Scribd Logo
Upload

Welcome to Scribd!

  • 11 views

    Data Privacy Act of 2012

    Uploaded by

    Bianca Camille Cabali
    The document analyzes survey results from 116 respondents. It finds that the majority of respondents are: 21-30 years old (74.1%), female (61.2%), single (81.9%), have a bachelor's degree (99.1%), have 3 or fewer years of service (62.9%), and have attended 3 or fewer trainings (88.8%). It recommends the company improve making its data privacy policies publicly available and anonymizing or de-identifying personal data.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Data Privacy Act of 2012

    Uploaded by

    Bianca Camille Cabali
    11 views26 pages
    The document analyzes survey results from 116 respondents. It finds that the majority of respondents are: 21-30 years old (74.1%), female (61.2%), single (81.9%), have a bachelor's degree (99.1%), have 3 or fewer years of service (62.9%), and have attended 3 or fewer trainings (88.8%). It recommends the company improve making its data privacy policies publicly available and anonymizing or de-identifying personal data.

    Original Description:

    Original Title

    Data-Privacy-Act-of-2012

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document analyzes survey results from 116 respondents. It finds that the majority of respondents are: 21-30 years old (74.1%), female (61.2%), single (81.9%), have a bachelor's degree (99.1%), have 3 or fewer years of service (62.9%), and have attended 3 or fewer trainings (88.8%). It recommends the company improve making its data privacy policies publicly available and anonymizing or de-identifying personal data.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    11 views26 pages

    Data Privacy Act of 2012

    Uploaded by

    Bianca Camille Cabali
    The document analyzes survey results from 116 respondents. It finds that the majority of respondents are: 21-30 years old (74.1%), female (61.2%), single (81.9%), have a bachelor's degree (99.1%), have 3 or fewer years of service (62.9%), and have attended 3 or fewer trainings (88.8%). It recommends the company improve making its data privacy policies publicly available and anonymizing or de-identifying personal data.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 26

    VARIABLES N PERCENT CONCLUSION

    AGE
    21 - 30 years old 86 74.1
    Majority of the respondents are 21- 30 years
    41-50 years old 2 1.7 old

    51-60 years old 2 1.7


    SEX
    Female 71 61.2
    Majority of the repondents are female
    Male
    CIVIL STATUS

    Single 95 81.9
    Majority of the respondents are single
    Widow 1 0.90
    VARIABLES N PERCENT CONCLUSION
    JOB POSITION LEVEL
    Rank and File 69 59.5 Majority of the respondents are rank and file
    Top Level Management 7 6.0 employees.

    HIGHEST EDUCATIONAL
    ATTAINMENT
    Bachelor’s Degee 115 99.10 Majority of the respondents have gained
    Juris Doctorate 1 .90 Bachelor’s Degree.
    TOTAL YEARS IN SERVICE
    3 years and below 73 62.9
    Majority of the repondents are female
    7 - 9 Years 5 4.3
    NO. OF TRAININGS AND
    SEMINARS ATTENDED
    3 and Below 103 88.8
    Majority of the respondents have attended 3 and
    7-9 1 .90 below trainings and seminars
    DATA PRIVACY PRINCIPLES MEAN RANK CONCLUSION RECOMMENDATION

