Atty. Regine Noelle B. Ignacio of the National Privacy Commission’s (NPC) Compliance and Monitoring Division discussed the value of personal information in a lecture about the provisions of the Data Privacy Act (DPA) of 2012 during the recently concluded IT Week.
Ignacio, who belongs to the BSU Bachelor of Science in Information Technology batch of 2013 now works as a lawyer in the said commission. Her lecture is one of the highlights of the IT week celebrated by the Institute of Information Technology on February 25-March 1, 2019 with the theme, “BYTE: Boosting the Youth’s ‘Techi-ness’ foe Excellence”.
“Minsan, dahil may libre, binibigay na natin iyong personal information natin, ipinagpapalit natin sa mga bagay. Hindi natin alam mas valuable pala ang ating personal information,” said Ignacio as she reiterated that everybody should find out how their information will be used before they consent to providing it.
One participant asked whether allowing himself to be photographed is a form of consent.
“That is implied consent, under the DPA, consent should be freely given, specific and informed evidenced by written, electronic or recorded means,” replied Ignacio. She reiterated that Personal Information (PI) could be improperly retained and shared to other parties.
She presented a case in which a teacher got into debt because of loans he did not apply for. The victim later admitted that he posted a photo of his Identification Card online.
Sensitive PI includes: race, ethnic origin, marital status, age, color and religious, philosophical or political affiliations; health, education, genetic or sexual life, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; information issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and information that is specifically established by an executive order or an act of Congress to be kept classified.
Under DPA, those who control the processing of personal data or Personal Information Controller (PIC) such as schools, banks, hospitals and social media sites are obligated to: collect PI for specified and legitimate purposes; retain the information for no longer than necessary; implement organizational, technical and physical measures for the protection of data; process accurate, relevant and up to date PI; collect and process PI adequately and not excessively; and process PI fairly, lawfully and in accordance to the rights of a data subject.
Unauthorized processing, access due to negligence, improper disposal, unauthorized purposes, intentional breach, concealing breach are acts regarding the retainment and processing of punishable with up to 6 years of imprisonment and Php 500,000.00 fine.
The DPA ‘s main purpose is to protect individual personal information in information and communications systems in the government and the private sector.
Public can turn to NPC for assistance with the following contact details 09451534299 | 09399638715 and email firstname.lastname@example.org .//JSTabangcura