O N

S I
MIS
O M
Y C
A C
RIV
L P
A
T I ON
N A
HE
F T
O Khane Samala-Raza
Y Public Information & Assistance Division
R T
P E
R O
P
 N
What is the right to privacy?
M I S S I O

O M
Y most C
the right to be let alone—the A C
I V
R and the right
comprehensive of rights P
A L
most valued by Icivilized
ON men
A T
E N
T H [Brandeis J, dissenting in Olmstead v. United

O F States, 277 U.S. 438 (1928)]

TY
ER
OP DPO
P R BRIEFING
 O N
S I
MIS
OM
Y C
WHY IS ITIV A C
P R

IMPORTANT?
HE N A T I O NA L

F T
Y O
R T
P E
R O DPO
P BRIEFING
 O N
S I
MIS
OM
Y C
A C
RIV
L P
A
T I ON
N A
HE
F T
Y O
R T
P E
R O DPO
P BRIEFING
 O N
S I
MIS
OM
Y C
A C
RIV
L P
A
T I ON
N A
HE
F T
Y O
R T
P E
R O DPO
P BRIEFING
 O N
S I
MIS
OM
Y C
A C
RIV
L P
A
T I ON
N A
HE
F T
Y O
R T
P E
R O
P
 DPA sections O N
S I
MIS
O M
Y C
A C
R IV
L P
N A
SECTION SECTION O
TI 11 - 21
SECTION SECTION SECTION
1-6 7 - 10
N A 22 - 24 25 - 37

Definitions H E
National Rights of Data Provisions Penalties
and General F T
Privacy Subjects specific to
Y
Provisions OCommission and Obligations Government
R T of Personal
P E Information
R O Controllers and DPO
P Processors BRIEFING
 O N
S I
MIS
OM
Y C
A C
RIV
L P
A
T I ON
N A
HE
F T
Y O
R T
P E
R O
P
 O N
KEY TERMS S I
MIS
OM
Y C
C
PERSONAL
IV A
A L P R
N
INFORMATION
HE
N A T I O

F T
Y O
R T
P E
R O DPO
P BRIEFING
 O N
KEY TERMS S I
MIS
OM
SENSITIVE Y C
R I V A C
P

A
PERSONAL
T I O NA L

Y O F T HINFORMATION
E

R T
OPE DPO
P R BRIEFING
 O N
KEY TERMS S I
MIS
OM
Y C
C
PRIVILEGED
IV A
A L P R
N
INFORMATION
T I O
N A
HE
F T
Y O
R T
P E
R O DPO
P BRIEFING
PRIVILEGED INFORMATION N
S IO
MIS
Data received within the context M
C O
of a protected relationship Y
A C
RIV
Husband and Wife P
L and Penitent
Priest
A
Attorney and Client ATI ONDoctor and Patient
N E
T H
O F
TY
ER
OP
P R
 O N
KEY TERMS S I
MIS
OM
Y C
C
PERSONAL
IV A
A L P R
N

HE
N A T I O
DATA
F T
Y O
R T
P E
R O DPO
P BRIEFING
 O N
KEY TERMS S I
MIS
OM
Y C
C
IV
A
DATA
A
L P R
N
A SUBJECT
T I O
N
T HE
OF
TY
ER
OP DPO
P R BRIEFING
 O N
KEY TERMS S I
MIS
OM
PERSONAL Y C
R I V A C
P
INFORMATION
A T I O NA L

Y O F T HE
CONTROLLER
R T
OPE DPO
P R BRIEFING
 O N
KEY TERMS S I
MIS
OM
PERSONAL Y C
R I V A C
P
INFORMATION
A T I O NA L

