of the Data Privacy Act of 2012 (RA 10173), the
Personal Information Controller justifies the use of a CCTV Camera
system for the purposes of verification of AC's strict adherence to the
assessment and certification process including validation during
compliance audit.
6.2 Processing
6.2.1. Live feed or recorded data will only be released regularly to TESDA
COROPODO in respect to: (1) live stream the actual conduct of
competency assessment; (2) conduct of monitoring activities by TESDA
in ACs and, (3) conduct of Compliance Audit. Recorded data will never
be released for other intents or purposes.
6.2.2. Processing for a distinct activity that is not compatible with the original
reason for which cameras were installed will only be done if prior notice
is given and the consent of the data subject is obtained.
6.2.3. The recognizable images captured by the cameras will be processed in

an adequate, and relevant manner only for the purposes stated under
Section II of this Circular.
6.3 Retention and Disposal
6.3.1. Personal Data shall not be retained longer than necessary: for the
fulfillment of the declared, specified, and legitimate purpose, or when the
processing relevant to the purpose has been terminated
6.3.2. Personal data shall be disposed or discarded in a secure manner that

would prevent further processing, unauthorized access, or disclosure to
any other party or the public, or prejudice the interests of the data
subjects
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. la Series 2020
compliance audits
Date Issued: I Effectivity: Supersedes:
July 20, 2020 I As Indicated
6.3.3 The following are types of Data Destruction techniques which the AC
may either use:
Data wiping
Data wiping involves overwriting data from an electronic medium

so that the data can no longer be read. Data wiping is normally
accomplished by physically connecting the storage media to a
bulk wiping device. It can also be accomplished internally by
starting a PC from a network or CD. As a process, it allows the
reuse of any media wiped without losing storage capacity.
Degaussing
Degaussing destroys computer data using a high-powered

magnet which disrupts the magnetic field of an electronic
medium. The disruption of the magnetic field destroys the data.
Degaussing can effectively and quickly destroy the data in a
device storing a large amount of information.
Physical Destruction
Physical destruction is an efficient way to destroy data. One of

physical destruction's best features is that it will give the highest
probability that data has been destroyed.
Shredding
Shredding may be the most secure and cost-effective way to

destroy electronic data in any storage media. Shredding reduces
electronic devices to pieces which guarantees that all data is
obliterated.
6.3.4. For every disposal/destruction performed by the AC of storage media

containing the CCTV footages of data subjects, a Data
Disposal/Destruction Form must be accomplished and filed by the AC.
(Appendix C — Suggested Data Disposal/Destruction Form)
6.3.5. The AC must also maintain a log of all storage media that have been
disposed of. The log should include the date, type of storage media, and
disposal/destruction method used.
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. ay Series 2020
compliance audits
VII. DIGITAL RECORDING PROCEDURES
7.1. Rules for the recording, viewing and/or disclosure of footages by the AC to
TESDA
7.1.1. Data recording and processing system at the AC level.
7.1.1.1. Recording is carried out on digital data apparatus (DVR) which

is located within the data repository of the AC.
ACs must always ensure that upon its request for the approval
of its schedule of conduct of competency assessment, the
installed CCTV system is functional and in good condition to
guarantee recording of the competency assessment
proceedings.
7.1.1.2. Audio recording is required.
7.1.1.3. Whenever applicable, the digital recorder is to synchronize

each audio recording made with the image recording to which
it relates.
7.1.1.4. The recording, viewing and/or disclosure of footages should be

limited to the following
Specific date of the conduct of competency assessment;
Particular time and duration of the data subjects in the

establishment; and,
If there are several CCTV cameras being operated, all

camera views of the camera positioned at the precise
location of the data subjects during the conduct of
competency assessment.
7.2. Rules for retention and disposal of data
7.2.1. All video footages recorded on any CCTV system installed at any ACs
shall be deemed property of the AC.
7.2.2. File naming convention of all video recordings shall indicate the
(1) qualification abbreviation, (2) date and time of assessment conduct,
(3) video file format.
, TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. mis Series 2020
compliance audits
Exam le:
Qualification
Date and Time
(4 letter abbreviation + Video file format
(MMddYYYY ioctoxx)
NC level)
Either:
Jan. 2, 2020 8:00am
Cookery NCII .flv ; .mpg;
to 5:00pm
.VOB ; or .AVI
COOKNCII 01022020 08to05 .fly
Sample Full Filename: COOKNal 01022020 08to05.11v
7.2.3. In order to maintain and preserve the integrity of the DVR, hard disks
used to record the conduct of competency assessments from the CCTV
cameras, the following procedures for their use and retention of data
must be strictly adhered to:
7.2.3.1. The DVR must be identified by a unique mark or serial number.