    Processing activities of the 1


    organization are kept track. 4.09 The “processing activities of The company may post the
    the organization are kept data privacy manual and
    Documents that sets out the track” is the most privacy notice inside the
    policies for the management of implemented. However, firm. It is not necessarily
    8 “documents that sets out needed that we have Data
    personal data available for 3.67
    public review. the policies for the Privacy Manual or Privacy
    management of personal Notice in our website, as
    data available for public long as the clients,
    review” needs more effort employees and visitors can
    Grand Mean to comply. see it, it’s okay.
    3.95
    CRITERIA FOR LAWFUL PROCESSING MEAN RANK CONCLUSION RECOMMENDATION
    OF PERSONAL INFORMATION
    • It is usually recommended
    Collection of personal data is for a that you physically cut out
    declared, specified and legitimate 4.19 1 identifiable 
    purpose. • The image software could
    The “collection of personal data is for black out the images so that
    a declared, specified and legitimate it will be unreadable.
    Personal data are anonymized or de- purpose” is the most implemented. • Consult with the
    3.78 14 However, “personal data are appropriate Institutional
    identified.
    anonymized or de-identified” needs Review Boards, data
    more effort to comply. stewards, stakeholders, and
    subject matter experts.
    Grand Mean 3.96 • They may also avail central
    data anonymization
    services.
    ORGANIZATIONAL SECURITY MEAN RANK CONCLUSION RECOMMENDATION
    Personal data processed
    through project/system under
    strict confidentiality if the 3.94 1 • They should have strategic
    personal data are not functions such as Hiring and
    intended for public disclosure. The “personal data Staffing Data Processing System,
    Inventory of processing 3.69 4 processed through Performance Management Data
    systems. project/system under strict Processing System, or Training and
    confidentiality if the Development Data Processing
    personal data are not System.
    intended for public • New employees should be
    disclosure” is the most acquainted with the privacy best
    implemented. However, practices as soon as possible. If
    “inventory of processing they regularly employ new staff,
    Grand Mean 3.83 systems needs” more effort they should consider setting up a
    to comply. brief privacy training program
    developed in conjunction with their
    DPO.
    PHYSICAL SECURITY MEAN RANK CONCLUSION RECOMMENDATION
    Clear definition of duties,
    responsibilities and
    schedule of the The “clear definition of
    individuals that will 3.94 1
    duties, responsibilities
    handle the personal data and schedule of the Firms should provide storage
    processing. individuals that will area even though it is a small
    handle the personal firm. They should have enough
    Limited physical access data processing” is the drawers for their paper files and
    with Data Center and 3.73 5 most implemented. documents and make sure that
    Storage area. However, “limited workstations shall provide
    physical access with privacy to anyone processing
    Data Center and Storage personal information.
    Area”needs more effort
    Grand Mean 3.83 to comply.
    TECHNICAL SECURITY MEAN RANK CONCLUSION RECOMMENDATION
    Security policy with respect to the
    processing of personal data. 3.91 1
    All personal data that are digitally
    processed whether it is at rest or 3.79 5 • They must hire an IT and IS professionals or
    in transit are encrypted consultants that will help the company to
    develop, implement, and manage strategic and
    secure technology solutions.
    The “Security policy with • An encryption expert will be able to help them
    respect to the processing of decide on the best tools to both suit their
    personal data”is the most individual requirements (e.g., cloud or onsite)
    implemented. However, “all and mitigate their concerns.
    personal data that are • There should also be processes for regular
    digitally processed whether it monitoring, incident response and reporting,
    is at rest or in transit are and harm mitigation protocols and regular
    Grand Mean 3.86 encrypted” needs more effort review of the breach management program.
    to comply. • All personal data must be encrypted, whether it
    is at rest or in transit and they should have
    regular monitoring for security breaches. Firms
    must use a data encryption software that will
    protect data and prevent from data breaches.
    PRINCIPLE OF ACCOUNTABILITY MEAN RANK CONCLUSION RECOMMENDATION
    Takes reasonable steps so that
    the information transferred will An organization must ask itself first
    be stored, used, disclosed and 3.72 1 The “takes reasonable steps whether it needs to transfer personal
    otherwise processed consistently so that the information data abroad at all. For instance, it may
    with the DPA of 2012. transferred will be stored, be able to achieve its objectives
    Transfers personal data to used, disclosed and without processing personal data at
    someone outside of the otherwise processed all, by anonymizing the data. The first
    Philippines with the individual 3.52 6 consistently with the DPA of and foremost thing is to do a thorough
    consents to the transfer 2012”is the most research about the receiver to whom
    implemented. However, they are planning to outsource the
    “transfers personal data to data they have. Assess the capability
    someone outside of the of the service provider in ensuring
    Philippines with the data security and data quality. A
    Grand Mean 3.59 individual consents to the reliable vendor would have an
    transfer” needs more effort excellent reputation for delivering
    to comply. good service and will be compliant to
    all security standards
    RIGHTS OF DATA SUBJECT MEAN RANK CONCLUSION RECOMMENDATION

    Security policy with respect to


    the processing of personal data. The “right to file a
    Right to object to the processing complaint if we are
    of our personal data, including 4.00 1 subject of a privacy
    violation or personal the DPO will have to develop a system
    processing for direct marketing, that works with others to assess and deal
    automated processing or data breach, or who
    profiling. are otherwise with data subjects (data subject response
    personally affected by system). This system must record the
    a violation of the time of the response, the unit or the
    Right to file a complaint if we are DPA”is the most individual responding to the application
    subject of a privacy violation or implemented.
    However, “right to file and an explanation of the response. If the
    personal data breach, or who are 3.86 6 controller believes that an unauthorized
    otherwise personally affected by a complaint if we are
    a violation of the DPA. subject of a privacy acquisition is likely to give rise to a real
    violation or personal risk of serious harm to any affected data
    data breach, or who subject, he should promptly notify the
    are otherwise NPC and the affected data subjects about
    personally affected by said breach.
    Grand Mean 3.95 a violation of the
    DPA” needs more
    effort to comply.
    Problem Findings Conclusion

