#1 Ppt Oropel Flashcards
(18 cards)
independent body mandated to implement the DPA
National Privacy Commission (NPC
a natural or juridical person, or any other
body who controls the processing of
personal data
Personal Information controller
a natural or juridical person, or any other
body to whom a PIC may outsource or
instruct the processing of personal data
Personal Information Processor
refers to any information from which the identity of an individual is apparent or can be reasonably and directly ascertained, or when put together with other information
would directly and certainly identify an
individual (PI)?
Personal Information
that “The processing of personal data shall be allowed subject to adherence to the principles of transparency, legitimate
purpose, and proportionality.”
Approach
The data subject must be
aware of the nature, purpose, and extent of the processing of his or her personal data, including the risks and safeguards involved, the identity of personal information controller, his or her rights as a data subject, and how these can be
exercised.
Transparency
with a declared and
specified purpose which must not be contrary to
law, morals, or public policy.
Legitimate purpose
shall be adequate, relevant,
suitable, necessary, and not excessive in
relation to a declared and specified purpose.
Proportionality processing of information
processing of information shall
be adequate, relevant, suitable, necessary, and
not excessive in relation to a declared and
specified purpose.
Information
commonly referred to
as subject access, gives individuals the
right to obtain a copy of their personal data, as well as other supplementary information.
It helps individuals to understand how and why you are using their data, and check you are doing it lawfully. Or subject access request or ‘SAR’.
Access/ right to access
that is to
receive from your company/organisation the
personal data they provided in a structured
machine-readable format, and have it
transmitted to another
company/organization.
Data portability/ right to data portability
Inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted.
Rectification
allows the data
subject to suspend, withdraw or order the blocking, removal, destruction of his or her personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were
collected
Ensure or Blocking
is allowed where
processing is necessary to pursue the
of the data controller,
except where overridden by the fundamental
rights and freedoms of the data subject.
Exception to consent
is an event or occurrence that affects or tends to affect data protection, or may compromise availability, integrity or confidentiality. This definition includes incidents that would result in a personal breach, if not for safeguards that have been put in place.
Security incident
on the other hand, is
a subset of a security breach that actually leads to “accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Personal data breach
is a law that seeks
to protect all forms of information, be it be private, personal, or sensitive. It is meant to
cover both natural and juridical persons
involved in the processing of personal
information.
RA 10173 Or Data Privacy Act
is ingrained into culture,
although etiquette in technology is a fairly
recent concept.
Online etiquette