7.2.3.2. The DVR must be kept in a secure location with access
restricted to authorized users only.
7.2.4. Footage may be stored on data recorder hard drives (DVR) for up to 30
days.
7.2.5. Footages recorded from the DVR shall then be stored to data disks for
utilization during the process of monitoring and of validation during
conduct of compliance audits.
7.2.6. Data disks of footages shall be kept securely by the ACs and will be
retained for no longer than two (2) years.
7.2.7. After the data disks are kept for two (2) years, it shall be disposed of
securely by either method indicated in 6.3.3 of this Circular.
VIII. DATA SHARING
Data sharing between TESDA and accredited ACs shall be allowed by

operation of law as expressly required under the TESDA Circular on the Revised
Guidelines on the Accreditation of Assessment Centers and Competency
Assessors under the Philippine TVET Competency Assessment and Certification
System (PTCACS).
Further, data sharing shall adhere to the data privacy principles laid down in the
Data Privacy Act, its IRR, National Privacy Commission (NPC) Circulars, and all
applicable issuances of the NPC.
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. 23 Series 2020
compliance audits
Date Issued: I Effectivity: Supersedes:
8.1 Recorded footages of the proceedings on the conducted competency

assessment shall only be shared by the AC at the time of: (1) live stream the
actual conduct of competency assessment; (2) conduct of monitoring activities
by TESDA in ACs and, (3) conduct of Compliance Audit. The sharing shall be
limited only to authorized users granted viewing access.
8.2. The ACs shall assume full responsibility and accountability in the preservation
of the integrity of the assessment and certification process. The AC is
prohibited from sharing either directly or indirectly copies of the footages to
unauthorized persons. Otherwise, the AC shall be subjected to the sanctions
and penalties under Section XII of this Circular.
IX. ACCESS REQUESTS FROM DATA SUBJECTS
Data Subjects has the right to reasonable access to, upon demand, the
following:
Viewing access only on the contents of his or her personal data that were
processed;
Copy of a still/series of still images of their data. Provided, however, that
in case of personal data breach, security incident or an order from a court
of competent jurisdiction, the data subject may obtain a copy of the
footage. However, in either of those instances, other people's images
should be obscured and the consent of the Regional Office concerned
must be obtained before the data shall be released.
Names and addresses of recipients of the personal data;
Manner by which such data were processed;
Reasons for the disclosure of the personal data to recipients;
Date when his or her personal data concerning the data subject were last
accessed and monitored; and
The designation, name or identity, and address of the personal
information controller.
The limitation on the data subject's right is paramount to the protection of the
integrity of the assessment and certification process of TESDA.
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. 1:44 Series 2020
compliance audits
X. RESPONSIBILITY AND ACCOUNTABILITY
Personal
Information Responsibility Accountability
Controllers (PIC)
AC Manager Is the person primarily responsible for the overall A personal
supervision of the CCTV system installed within the AC. information controller
He/she is responsible for the monitoring, reviewing and shall be responsible
retrieval of footage and enforcement of these guidelines, for any personal data
He/she may designate an officer to supervise in his/her under its control or
behalf provided it is covered by an appointment order. custody, including
AC Authorized user in the AC is responsible in the operation information that have
of the CCTV systems Including the safekeeping/archiving been outsourced or
designated
of all recording relative to the conduct of competency transferred to a
authorized assessments. He/she will also be responsible for the personal information
user (1) physical maintenance of the cameras and for the ongoing processor or a third
software administration of the CCTV systems. party for processing,
Likewise, he/she shall immediately submit a report to the whether domestically
AC Manager and the TESDA PO in the event that an or internationally,
untoward incident is monitored for appropriate action. subject to cross-
TESDA Is responsible in the safekeeping/archiving of all border arrangement
submitted documents by the ACs relative to the conduct and cooperation.
personnel
of competency assessments.
designated Likewise, he/she shall immediately submit a report to (Pursuant to Section 50 of
as PIC his/her immediate supervisor in the event that an
the IRR on RA 10173
otherwise known as 'Data
(as enumerated untoward incident for appropriate action. Privacy Act of 2012")
under item 5.3.2)
Xl. BREACHES OF THE POLICY (INCLUDING BREACHES OF SECURITY) AND