    f-value p-value
    Data Privacy Principles 1.283 0.276
    Criteria for Lawful Processing
    of Personal Information 1.085 0.373 The respondents’ assessment on
    Security Measures 0.679 0.640 the level of implementation of Data
    Age Organizational Security 0.715 0.614 Privacy Act of 2012 do not differ when
    Physical Security 0.933 0.462 classified according to age.
    Technical Security 1.334 0.255
    Principle of Accountability 1.568 0.175
    Rights of the Data Subjects 1.065 0.284
    Problem Findings Conclusion

    t-value p-value

    0.392 0.696
    Data Privacy Principles 0.066 0.947
    Criteria for Lawful Processing of Personal -0.072 0.943
    Information The respondents’
    -1.637 0.105 assessment on the level of
    Security Measures
    Sex Organizational Security -0.47 0.639 implementation of Data Privacy
    Physical Security Act of 2012 do not differ when
    -1.366 0.175 classified according to sex.
    Technical Security
    Principle of Accountability -0.644 0.521
    Rights of the Data Subject
    -0.106 0.916
    Problem Findings Conclusion
    F-value p-value
    Data Privacy Principles 1.811 0.168
    Criteria For Lawful Processing of Personal Information 1.200 0.305 There is significant influence on the
    Security Measures 1.041 0.357 level of implementation of Data
    Civil Organization Security 0.693 0.502 Privacy Act of 2012 in Principle of
    Status Physical Security 1.091 0.339 Accountability and Rights of the Data
    Technical Security 0.896 0.411 Subjects in terms of Civil Status
    Principle of Accountability 3.177 0.046
    Rights of the Data Subjects 5.009 0.008
    Problem Findings Conclusion
    p-
    F-value
    value

    Data Privacy Principles 0.603 0.549


    Criteria For Lawful Processing of Personal Information 0.404 0.669 There is no significant
    Job Position Security Measures 1.481 0.232
    difference on the level of
    Level Organization Security 0.433 0.65
    implementation of Data
    Physical Security 1.444 0.241
    Technical Security 0.256 0.774
    Privacy Act of 2012 in terms of
    Principle of Accountability 1.143 0.323 Job Position Level
    Rights of the Data Subjects 1.529 0.222
    Problem Findings Conclusion
    Aspects t-value p-value

    0.143 0.886
    0.061 0.951 There is significant difference in the
    Highest Data Privacy Principles -1.611 0.110 level of implementation of Data
    Educational Criteria for Lawful Processing of Personal Information 2.127 0.036 Privacy Act of 2012 in Organizational
    Attainment Security Measures 1.216 0.227 Security in terms of Highest
    Organizational Security 1.454 0.149 Educational Attainment
    Physical Security 0.506 0.614
    Technical Security 0.696 0.488
    Principle of Accountability
    Rights of the Data Subject
    Problem Findings Conclusion
    F-value p-value
    Data Privacy Principles
    1.227 0.304
    Criteria For Lawful Processing of Personal
    1.24 0.299
    Information There is no significant difference on
    2.059 0.110
    Years in Security Measures the level of implementation of Data
    1.789 0.154 Privacy Act of 2012 in terms of years in
    Servce Organization Security
    1.254 0.294 service.
    Physical Security
    1.742 0.163
    Technical Security
    1.131 0.34
    Principle of Accountability
    1.376 0.254
    Rights of the Data Subjects
    Problem Findings Conclusion
    p-
    F-value
    value
    Data Privacy Principles
    2.303 0.105
    Criteria For Lawful Processing of Personal There is no significant difference on
    2.504 0.087
    Number of Training Information the level of implementation of Data
    0.092 0.912
    and Seminar Security Measures Privacy Act of 2012 in terms of
    0.559 0.574 number of training and seminar
    Attended Organization Security
    1.668 0.194 attended.
    Physical Security
    1.949 0.147
    Technical Security
    2.244 0.111
    Principle of Accountability
    2.329 0.102
    Rights of the Data Subjects
    • Organizations shall consult to experts to be more aware and be in accordance with Data
    Privacy Act. It is essential to strengthen communication with people from different
    departments and work together to understand the expectations of data subjects, while
    focusing on the most-likely scenarios.

    • Government sectors, Securities and Exchange Commission, Bangko Sentral ng Pilipinas,


    Department of Justice, Anti-Cybercrime Division of the National Bureau of Investigation ,
    should work jointly in full force with National Privacy Commission in implementing the Data
    Privacy Act. Like, Securities and Exchange Commission, before giving permit the business to
    operate, they should require first compliance with provisions of Data Privacy Act of 2012 and
    must be subject first for compliance check by the National Privacy Commission.

    • National Privacy Commission should also perform random compliance check quarterly in
    small firms too.

    You might also like