What is the deadline for a government agency head to approve off-site access to sensitive data?
Agency heads must approve or disapprove off-site access requests within two business days, otherwise the request is automatically disapproved.
Are employees who process personal data bound by confidentiality even after they resign?
Employees handling personal data must maintain strict confidentiality, a vital obligation that completely persists even after their employment or contract legally ends.
Are employees who process personal data bound by confidentiality even after they resign? Read More »
When is a personal information controller required to notify the Commission about a security breach?
Controllers must promptly notify the Commission and affected data subjects if unauthorized acquisition of sensitive data poses a risk of serious harm.
Who is accountable for personal information transferred to a third party for processing?
The personal information controller permanently remains entirely accountable for personal data even when it is actively transferred to a third-party processor.
Who is accountable for personal information transferred to a third party for processing? Read More »
What is the penalty for unauthorized processing of personal information?
Unauthorized processing of personal information is strictly punished by 1 to 3 years of imprisonment and a massive fine up to Php2,000,000.00.
What is the penalty for unauthorized processing of personal information? Read More »
What happens if a corporation or juridical person commits a violation of the Data Privacy Act?
For corporate offenders, the responsible officers are heavily penalized, and the court may legally suspend or completely revoke the corporation’s functional rights.
Does a data subject have the right to correct inaccurate personal information?
Data subjects can quickly dispute inaccurate personal data, compelling the controller to correct it immediately and officially inform third-party recipients.
Does a data subject have the right to correct inaccurate personal information? Read More »
What is the right to data portability?
Data portability actively allows subjects to obtain an electronic, structured copy of their processed personal data for their own further use.
What is the right to data portability? Read More »
What are the obligations of a personal information controller regarding data security?
Controllers must strictly implement organizational, physical, and technical security measures to securely protect personal data from natural and human-induced threats.
What are the obligations of a personal information controller regarding data security? Read More »
Who is considered a personal information controller?
A personal information controller is an entity that controls the collection or processing of personal data, excluding personal household use.
Who is considered a personal information controller? Read More »