SANCTIONS
Data breaches occurs when sensitive personal information or any other

information that may, under the circumstances, be used to enable identity fraud are
reasonably believed to have been acquired by an unauthorized person, and the
personal information controller believes that such unauthorized acquisition is likely to
give rise to a real risk of serious harm to any affected data subject.
Whenever data breaches arise, data breach management shall be carried out
in accordance to NPC Circular 16-03 dated 15 December 2016 s.2016 entitled
Personal Data Breach Management.
Thus, any breach of the Policy by the authorized users and/or any persons shall
be dealt with accordingly pursuant to Rule XIII, Sections 52 to 65 of the IRR on RA
10173 otherwise known as "Data Privacy Act of 2017.
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. lig Series 2020
compliance audits
XII. SANCTIONS AND PENALTIES
The Assessment Centers, Competency Assessors and the designated

Assessment Venues shall comply with the following:
12.1. Ensure that every conduct of competency assessment and its pertinent
footage is properly captured/recorded.
12.2. Safeguard / Ensure the confidentiality of all recorded footages relative to

the conduct of competency assessment.
12.3. Assume full responsibility in complying with the Data Privacy Act
requirement on the collection, processing, retention, and disposal of
personal data relevant to the conduct of assessment.
12.4. Notify TESDA of any change/event that directly or indirectly affects the
recording of the conduct of competency assessment in relation to the
conditions existing during or after conduct of competency assessment.
12.5. Sustain full compliance with all the provisions in this Circular.
Any violations of any of those enumerated above shall be a ground for

cancellation, revocation, and/or withdrawal of accreditation.
Under these guidelines, any Assessment Center, Competency Assessor and

designated Assessment Venue, shall be subjected to the following sanctions and
penalties, if found guilty of any of the offenses and/or violations stated above:
Revocation of the accreditation for the qualification and all other

existing accreditations
Perpetual disqualification to apply for accreditation/re-accreditation
Provided however, that no revocation or perpetual disqualification shall be

imposed unless the revocation process and proceedings provided under Section III
of TESDA Circular No. 134, series of 2019, otherwise known as Strengthening of
Section 14, Sanctions and Penalties of Guidelines on Assessment and Certification
under the Philippine WET Competency Assessment and Certification System have
been complied with.
XIII. COMPLIANCE AUDIT
The compliance audit process shall adhere to the procedures contained in the
Revised Operating Procedures on Compliance Audit (TESDA-OP-IAS-02). In
addition, compliance auditors must verify the following:
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. jigy Series 2020
compliance audits
13.1. Existence and consistency of all recordings retained by the ACs vis-a-
vis the list of approved assessment schedules or RWAC maintained at
the Provincial/District Office.
13.2. Presence and completeness of every recording filed to ascertain the

existence of the correct and valid footage recording vis-a-vis the filed
Consent Forms (Appendix B).
13.3. View the latest recording of the immediately preceding batch of conduct
of competency assessment and any other recording of prior conduct of
competency assessment.
13.4. Consistency and completeness of the Consent Forms and Data

Destruction forms filed at the AC vis-à-vis the list of approved
assessment schedules or RWAC.
TRANSITORY CLAUSE
All AC accreditation applications received starting August 2020 and onwards

shall immediately comply with the new guidelines and requirements stipulated in
this Circular.
All existing ACs with current accreditation prior to the issuance of this Circular
shall have a five-month period (August to December 2020) to comply with the
guidelines and requirements indicated in this Circular.
SEPARABILITY CLAUSE
If any of the provisions of this Circular is declared invalid, the remaining parts
not affected shall continue to be valid and operational.
EFFECTIVITY
This Circular takes effect immediately and supersedes any other issuance/s
inconsistent herewith.
SEC. IS RO S LAPENA, PhD, CSEE

