INFORMATION PRIVACY

Data should always be copied, noted, sent, stored, and stored again. Because of this,
stopping data privacy breach requires constant fighting and vigilance. Ano nga ba ang
Information Privacy, at gaano ba ka-private ang “private”?
 Information Privacy means the right of an individual to have some control over who
has access to his or her Personal Information and under what circumstances.
 Sa madalas na paggamit natin ng Facebook at Twitter, ginagamit natin itong mga social
media platforms to vent out in public or mag-rant. Pwedeng sabihin ng iba na “account
ko naman ‘to, I can do and post whatever I want.” Karamihan din ay nagpopost ng TMI
or Too Much Information that can be regarded as inappropriate. But then again, it is our
choice to tell everyone what is supposed to be private information.

If that is the case, then, what is data privacy?

Data Privacy
 Data privacy generally means the ability of a person to determine for themselves when,
how, and to what extent personal information about them is shared with or
communicated to others. This personal information can be one's name, location,
contact information, or online or real-world behavior. Just as someone may wish to
exclude people from a private conversation, many online users want to control or
prevent certain types of personal data collection.

Para mas maintindihan natin ang concept ng data privacy, here is the privacy policy of Google.

(explain ang mga nakalagay sa privacy policy)

Based sa past discussions natin, na-tackle na natin ang IP Address.

Anywhere in the world, one can determine a person's physical location by using that person's IP
address.
 One example of this situation ay yung about sa K-Pop world. Kapag may mga issues na
pinapakalat ang isang tao about sa isang K-pop Idol through social media, mabilis
nahahanap ng mga fans ang location nung tao na yon by the usage of IP Address.

Moving forward, Cookie is a small file that is stored in the computer's directory, often a
temporary folder. The cookie contains addresses of websites visited, login credentials, and even
credit card account numbers.
Makikita natin tong cookie kapag may inopen tayo na site. Familiar ba kayo sa lumalabas na
button na “Accept all cookies?” This is done so that the next time the person visits the website,
the computer system will no longer reload the same content or data, saving time and processing
power for the computer. Although risky ito especially when using public computers, tulad ng
mga pisonet or computer cafes, as the next user will be able to access the previous user's
account without the latter knowing it.
This policy regarding the computer's IP address and cookie information is mostly common to
other services including Yahoo Mail, Facebook, etc. Google is considered a trusted website.
Pero, how about Facebook?

Facebook claims that protecting the privacy of people and their information on Facebook is one
of its highest priorities. However, it is not Facebook that has come under fire. It is the Facebook
quizzes made available to everyone offering answers to questions such as "who will be your
soulmate," "who is your celebrity look-alike," etc.

This is the reason why it is important to:

1. Transact only with trusted sites and to avoid doing private transactions, such as online
payments, on public computers.
2. Always logout of your online accounts, such as emails, after using them, be it on a
private computer or otherwise.
3. Avoid unknown sites and applications which require you to enter personal credentials
like Facebook accounts or passwords. This could be a means for acquiring your
personal information for marketing use, or worse, identity phishing.
4. Look for the padlock icon when opening a website to ensure security.

Let us now proceed to Data Privacy Act 10173.

Data Privacy Act 10173
 With all of these pieces of information made available online and the possible problems
such situations may create, countries have come up with ways to protect their data from
malicious Individuals who might use them for illegal purposes.
 To protect the privacy of Filipino citizens, Republic Act No. 10173, also known as the
Data Privacy Act of 2012, was signed and approved by then President Benigno Aquino
Ill on August 15, 2012. This act applies to the processing of all types of personal
information and to any natural and juridical person involved in personal information
processing including those personal information controllers and processors who,
although not found or established in the Philippines, use equipment that is located in the
Philippines, or those who maintain an office, branch or agency in the Philippines.

The law defines sensitive personal information as being:

 about an individual's race, ethnic origin, marital status, age, color, and religious,
philosophical, or political affiliations;
 about an individual's health, education, genetic or sexual life of a person, or to any
proceeding or any offense committed or alleged to have committed;
 issued by government agencies "peculiar" (unique) to an individual, such as social
security number; and
 marked as classified by an Executive Order or an act of Congress.
All processing of sensitive and personal information is prohibited except in certain
circumstances. The exceptions are:
 consent of the data subject;
 pursuant to a law that does not require consent;
 the necessity to protect the life and health of a person;
 necessity for medical treatment; and
 necessity to protect the lawful rights of data subjects in court proceedings, legal
proceedings, or regulation.
A "security incident" is an event or occurrence that affects or tends to affect data protection,
or may compromise availability, integrity, or confidentiality. It is an attempted or actual
unauthorized access, use, disclosure, modification, or destruction of information. This includes
interference with information technology operation and violation of campus policy, laws or
regulations.
Examples of security incidents include:
 Computer system breach
 Unauthorized access to, or use of, systems, software, or data
 Unauthorized changes to systems, software, or data
 Loss or theft of equipment storing institutional data
 Denial of service attack
 Interference with the intended use of IT resources
 Compromised user accounts
A "personal data breach," on the other hand, is a subset of a security breach that actually
leads to "accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or
access to personal data transmitted, stored, or otherwise processed. “Personal data breach”
refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration,
unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise
processed.
A personal data breach may be in the nature of:
1. An availability breach resulting from loss, accidental or unlawful destruction of personal
data;
2. Integrity breach resulting from alteration of personal data; and/or
3. A confidentiality breach resulting from the unauthorized disclosure of or access to
personal data.

It is the policy of the State to protect the fundamental human right of privacy, of communication
while ensuring free flow of information to promote innovation and growth.

On March 27, 2016, the Commission on Elections (Comelec) website was hacked with
message postings regarding tighter security for the then upcoming May 2016 nationwide
elections. The same day, another group of hackers posted a link to what was claimed to be the
Comelec's entire database. The file was 340 gigabytes and was said to contain voters' and
candidates' information. According to security researchers at Trend Micro, the hack contains a
huge amount of very sensitive personal data, such as full names, email addresses, names of
spouses, addresses, parents' names, and government ID numbers. It also included
fingerprints of 15.8 million voters and passport numbers of 1.3 million overseas Filipino
workers. That makes this hack potentially the "biggest government-related data breach in
history".
A January 2017 article from CNN Philippines has reported that then Comelec Chairman
Andres Bautista will face criminal charges regarding the data breach that has occurred last
March 2016. Comelec and Bautista are said to have violated the Data Privacy Act of 2012. The
National Privacy Commission said that the organization failed as a personal information
controller. NPC also underscored the fact that data protection is more than just the
implementation of security measures.

THE NATIONAL PRIVACY COMMISSION

The National Privacy Commission, or NPC, is an independent body created under Republic
Act No. 10173 or the Data Privacy Act of 2012, mandated to administer and implement the
provisions of the Act, and to monitor and ensure compliance of the country with international
standards set for data protection.