Challenges in complying with the Data Privacy Act of Damian Mapa Deputy Privacy Commissioner

Similar documents
Module 1 - Introduction

Applications for accreditation: Membership. Compilation of membership accreditation assessment received on 9 July 2016

GDPR and India. By ADITI CHATURVEDI Edited by AMBER SINHA. The Centre for Internet and Society, India

Law Enforcement processing (Part 3 of the DPA 2018)

Privacy Policy. Cabcharge will only collect personal information which is necessary for the operation of its business.

Terms of Use Coach Me

FUJITSU Cloud Service K5: Data Protection Addendum

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner

Data protection. Guide to the Law Enforcement Provisions

STATE OF RHODE ISLAND

Environmental Laws. Enforcement of First Nation Land Laws & Environmental Protection Laws

CODE OF PRACTICE FOR RELEASE OF INFORMATION

ANNEX 4 TO THE ORGANIZATION, MANAGEMENT AND CONTROL MODEL PURSUANT TO LEGISLATIVE DECREE NO. 231/2001 OPENJOBMETIS S.P.A. - EMPLOYMENT AGENCY -

HIPAA DATA USE AGREEMENT

Access to Personal Information Procedure

Telekom Austria Group Standard Data Processing Agreement

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

Fragomen Privacy Notice

Policy Number Member Protection Policy - Part G- Complaint Handling Policy

ARTICLE 29 Data Protection Working Party

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS

Law No. 13 of 2016 Promulgating the Protection of the Privacy of Personal Data Law

District of Tofino Officer, Employees and Indemnification Bylaw No. 1235, 2017 Effective Date December 14, 2017

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

DATA MATCHING AGREEMENTS ACT 1 B I L L

Kaizen Global Inc. s Independent. Business Operator Agreement. Last updated May 10, 2017

FIA INSTITUTE ANTI BRIBERY AND CORRUPTION POLICY

DATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and

Purchasing Terms and Conditions

GUEST WIFI NETWORK. Terms and Conditions and Acceptable Use Protocol

Basis Account Terms of Service Agreement. Statista, Inc.

NON-TRANSFERABLE AND NON-EXCLUSIVE LICENSE AGREEMENT

SUPPLIER DATA PROCESSING AGREEMENT

Assembly Bill No. 481 Committee on Ways and Means

AGREEMENT FOR ACCESS, WHICH MAY RESULT IN PERSONAL DATA PROCESSING

Introduction. The highly anticipated text of the Irish Data Protection Bill 2018 has been published.

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

Enforcing HIPAA Administrative Simplification: Dispassionate Enforcement or Compassionate Prosecution?

Terms and Conditions of Outward Interbank Giro System and Automated Payment System Plus

Adequacy Referential (updated)

Case 2:15-cv PA-AJW Document 1 Filed 01/02/15 Page 1 of 11 Page ID #:1 UNITED STATES DISTRICT COURT CENTRAL DISTRICT OF CALIFORNIA. Deadline.

CORI INSTRUCTIONS. The LAST SIX digits of you SSN are REQUIRED (We are not able to process with out them)

Enforcement guidelines. October 2015

16 March Purpose & Introduction

CASH MANAGEMENT SERVICES MASTER AGREEMENT

Data Processing Addendum

CHAPTER 39: ORDINANCE ENFORCEMENT THROUGH ADMINISTRATIVE ADJUDICATION

Anti-Bribery Policy. Policies, Guidance & Procedures. The Collett School, St Luke s School Forest House Education Centre

Bylaws Accounting Education Foundation of the Texas Society of Certified Public Accountants, Inc.

NEW MEXICO. New Mexico 1

Trustee Licensing Act 1994 [50 MIRC Ch 3]

Article 1. Federal Data Protection Act (BDSG)

Sanctions Policy (Audit Enforcement Procedure)

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

Information exempt from the subject access right (section 40(4) and

Fair Labelling and Advertising Act. Enacted by law No. 5814, Feb. 5, Chapter 1 General Provisions

Malaria Consortium Anti-Bribery Policy

This article shall be known as and referred to as "The Small Loan Privilege Tax Law" of this state.

ICONS Terms of Use. Effective Date: March 1st, 2016

South Carolina Department of Motor Vehicles

Site Access Agreement. (hereinafter referred to as the

Annex 1: Standard Contractual Clauses (processors)

BERMUDA BRIBERY ACT : 47

GAMING SECURITY PROFESSIONALS OF CANADA PROFESSIONNELS EN SÉCURITÉ DU JEU DU CANADA

Decade of the Persons with Disabilities in Peru Year of Peru s economic and social consolidation

Little Rascals Pre-school Anti-Bribery Policy

(valid until )

Terms of Business

AS TABLED IN THE HOUSE OF ASSEMBLY

(Translation) The Trust for Transactions in Capital Market Act B.E (2007)

26 October 2015 H.M. TREASURY HELP TO BUY: ISA SCHEME RULES

EU GDPR - DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CDNETWORKS CUSTOMERS

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F December 20, 2017 EDMONTON POLICE SERVICE. Case File Number F8141

GLOBAL NEW CAR ASSESSMENT PORGRAMME ANTI BRIBERY AND CORRUPTION POLICY [DRAFT]

DATA PROCESSING AGREEMENT

TekSavvy Solutions Inc.