Director General/Secretary
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. Uzi Series 2020
compliance audits
Date Issued Effectivity: Supersedes:
Appendix A
Suggested CCTV Privacy Notice
The following privacy notice is suggested:
CCTV Privacy Notice
For validation purposes by TESDA, this building and its surrounding premises are
monitored by a Closed Circuit Television (CCTV) cameras owned by the AC which
capture, record, and retain footages for a maximum of two (2) years, which
determine your identity, actions, and whereabouts.
By entering these premises, you agree to the capture, recording, processing, and
sharing of all information directly and indirectly obtained by CCTV cameras during
the whole duration of the conduct of Competency Assessment and Certification
program.
,
TESDA CIRCULAR
utilization of CCTV recordings for purposes of
No. oiti Series 2020
assessment and certification programs and
page 18 of 20 pages
compliance audits
Appendix B
CONSENT FORM
Relative to the strict implementation on the conduct of Assessment and Certification Program
of Technical Education and Skills Development Authority (TESDA), consent from the
Assessment Candidate and Assessor (the data subjects) is hereby required pursuant to RA
10173, Data Privacy Act of 2012 and its Implementing Rules and Regulations (IRR).
What information we collect and why _i•

The Assessment Center collects information from the assessment candidates and I
assessors (data subjects) through Closed Circuit Television (CCTV) cameras which capture
and record footages which determine your identity, actions, and whereabouts.
The information collected shall be processed by the Assessment Center and will be shared '
to TESDA solely for the following purposes:
Protect the integrity of the assessment and certification process.
Ensure the assessment and certification process are strictly observed.
Support the TESDA Internal Audit Service, Regional Offices and Provincial Offices
in a bid to deter and detect non-compliance, by providing evidence in support of an
audit or enquiry.
Also, the information collected shall be retained by the Assessment Center for a maximum
period of two (2) years from the date of recording and shall be destroyed or disposed of
thereafter.
How we share the information we collect
We share your information to TESDA through provision of viewing access in respect to: (1)
live stream the actual conduct of competency assessment; (2) conduct of monitoring
activities by TESDA in ACs and, (3) conduct of Compliance Audit of TESDA personnel. The
following are the authorized individuals that can access your personal information:
Assessment Center (AC) Manager
AC designated authorized user/PIC
TESDA Provincial/District designated Personal Information Controller (PIC)
TESDA Regional Directors and Provincial Directors
TESDA Internal Audit Service (IAS) Director and Auditors
TESDA Designated Auditors for the conduct of Compliance Audits
How you can access the information we collect
The data subject has the right to reasonable access to, upon demand, the following:
Viewing access only on the contents of his or her personal data that were processed;
Copy of a still/series of still images of their data. Provided, however, that in case of
personal data breach, security incident or an order from a court of competent
jurisdiction, the data subject may obtain a copy of the footage. However, in either of
, TES DA CIRCULAR
utilization of CCTV recordings for purposes of Series 2020
No.
compliance audits
Date Issued: I Effectivity Supersedes:
Appendix B
those instances, other people's images should be obscured and the consent of the
Regional Office concerned must be obtained before the data shall be released.
3 Names and addresses of recipients of the personal data;
4 Manner by which such data were processed:
5 Reasons for the disclosure of the personal data to recipients;
6. Date when his or her personal data concerning the data subject were last accessed
and monitored, and
7 The designation. name or identity, and address of the personal information
controller.
The candidate (data subject) has the following right in controlling the information collected:
Right to object — the right to object to the processing of his or her personal data,
including processing for direct marketing, automated processing or profiling.
Right to rectification —the right to dispute the inaccuracy or error in the personal data
and have the personal information controller correct it immediately and accordingly,
unless the request is vexatious or otherwise unreasonable.
Right to erasure or blocking — the right to suspend, withdraw or order the blocking,
removal or destruction of his or her personal data from the personal information
controller's filing system.
I hereby authorize (Name of Assessment Centerl and Technical Education and Skills
Development Authority (TESDA), to collect, process and share the data indicated herein
for the purposes stated above. I understand that my personal information is protected
by RA 10173, Data Privacy Act of 2012 and its Implementing Rules and Regulations
(IRR).
ISIGNATURE OVER PRINTED NAME OF CANDIDATEIASSESSOR1

Name of Assessment Candidate/Assessor (Data Subject)
Date
TESDA CIRCULAR
utilization of CCTV recordings for purposes of No. ori Series 2020
compliance audits
Appendix C
DATA DISPOSAL / DESTRUCTION FORM
PERSON PERFORMING DISPOSALIDESTRUCTION

