Description
It is said that “Data is the New Currency” and with the ease of transmission, storage and processing of data it has created a global paradigm where the exchange of information has given rise to new economic models worldwide.
But as with any pursuit of wealth there are instances where the rights of individuals or groups are ignored or compromised. In particular their right to privacy or more specifically the privacy of their personal information.
In recognition of this, The Data Privacy Act of 2012 was created in order to address the issues related with the misuse, abuse, and unauthorized processing of personal data by persons or organizations.
It gives a framework for which rules and practices can be built upon to assure personal data owners that the privacy of their personal data and information is maintained and preserved and will only be used with their knowledge and consent.
The DPA itself borrows from other existing laws for Data Privacy as well as established standards and practices such as the ISO 27000 Family of Standards for Information Security.
This course is designed to give the participants a full appreciation of what the Data Privacy Act is all about and the specific requirements that should be fulfilled to meet with its compliance. The course will also orient the participants on how the different ISO standards can complement and assist in meeting compliance with the DPA.
Day 1
Module 1
- Data Privacy
- Types of data that need to be protected
- Personally identifiable information (PII)
- Sensitive Personal Information
- Privileged Information
- Data Protection and its Importance
- Data Privacy Laws
- Data Privacy Act of 2012 Framework
- Rights of Data Subjects
- Roles and Responsibilities of Personal Information Processors (PIPs) and Personal Information Controllers (PICs)
- Data Privacy Principles
Module 2
- Roles of an organization in Data Privacy
- Five Pillars of Compliance
- Data Privacy Act (RA 10173) Checklist Signs of Compliance
- Violations and Penalties
Day 2
- Data Privacy Act Compliance Checklist
- Philippine Privacy Accountability Matrix
- Privacy Impact Assessment Workshop
Objectives
At the end of the course, learners are expected to:
1. Have basic awareness and understanding of the Data Privacy Act of 2012 (DPA or “The Act”);
2. Understand what are their rights under the act as “Data Subjects”;
3. Be aware of their roles and responsibilities as Personal Information Processors (PIP); and,
4. Identify key points in ISO Standards that can be used to build and implement a Data Privacy System that can comply with the DPA.