Consent is required prior to the collection

of all personal data.

Consent is not required for processing where the

data subject is party to a contractual agreement, for

purposes of fulfilling that contract.

PENALTIES DATA PRIVACY

Ranging from P100,000 to P5,000,000

(approximately US$2,000 to US$100,000)

Imprisonment of 1 year up to 6 years

Companies with at least 50 employees or access to

the personal and identifiable information of at

least 1,000 people are required to register with the

National Privacy Commission and comply with the

Data Privacy Act of 2012

is a weakness in the security system (for example, in procedures, design, or implementation), that might be exploited to cause loss or harm.

A ________to a computing system is a set of circumstances that has the potential to cause loss or harm.

A human who exploits a vulnerability perpetrates an _______ on the system.

We use a _______ as a protective measure. That is, a control is an action, device, procedure, or technique that removes or reduces a vulnerability.

The processing of personal data shall be allowed

subject to adherence to the principles of:

transparency, legitimate purpose and proportionality