What are the physical security requirements regarding the mechanical destruction of files?
Policies must prevent mechanical file destruction, and workstations must be secured against natural disasters, power issues, and unauthorized access.
What is the deadline for a government agency head to approve off-site access to sensitive data?
Agency heads must approve or disapprove off-site access requests within two business days, otherwise the request is automatically disapproved.
Under the rules, how many sensitive records can a government agency head approve for off-site access at one time?
Government agency heads must limit approved off-site access to no more than 1,000 sensitive personal records at a single time.
Does a data subject have the right to legally object to automated processing or profiling?
Data subjects have the absolute right to actively object to their personal data being processed for automated processing or profiling.
What is the mandatory time frame for officially reporting a personal data breach to the Commission?
Controllers must notify the Commission and affected subjects within 72 hours upon discovering or reasonably believing a data breach occurred.
What specific information must a complete data breach notification formally contain?
Notifications must detail the breach’s nature, affected data, mitigation measures, contact representatives, and provided assistance to the data subjects.
What specific information must a complete data breach notification formally contain? Read More »
Does a data subject have the right to correct inaccurate personal information?
Data subjects can quickly dispute inaccurate personal data, compelling the controller to correct it immediately and officially inform third-party recipients.
Does a data subject have the right to correct inaccurate personal information? Read More »
Are employees who process personal data bound by confidentiality even after they resign?
Employees handling personal data must maintain strict confidentiality, a vital obligation that completely persists even after their employment or contract legally ends.
Are employees who process personal data bound by confidentiality even after they resign? Read More »
When is a personal information controller required to notify the Commission about a security breach?
Controllers must promptly notify the Commission and affected data subjects if unauthorized acquisition of sensitive data poses a risk of serious harm.
What is the penalty for unauthorized processing of personal information?
Unauthorized processing of personal information is strictly punished by 1 to 3 years of imprisonment and a massive fine up to Php2,000,000.00.
What is the penalty for unauthorized processing of personal information? Read More »