Y O F T HE
PROCESSOR
R T
OPE DPO
P R BRIEFING
 O N
KEY TERMS S I
MIS
OM
C
IV A CY
DATA
P R
L
PROCESSING
N A T I O NA

TY
O F T H
SYSTEM
ER
OP DPO
P R BRIEFING
 O N
KEY TERMS S I
MIS
OM
Y C
IV DATA
A
L
C
P R
A
ISHARING
O N
A T
E N
T H
OF
TY
ER
OP DPO
P R BRIEFING
 O N
S I
MIS
OM
Y C
A C
RIV
L P
A
T I ON
A N
under Hthe E DATA PRIVACY ACT
F T
Y O
R T
P E
R O
P
 O N
Adhere to S I
OBLIGATION 1:
MIS
data privacy principles M
C O
CY
TRANSPARENCY IV A
P R
AL
LEGITIMATE PURPOSE ION
A T
E N
PROPORTIONALITYT H
O F
TY
ER
O P DPO
PR BRIEFING
 Uphold O N
OBLIGATION 2:
S I
data subject rights MIS
OM
Y C
INFORMATION AC
ERASE
I V
RP
OBJECT A L DAMAGES
T I ON
ACCESS N A DATA PORTABILITY
E H
F
CORRECT
T FILE A COMPLAINT
Y O
R T
P E
R O DPO
P BRIEFING
 O N
Implement
OBLIGATION 3:
IS S I
security measures M M
C O
CY
ORGANIZATIONAL IV A
P R
TECHNICAL AL
T I ON
PHYSICAL A
E N
T H
O F
TY
ER
OP DPO
P R BRIEFING
 O N
S I
M IS
OM
Y C
A C
RIV
L P
A
T I ON
N A
HE
F T
Y O
R T
P E
P R O DPO
BRIEFING
 O N
CIRCULARS S I
M IS
NPC Circular 16-01 – Security of M of
NPC Circular 16-04 – Rules
O
Personal Data in Government Procedure Y C
Agencies A C
R I V
NPC Circular 17-01 – Registration of
NPC Circular 16-02 – Data L
Data
PProcessing Systems
Sharing Agreements Involving ON
A
T I
Government Agencies
N A NPC Circular 17-01 Appendix 1 –
E Registration of Data Processing
NPC Circular 16-03T–HPersonal Systems Appendix 1
O F
Data Breach Management
TY
ER
O P DPO
P R BRIEFING
 O N
ADVISORIES S I
MIS
OM
NPC Advisory No. 2017-01 – Designation of DataY C
Protection Officers A C
R I V
P
L to Personal
NPC Advisory No. 2017-02 – Access
N A
Data Sheets of Government O Personnel
T I
N A
H E
NPC Advisory No. 2017-03 – Guidelines on Privacy
T
Impact Assessments
F
Y O
R T
E
OP DPO
PR BRIEFING
 O N
PENALTIES S I
M IS
PUNISHABLE ACT JAIL TERM FINEM
O (PESOS)
Y C
Access due to negligence 1y to 3y 3y to 6y A C 500k to 4m
R IV
Unauthorized processing 1y to 3y
L P
3y to 6y 500k to 4m
N A
Unauthorized purposes 18m
T I O
to 5y 2y to 7y 500k to 2m
A
N 6m to 2y 3y to 6y
Improper disposal
HE 100k to 1m
T
OF
Intentional breach 1y to 3y 500k to 2m

TY
ER
O P DPO
P R BRIEFING
 O N
PENALTIES S I
M IS
PUNISHABLE ACT JAIL TERM FINEM
O (PESOS)
Y C
Concealing breach 18m to 5y A C 500k to 1m
R IV
Malicious disclosure 18m to 5y
L P 500k to 1m
A
N 3y to 5y
1y toO
Unauthorized disclosure
T I 3y 500k to 2m

N A
Combination of acts
HE 3y to 6y 1m to 5m

F T
Y O
R T
P E
R O DPO
P BRIEFING
5 PILLARS OF DATA PRIVACY O N
S I
ACCOUNTABILITY & COMPLIANCE MM I S
O C
1 Appoint a Data 3 Create Y
Ca Privacy
PROGRA
M

I V A
Protection Officer
P R
Management Program
A L
2 Conduct a Privacy TI O4N Implement Data Privacy
E NA
Impact Assessment and Security Measures
T H
O F Be ready in case of a
Y 5
RE P O R T

R T Data Breach
P E
R O DPO
P BRIEFING
 O N
S I
M IS
OM
Y C
A C
RIV
L P
A
T I ON
N A
HE
F T
Y O
R T
P E
P R O DPO
BRIEFING
 O N
S I
MIS
OM
C

