What is the deadline for a government agency head to approve off-site access to sensitive data?
Agency heads must approve or disapprove off-site access requests within two business days, otherwise the request is automatically disapproved.
Agency heads must approve or disapprove off-site access requests within two business days, otherwise the request is automatically disapproved.
Government agency heads must limit approved off-site access to no more than 1,000 sensitive personal records at a single time.
Data subjects have the absolute right to actively object to their personal data being processed for automated processing or profiling.
Controllers must notify the Commission and affected subjects within 72 hours upon discovering or reasonably believing a data breach occurred.
Data processing systems refer to the structure and procedure for collecting and processing personal data in an information or filing system.
What does “data processing systems” mean under the Implementing Rules and Regulations? Read More »
Data sharing involves the disclosure or transfer of personal data to a third party or another personal information controller.
How is “data sharing” defined in the rules? Read More »
The Act does not apply to specific information regarding the position, title, and functions of a current or former government employee.
Transparency requires that data subjects are fully aware of the nature, purpose, risks, and extent of their personal data processing.
How is the principle of transparency applied in the processing of personal data? Read More »
Proportionality dictates that data processing must be adequate, relevant, necessary, and not excessive relative to its declared purpose.
What constitutes the principle of proportionality under the implementing rules? Read More »
Personal data shall only be retained for as long as necessary for its declared purpose, legal claims, or legitimate business.
How long can personal data be legally retained under the rules? Read More »