Name: Title:
Name of AC: Address: Contact Number
STORAGE MEDIA INFORMATION
Media Type:
Classification: Data Backed Up: 0 Yes 0 No 0 Unknown

Back Up Location:
DISPOSAL / DESTRUCTION DETAILS

Method Used: 0 Data wiping 0 Degaussing 0 Physical Destruction 0 Shredding
Method Details:
Tool Used:
MEDIA DESTINATION
0 Internal Reuse 0 External Reuse 0 Recycling Facility 0 Other (specify in details area)
Details:
SIGNATURE
I attest that the information provided on this form is accurate to the best of my knowledge.
Signature: Date:

CCTV Requirements

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCTV Requirements

Uploaded by

Copyright:

Available Formats

TESDA-QP-02-F02

TECHNICAL EDUCATION AND SKILLS DEVELOPMENT AUTHORITY

DOCUMENT TRACKING SLIP

Origin of Documents: Office of the Director General (ODG) Date/Record: 7/29/2020

Ben-Hur (Cavite) Rizal (PTC Rosario) [Cs Lone (PTC Paliparan)

±9- Rhose (Batangas) 1..7 Gerry (RTC Batangas) 107

gr" Zory (Rizal) •P Julius (PTC Binangonan) 17 Verge I (PTC Cainta)

Fi Irene ( PTC Taytay)

Gerry (Quezon) ‘ Lizza (BPTI)

Responsible Unit / IN aor

I. BACKGROUND AND RATIONALE

Following the approval of the Revised Operating Procedures on Compliance

It must be observed that the CCTV recordings are considered personal

To provide and establish the standards, guidelines, processes, and procedures

The objectives of the CCTV Policy are to:

III. SCOPE / COVERAGE

CCTV monitoring and recording systems will only be installed in or on the

IV. DEFINITION OF TERMS

Authorized Users - refers to a personnel assigned in the AC who is/are

Closed Circuit Television (CCTV) - is a video surveillance camera that is installed

surveillance footage is of good quality, a person with the necessary knowledge

Data subject - refers to an individual whose personal, sensitive personal, or

Data processing systems - refers to the structure and procedure by which

Digital Video Recorder (DVR) — refers to a consumer electronics device or

File Naming Convention - refers to a convention (generally agreed scheme) for

Filing system - refers to any set of information relating to natural or juridical

Information and communications system - refers to a system for generating,

by which data is recorded, transmitted, or stored, and any procedure related to

Personal data - refers to all types of personal information;

Personal data breach - refers to a breach of security leading to the accidental or

Personal information - refers to any information, whether recorded in a material

Personal information controller - refers to a natural or juridical person, or any

Personal information processor - refers to any natural or juridical person or any

Processing - refers to any operation or any set of operations performed upon

Security incident - is an event or occurrence that affects or tends to affect data

Storage Media - is any technology (including devices and materials) used to

Television Line (WU - is a specification of an analog camera's or monitors

V. OPERATION OF THE CCTV SYSTEM

For purposes of identifying the requisite requirements and relevant references

5.1. Coverage Areas for Camera Placement

5.1.2. Controlled Camera Placements - camera installations in the following

5.1.3. Restricted Camera Placements -the following areas are prohibited to

5.2. Management of the system

factor to illuminate the area and without visual obstruction to the

This requirement shall be fulfilled by the AC and must be validated by

5.2.3. The day-to-day management will be the responsibility of the AC during

5.2.6. Warning/notification signs will be prominently placed in all areas covered

purpose of the recording. (Appendix A — Suggested CCTV Privacy

5.3. System Control - Monitoring procedures

Unauthorized persons are not permitted to view live or pre-recorded

5.3.3. Personal information, Materials or knowledge secured as a result of the

5.3.4. Guidelines for Technical Security Measures

Personal information controllers and personal information processors

5.3.4.2. Safeguards to protect their computer network against

5.3.4.3. The ability to ensure and maintain the confidentiality,

5.3.4.4. Regular monitoring for security breaches, and a process

preventive, corrective, and mitigating action against security

5.3.4.5. The ability to restore the availability and access to personal

5.3.4.6. A process for regularly testing, assessing, and evaluating

5.3.4.7. Encryption of personal data during storage, authentication

VI. GENERAL PROCEDURES IN THE COLLECTION/RECORDING,

Consent Form must be accomplished in two copies (AC Copy and

6.1.2. During Competency Assessment, the Assessor shall include in its