P RIV THE
A CY

AL
T I ON
N A
HE
F T
Y O
R T DATA PROTECTION OFFICER
P E
R O
P
 O N
WHAT IS A DPO? S I
M IS
O M
Y C
A C
Individual(s)
R I V accountable for
L P
ensuring PICs / PIPs’
NA
compliance with the DPA, its
TI O
N A IRR, NPC Issuances & other
HE applicable laws
F T
Y O
R T
P E
R O DPO
P BRIEFING
 WHAT IS A COMPLIANCE OFFICER ION
S S
FOR PRIVACY? MI
O M
Y C
A C
V
Individual(s) Iwho perform some of
R of a DPO in particular
P
the functions
L
N
cases:A
T I O
N A § LGUs
HE
F T § Gov’t agencies
Y O § Private sector (subject to NPC
R T approval)
P E
R O § Analogous cases DPO
P BRIEFING
 O N
WHY APPOINT A DPO? S I
M IS
O M
ü A legal requirement Y C
A C
R I V
P
ü A cost-efficient solution to
L compliance &
A
achieve
N
O
TI accountability
N A
HE
F T ü Extra beneficial for PICs/PIPs with
Y O cross-border personal data
R T transfers
P E
R O DPO
P BRIEFING
 O N
WHY BE A DPO? S I
MIS
OM
Y C
A C
RIV
L P
A
T I ON
N A
HE
F T
Y O
R T
P E
R O DPO
P BRIEFING
 O N
GENERAL PRINCIPLES S I
MIS
M
O the PIC or
• Responsibility lies C
with
C Y
PIP, not with
I A
V the DPO
P R
A L
• IO N
Autonomy of the DPO or COP in
N AT the performance of duties
HE
F T
Y O • Confidential nature of the
R T
P E position
R O DPO
P BRIEFING
 O N
ROLES AND FUNCTIONS S I
M IS
M O
1. Monitor the Y C PIC’s or
A C
PIP’s Icompliance
R V
with
L P the DPA, its
N A
T I O IRR, issuances by
N A
HE the NPC & other
F T
O applicable laws and
TY
ER policies.
O P DPO
P R BRIEFING
 O N
ROLES AND FUNCTIONS S I
M IS
MO
2.Ensure the Y Cconduct
A C
R I V
of Privacy Impact
L P
NAAssessments relative
TI O to activities,
N A
HE measures, projects,
F T
Y O programs, or systems
R T
P E of the PIC or PIP;
R O DPO
P BRIEFING
 O N
ROLES AND FUNCTIONS S I
MIS
M O
3. AdviseCthe C
Y PIC or
V A
COMPLAINT
PIPRIregarding
L P
NA complaints and/or
T I O
NA
the exercise by data
HE subjects of their
F T
Y O rights
R T
P E
R O DPO
P BRIEFING
 O N
ROLES AND FUNCTIONS S I
M IS
4. Ensure proper dataM O breach
and security Y C
incident
A C
management
R I V by the PIC or
PIP,
L Pincluding the latter’s
REPOR T
N A
preparation and submission to
T I O the NPC of reports and other
E NA documentation concerning
T H security incidents or data
O F
Y breaches within the prescribed
R T period;
P E
R O DPO
P BRIEFING
 O N
ROLES AND FUNCTIONS S I
M IS
MO
Y C
5. Inform & cultivate
A C
awareness
R I V on privacy and
L P
data protection within the
A
T I ON organization of the PIC or
N A PIP, including all relevant
HE laws, rules and regulations
F T
Y O and issuances of the NPC;
R T
P E
R O DPO
P BRIEFING
 O N
ROLES AND FUNCTIONS S I
M IS
MO
6. Advocate for C the
development, C Y review
I V A
PROGRA M and/or
P R revision of policies,
A L
guidelines, projects and/or
O N
T I programs of the PIC or PIP
N A
HE relating to privacy and
F T data protection, by
Y O
T adopting a privacy by
ER
OP design approach;
DPO
P R BRIEFING
 O N
ROLES AND FUNCTIONS S I
M IS
OM
C
7. Serve as Y the contact
A C
personV of the PIC or PIP
R I
L P
vis-à-vis data subjects, the
NANPC and other authorities
T I O
A in all matters concerning
E N
H data privacy or security
F T
O issues or concerns and the
TY PIC or PIP;
ER
OP DPO
P R BRIEFING
 O N
ROLES AND FUNCTIONS S I
M IS
O M
Y C
8. Cooperate,
A C coordinate &
IV
seekRadvice of the NPC
LAW L P
N A
regarding matters
T I O concerning data privacy
N A and security; and
E
H
F T
Y O
R T
P E
R O DPO
P BRIEFING
 O N
ROLES AND FUNCTIONS S I
M IS
M
O
9. Perform other
Y C duties &
A C
tasks IV that may be
P R
assigned by the PIC or PIP
A L
T I ON that will further the
N A interest of data privacy
HE and security & uphold the
F T
O rights of the data subjects
TY
ER
OP DPO
P R BRIEFING
 O N
ROLES AND FUNCTIONS (FOR COPs)S I
IS M
OM
Y C
C
• Except for items (1) to (3), aVACOP shall
R I
L P of a DPO
perform all other functions
A
T I ON
A
N
• assist the supervising DPO in the
HE
performance
F T of the latter’s functions.
O
Y
R T
P E
R O DPO
P BRIEFING
 SUBCONTRACTING THE I O N
IS S
FUNCTIONS OF DPO/COP M
M
O
• Outsourcing or
Y C
subcontractingA Cof DPO
I V
PRis allowed.
functions
L
A
T ON
I
N A • DPO or COP must oversee
HE the performance of the
F T
O third-party service provider.
TY
ER
P
PRO • DPO or COP shall remain DPO
BRIEFING
the contact person
 O N
SKILLS* S I
M IS
O M
Y C
§
A C
Interpersonal &
I V
communication
R skills
L P
A
N Advanced org’l & privacy
§
TI O
N A program mgt skills
HE
F T
Y O § Advanced leadership skills
R T
P E
R O DPO
P *According to the Centre for Information Policy Leadership BRIEFING
 O N
SKILLS* S I
M IS
O M
Y C
§ C strategy skills
Data privacy
A
R IV
L P
§ ABusiness skills
O N
A § TI External engagement skills
E N
T H
O F
TY
ER
OP DPO
P R *According to the Centre for Information Policy Leadership BRIEFING
 O N
SUPPORTING THE DPO S I
MIS
O M
Y C
§ C
TopAmanagement
§ R I V
Process owners
L P
A§ Human resource
O N
T I § Legal division
N A § IT
HE
F T § Security
Y O § Internal Audit
R T
P E
R O DPO
P BRIEFING
 O N
S I
MIS
OM
Y C
A C
RIV
L P
A
T I ON
N A
HE
F T
Y O
R T
P E
R O
P
 O N
S I
MIS
OM
Y C
A C
WHO MUST P RIV

