DATA PRIVACY ACT
WHY DATA PRIVACY ACT IS IMPORTANT?
1. Protects the privacy of individuals while ensuring free flow of information to promote innovation and
growth;
2. Regulates the collection, recording, organization, storage, updating or modification, retrieval,
consultation, use, consolidation, blocking, erasure, or destruction of personal data; and
3. Ensures that the Philippines complies with international standards set for data protection through
National Privacy Commission (NPC)
PERSONAL DATA BREACH
 refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration,
unauthorized disclosure, or access of personal data.
TYPES OF DATA BREACH
(1)
(2)
(3)
AVAILABILITY
INTEGRITY
CONFIDENTIALITY
RISK or EXPOSURE



Accidental or unlawful destruction and loss
Alteration of personal data
Unauthorized disclosure or access
PROCESSING:
(1)
(2)
(3)
TRANSMITTED,
STORED, or;
otherwise PROCESSED
NATIONAL PRIVACY COMMISSION (NPC)
 in charge of administering and implementing the DPA.
 It is also tasked to monitor and ensure compliance of the Philippines with international
standards for personal data protection.
 to promulgate the DPA’s implementing rules and regulations.
DEFINITIONS
 DATA SUBJECT
 individual whose personal information is processed
 PERSONAL INFORMATION CONTROLLER
 natural/juridical person who controls the processing of personal data.
 PERSONAL INFORMATION PROCESSOR
 natural/juridical person to whom Personal Information Controller (PIC) may outsource data
 DATA PRIVACY ACT
 law that seeks to protect all forms of information, be it private, personal, or sensitive.
 It is meant to cover both natural and juridical persons involved in the processing of personal
information.
TYPES OF PERSONAL INFORMATION
(1)
PERSONAL INFORMATION
 information that would directly and certainly identify a particular individual
Examples:
1.) Full name
2) Gender
3.) Birthdate
4.) Mobile No.
5.) Address
6.) Birthplace
7.) Bank Account number
8.) Parents’ name
(2)
SENSITIVE PERSONAL INFORMATION
 Sensitive information is a type of personal information. Unlike some personal information,
however, sensitive information may result in discrimination or harm if it is mishandled.
Examples:
1.) Marital Status
2.) Race, Color, Age, Ethnic Origin
3.) Health, Education, Genetic or Sexual Life
4.) Criminal Proceeding Information
5.) Religious, Philosophical or Political Affiliations
6.) Government Issued Personal information, Tax returns
(3)
PRIVILEGED INFORMATION
 refers to all data classified under the (Philippine) Rules of Court and other laws as “privileged
communication”
Examples:
1.) any communication shared in confidence between husband and wife;
2.) any communication or advice between an attorney and a client
3.) any advice or treatment given, or any information acquired by a doctor from a patient
4.) any confession made by a person to a minister or priest, as well as any advice subsequently
given by the latter to that person
5.) communication made to a public officer in official confidence
Personal Data may be contained in:
 INFORMATION AND COMMUNICATION SYSTEM
 refers to a system for generating, sending, receiving, storing or otherwise processing electronic
data messages or electronic documents and includes the computer system or other similar device
by which data is recorded, transmitted or stored and any procedure related to the recording,
transmission or storage of electronic data, electronic message, or electronic document.
 FILING SYSTEM
 refers to any set of information relating to natural or juridical persons to the extent that,
although the information is not proceed by equipment operating automatically in response to
instructions given for the purpose, the set is structured, either by reference to individuals or by
reference to criteria relating to individuals, in such a way that specific information relating to a
particular person is readily accessible.
Personal Data are processed through:
 DATA PROCESSING SYSTEM
 refers to the structure and procedure by which personal data is collected and further processed
in an information and communications system or relevant filing system, including the purpose and
intended output of the processing
SCOPE OF APPLICATION
 This act applies to the processing of all types of personal information
 to any natural and juridical person involved in personal information processing
Including those PIC and PIPs who, although not found or established in the Philippines:
(1) use equipment that are located in the Philippines, or;
(2) those who maintain an office, branch, or agency in the Philippines
EXCEPTION:
o
Officer or government employee as to:
 the fact that he is an employee of the government
 title, office address and telephone number
 classification, salary range, and responsibilities held

his or her name in a document prepared during his or her employment
o
One who performs service under contract for a government institution, only in so far as it relates
to such service, including his name and terms of contract.
o
If a benefit of financial nature is conferred upon the discretion of the government (i.e. granting of
license or permit)
o
Journalistic, artistic or literary purpose
o
Research intended for public benefit
o
Information necessary to carry out the functions of public authority
o
Information necessary for the banks and other financial institutions
DATA PRIVACY PRINCIPLE
 PRINCIPLE OF TRANSPARENCY
 The data subject must be aware of the nature, purpose, and extent of the processing
of his or her personal data
 LEGITIMATE PURPOSE
 It must not be contrary to law, morals, or public policy
 PRINCIPLE OF PROPORTIONALITY
 It must be adequate, relevant, suitable, necessary, and not excessive in relation to a
declared and specified purpose