Is a public officer subjected to additional penalties for actively violating data privacy laws?
Public officers committing offenses face an additional accessory penalty of absolute disqualification from public office for double the criminal term.
What does “data processing systems” mean under the Implementing Rules and Regulations?
Data processing systems refer to the structure and procedure for collecting and processing personal data in an information or filing system.
What does “data processing systems” mean under the Implementing Rules and Regulations? Read More »
How is “data sharing” defined in the rules?
Data sharing involves the disclosure or transfer of personal data to a third party or another personal information controller.
How is “data sharing” defined in the rules? Read More »
Are information regarding a government employee’s position exempted from the Data Privacy Act?
The Act does not apply to specific information regarding the position, title, and functions of a current or former government employee.
Are there conditions required for data sharing in the private sector for commercial purposes?
Data sharing for commercial purposes requires a data sharing agreement establishing adequate safeguards and is subject to Commission review.
What must a personal information controller do regarding data protection policies?
Controllers must implement data protection policies covering organizational, physical, and technical security measures tailored to the specific processing risks.
What must a personal information controller do regarding data protection policies? Read More »
What essential details must be included in the records of processing activities?
Records must describe the processing system, purposes, data subjects, data flow, security measures, and accountable compliance officers.
What essential details must be included in the records of processing activities? Read More »
What are the physical security requirements regarding the mechanical destruction of files?
Policies must prevent mechanical file destruction, and workstations must be secured against natural disasters, power issues, and unauthorized access.
What is the deadline for a government agency head to approve off-site access to sensitive data?
Agency heads must approve or disapprove off-site access requests within two business days, otherwise the request is automatically disapproved.
Under the rules, how many sensitive records can a government agency head approve for off-site access at one time?
Government agency heads must limit approved off-site access to no more than 1,000 sensitive personal records at a single time.