REGISTER? N A T I ON
AL

HE
F T
Y O
R T
P E
R O DPO
P BRIEFING
 O N
S I
MIS
OM
Y C
A C
WHO MUST P RIV

REGISTER? N A T I ON
AL

HE
F T
Y O
R T
P E
R O DPO
P BRIEFING
 O N
S I
MIS
OM
Y C
A C
WHO MUST P RIV

REGISTER? N A T I ON
AL

HE
F T
Y O
R T
P E
R O DPO
P BRIEFING
 O N
S I
IS
M
§ O M
A legal requirement
WHY C Y C
A
SHOULD YOU §
P
Good
R I V for your brand

REGISTER? A L
O N § Boosts compliance
T I PHOTO HERE
readiness in several
N A
HE ways
F T
Y O
R T
P E
R O DPO
P BRIEFING
 O N
S I
MIS
OM
Y C
A C
HOW TO RIV
P
REGISTER? I ON
AL
A T
E N
T H
O F
TY
ER
OP DPO
P R BRIEFING
 PAPER DOCUMENTS - GOV’T IO N
IS S
2 Original hard copies M
O M
C
Ycopy of the
C
§ Certified true
A
I V
Special/Office Order, or any
R document, designating
P
similar
Lor appointing the DPO of the
A
I ON PIC or PIP; and
RE
A T
P
Where applicable, a copy of
OR
E N §

T
the charter of your agency, or
T H
O F any similar document

TY identifying its mandate,

ER powers, and/or functions
OP DPO
P R BRIEFING
PAPER DOCUMENTS - PRIVATE IO N
IS S
2 Original hard copies M
O M
Y C
§ C appointment or
Duly-notarized Secretary’s Certificate authorizingAthe
R
designation of DPO, or any other document thatI V demonstrates the validity
of the appointment or designation
A LP
§ ON
TI following documents, where applicable:
Certified true copy of any of the
N A
H E (SEC Certificate, DTI Certification of Business
-Certificate of Registration
F T
Name or Sole Proprietorship) or any similar document; and/or
O
- Franchise,Ylicense to operate, or any similar document.
R T
P E
R O DPO
P BRIEFING
 O N
S I
MIS
OM
Y C
A C
RIV
L P
A
T I ON
N A
HE
F T
Y O
R T
P E
R O DPO
P BRIEFING
 WHEN SHOULD YOU O N
S I
M IS

REGISTER? IV A C Y C O M

P R
§ PHASE II- 8 March 2018
AL
§ Annually renewable w/in O N
2 months prior to, but not later
T I
than 8 March N A
§ Amendment H orEupdates to be made w/in 2 months from
T
OFsuch changes take into effect
the date
Y
R T
P E
R O DPO
P BRIEFING