Trust Italia S.p.A. OnSite SM Agreement

Case: 1:17-cv Document #: 1 Filed: 11/28/17 Page 1 of 17 PageID #:1 IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF ILLINOIS

HARVARD PILGRIM HEALTH CARE, INC. PRIVACY AND SECURITY AGREEMENT

IRB RELIANCE EXCHANGE PORTAL AGREEMENT

Data Processing Agreement

Purposes of the Law. Information of Public Importance. Public Authority Body. Legal Presumptions of Justified Interest

The European Union General Data Protection Regulation (GDPR) Barmak Nassirian, Federal Director Thursday, February 22, 2018

CAPTION FINANCIAL SUMMARY

Data Protection Bill [HL]

IC Chapter 9. Sealing and Expunging Conviction Records

Public Authority (Accountability) Bill

Premium Account Terms of Service Agreement. Statista, Inc.

DATA PROCESSING ADDENDUM. 1.1 The User and When I Work, Inc. ("WIW") have entered into the Terms of Service, for the provision of the Service.

Terms and Conditions GDPR Ready Data

ANTI-BRIBERY POLICY. 1. Purpose

Anti-Corruption and Bribery Policy

(No. 97) (Approved June 19, 2008) AN ACT

BERMUDA POLICE COMPLAINTS AUTHORITY ACT : 29

BERMUDA VIRTUAL CURRENCY BUSINESS ACT 2018 BR/ 2018: TABLE OF CONTENTS PART 1 PRELIMINARY

I WANT YOU TO REMEMBER IT'S "BAIL" BEFORE "JAIL" SO YOU BETTER NOT "FAIL." OSCAR MADISON

PRIVACY POLICY DOT DM Corporation Commonwealth of Dominica cctld (.dm)

WAYBOTS USER AGREEMENT

DATA PROCESSING ADDENDUM

Transcription:

Challenges in complying with the Data Privacy Act of 2012 Damian Mapa Deputy Privacy Commissioner

Executive Summary In order to prevent and detect crime as well as investigate and prosecute it, a law enforcement agency requires timely access to personal data. Often, this data is held by the private sector possibly in another country/in the cloud. Delays in access may put human life, dignity, privacy and property at risk. Because of the huge amount of personal data that needs to be analysed quickly, this will increasingly need to be carried out in an automated way across national borders. Investigators and prosecutors are faced with a constant jurisdictional issue: what precisely are the limits to their activities as they follow leads and suspects in cyberspace far across their borders into databases or user-generated content under the jurisdiction of another law-enforcement agency. Conclusion: For the automated access to be timely, it may need to dispense with adhoc authorization and instead rely on pre-authorization, something which can only be properly provided for across borders by binding laws.

Towards Automated Access Adequacy Status for Police Sector Binding CrossBorder Legal Instrument Convention 108 Add Protocol to Conv 185 APEC CBPR Data Sharing MLA

Adequacy Status for Police Sector Universal Declaration of Human Rights (1948) European Convention on Human Rights (1953) Convention 108 (1981) Data Protection Directive (1995) Convention 185 (2004) GDPR (2018) Philippine Constitution (1987) Supreme Court ruling on Habeas Data (2008) Data Privacy Act (2012) IRR and other Issuances (2017)

Purpose of the Data Privacy Act Purpose: to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth to ensure that personal information in information and communication systems in the government and in the private sector are secured and protected to create an independent body to administer and implement the Act: the National Privacy Commission

Definitions in the Data Privacy Act Definitions (Section 3): Data subject Consent Personal information Sensitive personal information Personal information controller Personal information processor

Highlights of the Data Privacy Act Rights of the Data Subject (Sections 16 18): Right to be informed Right to object ECtHR Cases Right to access Allan v. the UK, 2002 S. and Marper v. the UK, Right to correct/rectify 2008 Right to block/remove Right to data portability Right to file a complaint Right to be indemnified

Highlights of the Data Privacy Act Obligations of PICs/PIPs (Sections 11-15, 20-24): Uphold rights of data subjects Process personal information according to privacy principles and specific criteria Secure personal information by implementing reasonable and appropriate organizational, physical and technical measures Designate an individual or individuals who are accountable for the organization s compliance Notify the Commission and data subjects in case of breach of sensitive personal information Register systems and service providers

Jail Term Fine (Pesos) Access due to negligence 1y to 3y 3y to 6y 500k to 4m Unauthorized processing 1y to 3y 3y to 6y 500k to 4m Improper disposal 6m to 2y 3y to 6y 100k to 1m Unauthorized purposes 18m to 5y 2y to 7y 500k to 2m Intentional breach 1y to 3y 500k to 2m Concealing breach 18m to 5y 500k to 1m Malicious disclosure 18m to 5y 500k to 1m 1y to 3y 3y to 5y 500k to 2m 3y to 6y 1m to 5m Punishable Act Unauthorized disclosure Combination of acts

Who is liable? Sec. 22. The head of each government agency or instrumentality shall be responsible for complying with the security requirements mentioned herein Sec. 34. Extent of Liability. If the offender is a corporation, partnership or any juridical person, the penalty shall be imposed upon the responsible officers, as the case may be, who participated in, or by their gross negligence, allowed the commission of the crime.

What happens if you don t comply? Sec. 7. Functions of the National Privacy Commission (b) Receive complaints, institute investigations, facilitate or enable settlement of complaints through the use of alternative dispute resolution processes, adjudicate, award indemnity on matters affecting any personal information, prepare reports on disposition of complaints and resolution of any investigation it initiates, and, in cases it deems appropriate, publicize any such report (c) Issue cease and desist orders, impose a temporary or permanent ban on the processing of personal information, upon finding that the processing will be detrimental to national security and public interest; (d) Compel or petition any entity, government agency or instrumentality to abide by its orders or take action on a matter affecting data privacy; (i) Recommend to the Department of Justice (DOJ) the prosecution and imposition of penalties specified in Sections 25 to 29 of this Act;

Official website of the National Privacy Commission

Thank you! PRIVACY.GOV.PH facebook.com/privacy.gov.ph twitter.com/privacyph info@privacy.gov.ph

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback