In the Philippines. Raymund E. Liboro Privacy Commissioner September

Similar documents
General Data Protection Regulation - Explained

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents

GPDR: Privacy Statement Last updated April How your personal information is used by Allander Print Limited.

GDPR: A PRAGMATIC APPROACH

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

DATA PROTECTION POLICY VERSION 1.0

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )

PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER

How your personal information is used by Ferromatik UK Ltd

DATA PROTECTION POLICY

UCD Human Resources. UCD HR Privacy Statement - Employee

Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations

Global Privacy Policy

SCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools

DATA PROTECTION POLICY AND PROCEDURE

P Drive_GDPR_Data Protection Policy_May18_V1. Skills Direct Ltd ( the Company ) Data protection. Date: 21 st May Version: Version 1.

We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.

Nissa Consultancy Ltd Data Protection Policy

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

Data Protection Policy

APS Bank plc Data Privacy Policy

SHAREHOLDERS PRIVACY NOTICE

JOB DESCRIPTION: Hospitality Data Protection Officer

PRIVACY POLICY. VERSION 1.3 Keystone Property Finance 42 Kings Hill Avenue, Kings Hill, West Malling, Kent M19 4AJ

GDPR P4 Privacy Policy Statement & Guidance for Employees and External Providers

Standard Advisory London Limited Third Party Privacy Statement

European Union General Data Protection Regulation 25 th May 2018

Privacy Notice for Clients of RISDON HOSEGOOD Solicitors

How your personal information is used by Capital Credit Union

1.3. We will post any changes we may make to our Notice on this Website or communicate them to you by .

Data Protection Policy Approved by: COG Approved: 9 August 2017 Review date: August 2019 Version: Statement of Intent

The data protection rules require that personal information we hold about you must be:-

Data Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General

GENERAL DATA PROTECTION REGULATION Guidance Notes

TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION

PRIVACY STATEMENT Date: 25 May 2018

PRIVACY STATEMENT Date: 25 May 2018

STROMMA S PRIVACY POLICY

GPEN Sweep 2018 Privacy Accountability

STROMMA S PRIVACY POLICY

Processing Your Personal Data - The Headlines

Hendre Infants School DATA PROTECTION POLICY. Nurture, Believe, Achieve Headteacher: A. J. Brett-Harris

GDPR - Salon Guide Contents

Bank of China (UK) Limited Privacy Notice

Data Protection (internal) Audit prior to May (In preparation for that date)

Training Manual. DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Data Protection Officer is Mike Bandurak

A questionnaire for senior management

SIA Energokomplekss Registration No , registered office: 12 Krustpils Street, Riga, LV-1073 Revision No. 1

The current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions.

Get ready. A Guide to the General Data Protection Regulation (GDPR) elavon.ie

Please read the following carefully in order to understand our policies and practices regarding your personal data and how we process them.

DATA PROTECTION POLICY WINCHESTER CITY COUNCIL. Data Protection Policy

Corporate Social Responsibility Best-Practice Principles for Chunghwa Telecom Co., Ltd.

DATA PROTECTION POLICY

Privacy Notice - Recruitment

Code of Conduct. V November 2017

Privacy Policy RSL Ireland Ltd & Refrigeration Products (1999) Ltd


Privacy notice for Aalto Online Learning s events, communications and marketing Privacy notice for data subjects

GDPR - 10 THINGS YOU NEED TO KNOW (US PERSPECTIVE) 1. Privacy and data protection are fundamental rights

GDPR POLICY. This policy complies with the requirements set out in the GDPR, which will come into effect on

JOB DESCRIPTION. Head of Clinical Development

WHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT

St Mark s Church of England Academy Data Protection Policy

PRIVACY POLICY. is made in compliance with applicable law. You find our contact details at the last page of this Privacy Policy.

Data Protection Policy

December 28, 2018, New Delhi, INDIA

GDPR Policy of Lovedaycare Nursery

General Data Protection Regulation. Jim Sneddon GDPR-P, CISSP

University for the Creative Arts Application Declaration. Data Protection Privacy Notice

DATA PROTECTION POLICY 2018

GDPR-CERTIFIED ASSURANCE REPORT BASED PROCESSING ACTIVITIES

Privacy Notice. If you wish to know more about our approach to Data Protection please read this Privacy Notice.

HYDRASUN LTD RECRUITMENT PRIVACY NOTICE

General Data Protection Regulation. What should community energy organisations be doing to prepare?

Stolle Europe Introduction Important information and who we are Controller and contact information Complaints

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS

GGIS DATA PROTECTION AND PRIVACY POLICY

Statement of Data Protection and Privacy

RIGHT TO ERASURE OR RECTIFICATION REQUEST POLICY

Impact. Data Privacy Statement. Outcomes-Based Learning. Introduction

DATA PROTECTION POLICY 2016

DATA PROTECTION POLICY

DATA PROTECTION POLICY

EU Privacy statement

Data Protection Policy

GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges

PRIVACY NOTICE FOR JOB APPLICANTS

GDPR: An Overview for Public Sector Communicators

GDPR: What Every MSP Needs to Know

Research on school subject choices

Paul Jordan Thursday 12 October,

What is GDPR and Should You Care?

Data Protection for Landlords. David Smith Anthony Gold Solicitors

General Data Protection Regulation

Danske Bank International Privacy Notice

Danske Bank International Privacy Notice

EDPS - European Data Protection Supervisor CEPD - Contrôleur européen de la protection des données

Brasenose College Data Protection Policy Statement v1.2

General Personal Data Protection Policy

Transcription:

Raymund E. Liboro Privacy Commissioner September 28 2017 P R O M O T I N G P R I V A C Y R E S I L I E N C E A N D D A T A P R O T E C T I O N In the Philippines

PHILIPPINE HISTORY AND HONG KONG Fernando Amorsolo s The Making of the Philippine flag 1892-1972 Spanish soldiers and Filipino Auxiliaries escort two Filipino prisoners 2

Southeastern Asia, archipelago Capital City: Manila 7,100 islands (high tide) 7,107 islands (low tide)

PAR Philippine Area of Responsibility Superimposed tracks of typhoons that entered PAR from 1951-2013 4

RESILIENCE AND THE FILIPINO SPIRIT 5

6

RESILIENCE AND THE FILIPINO SPIRIT 7

Resilience resilience rɪˈzɪlɪəns/ noun 1.the capacity to recover quickly from difficulties; toughness. adapt well to change keep going in the face of adversity 8

CYBER ATTACKS (REAL-TIME) 2017

Privacy Risk = Probability of a Problematic Data Action * Impact of a Problematic Data Action Probability is a contextual analysis that a data action is likely to create a problem for a representative set of individuals Impact is an analysis of the costs should the problem occur

What is a Privacy Risk? A Personal Data Breach and a Data Privacy Violation that has NOT happened yet.

What is Privacy Resilience? A Personal Data Breach and a Data Privacy Violation that was prevented. A breach and privacy disaster that did not happen.

Disaster

Extensive internet and social media use in the Philippines World s no.2 in terms of growth in number of internet users (27%, +15M users) World s no.1 in terms of time spent on the internet (8.59 hours/day) World s no.7 in terms of growth in number of social media users (25%, +12M users) World s no.1 in terms of time spent on social media (4.17 hours/day) Source: Hootsuite & We Are Social Ltd. Digital in 2017

THE BPO SECTOR 18

Survey Results Importance of The Rights of A Data Subject, Philippines, Jun 2017 [PERCENTAGE] [PERCENTAGE ] % of Adults Net* +83 85% Important Undecided Not Important *Net figure % Likes to know minus % Does Not like to Know, correctly rounded *Based on the SWS Survey FILIPINO PUBLIC OPINION ON DATA PRIVACY AND ATTITUDES AND BEHAVIOUR TOWARDS INTERNET USAGE 4 June 17-21, 2017 National Survey

Survey Results Extent of Liking or Not Liking to Know Where The Personal Information They Have Provided During Transaction or Application Will Be Used, Philippines, Jun 2017 % of Adults [PERCENTAGE ] Net* +89 94% Likes to Know Does Not Like to Know Note: No answer/don t know/refused responses are not shown. *Net figure % Likes to know minus % Does Not like to Know, correctly rounded *Based on the SWS Survey FILIPINO PUBLIC OPINION ON DATA PRIVACY AND ATTITUDES AND BEHAVIOUR TOWARDS INTERNET USAGE 5 June 17-21, 2017 National Survey

