Activity 1.2 (Data Privacy Act of 2012)

Section 4. 1

Illegal Access – The access to the whole or any part of a computer system without right.

Section 4.3 Data Interference. — The intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses.

The input, alteration, or deletion of any computer data without right resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible

A privacy notice is a statement made to a data

subject that describes how the organization collects,

uses, retains and discloses personal information.

The PMP puts everyone on the same page. It provides

an easier way to explain to the management and

staff: why are we doing this, what are the results we

expect, what are the benefits of those results, and

what do we need to do to get there. With this, you

will smoothly get everyone on board.

It (1) protects the privacy of individuals while

ensuring free flow of information to promote

innovation and growth; (2) regulates the collection,

recording, organization, storage, updating

or modification, retrieval, consultation, use,

consolidation, blocking, erasure or destruction of

personal data; and (3) ensures that the Philippines

complies with international standards set for data

protection through National Privacy Commission.

1.  for the fulfillment of the declared, specified, and legitimate

purpose, or when the processing relevant to the purpose

has been terminated;

2.  for the establishment, exercise or defense of legal claims; or

3.  for legitimate business purposes, which must be consistent

with standards followed by the applicable industry or

approved by appropriate government agency.

Data subject refers to an individual whose personal information is processed.

Your personal data is treated almost literally in the same way as your own personal property. Thus, it should never be collected, processed and stored by any organization without your explicit consent, unless otherwise provided by law. Information controllers usually solicit your consent through a consent form.

The data subject shall have the right, where personal information is processed by electronic means and in a structured and commonly used format, to obtain from the personal information 

(a) Be informed whether personal information pertaining to him or her shall be, are being or have been processed;

(b) Be furnished the information indicated hereunder before the entry of his or her personal information into the processing system of the personal information controller

This is your right to find out whether an organization holds any personal data about you and if so, gain “reasonable access” to them. Through this right, you may also ask them to provide you with a written description of the kind of information they have about you as well as their purpose/s for holding them.

You must execute a written request to the organization, addressed to its Data Protection Officer (DPO). In the letter, mention that your request is being made in exercise of your right to access under the Data Privacy Act of 2012.