7

Philippine Constitution Article 3: Bill of Rights Section 2. Right to be secure in their persons, houses, papers, and effects against unreasonable searches Section 3. Privacy of communication and correspondence Section 5. Free exercise and enjoyment of religious profession and worship Section 6. Liberty of abode and the right to travel Section 8. Right to information, and access to official records

Other Philippine Laws Republic Act 1405 Republic Act 6426 Republic Act 4200 Republic Act 9775 Republic Act 9995 Republic Act 10173 Secrecy of Bank Deposits Act Foreign Currency Deposits Act Anti-wiretapping Act Anti-child Pornography Act Anti-photo and Video Voyeurism Act Data Privacy Act

THE DATA PRIVACY ACT OF 2012 An Act Protecting Individual Personal Information in Information and Communications Systems in the Government and the Private Sector, Creating for This Purpose a National Privacy Commission, and For Other Purposes 24

THE DATA PRIVACY ACT OF 2012 25

RIGHTS OF A DATA SUBJECT 1. Right to be Informed 2. Right to Access 3. Right to Object 4. Right to Rectification 5. Right to Erasure or Blocking 6. Right to Damages 7. Right to Data Portability 8. Right to File A Complaint

OBLIGATIONS OF A PERSONAL INFORMATION CONTROLLER The PIC should collect personal information for specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection The PIC should process personal information fairly and lawfully, and in accordance with the rights of a data subject. The PIC should process accurate, relevant and up to date personal information. The PIC should collect and process personal information adequately and not excessively. The PIC should retain personal information only for as long as necessary for the fulfillment of the purposes for which the data was obtained. The information should be kept in a form which permits identification of data subjects for no longer than is necessary. The PIC must implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information.

THE FIVE PILLARS OF COMPLIANCE

1 Commit to Comply: APPOINT A DATA PROTECTION OFFICER 2 3 Know Your Risks: CONDUCT A PRIVACY RISK /IMPACT ASSESSMENT Write Your Plan: CREATE A PRIVACY MANAGEMENT PROGRAM 30

5 Be Prepared for Breach: REGULARLY EXERCISE YOUR BREACH REPORTING PROCEDURE 4 Be Accountable: IMPLEMENT YOUR PRIVACY AND DATA PROTECTION MEASURES 31

NPC SECTORAL APPROACH Health TELCO Banks & Non-Bank Financial Institutions Government Education & Research Utilities Workplace Pharmaceutical Industry NPC SECTORAL APPROACH Media & Social Media BPO Retail, Hospitality, Tourism Direct Marketing & Networking Real Estate Transportation & Logistics 32

Stakeholder Engagement

DPO1: Government Sector

DPO2: Banking Sector

DPO3: Telecommunications Sector

DPO4: CHED Sector

DPO5: Business Process Outsourcing Sector

DPO6: Media Sector

DPO6: Healthcare Sector

Building Awareness. Promoting a Culture of Privacy and Data protection

Privacy is Personal In the Philippines, we have a recent phenomenon called Hugot, which quite literally means to draw or pull out. Quite recently it s come to mean often very emotionally charged jokes about love and heartbreak. 44

Translation: Will fight for my data privacy rights 45

Translation: Personal information should be like your love and affection it should only go to the right person/s. 46

Translation: The different ways to say I love you. I will fight for your data privacy rights! (last item) 47

COMICS Comics on everyday privacy risks to better concretize the concepts and issues surrounding privacy to the everyday Filipino. 48

49

50

POP CULTURE Keeping up with current trends, such as movies, TV series and others. 51

52

53

54

55

DATA PRIVACY REMINDERS Posts aimed at informing data subjects of their rights, data hygiene practices and others. 56

57

58

Laws too gentle are seldom obeyed; too severe, seldom executed. Benjamin Franklin

T he Data Protection Golden Rule If you Can t Protect It Don t Collect It.

PRIVACY.GOV.PH facebook.com/privacy.gov.ph twitter.com/privacyph info@privacy.gov.ph 62

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback