Focus & Features
Privacy has become a central theme of our times and we, as individual citizens, all have common interest in it. The heart of the matter is that we want the information we share about ourselves- private information that personally identifies us- to remain in good hands.
The main objectives of this training are as follows:
- Become familiar with the basic privacy principles, concepts and background
- Ensures compliance with Philippines Data Privacy Act
- Understand why Privacy is important in enforcement activity, incident management, rules and regulations
- Understand your obligations when processing Personal Information
Through team exercises, group discussions, case studies, and lectures, attendees will gain a foundation of knowledge that will allow Compliance Officers/ Management to properly prepare for an effective privacy compliance program for the company.
What You Will Learn
I. Introduction to Privacy
- Definition of Personal Information
- Types of Personal Information
- Privacy as a Process
- Privacy Principles
- Relationship of Information Security with Data Privacy
- Influences on Data Privacy
II. Specific Provisions in accordance with Philippine Data Privacy Act (R.A. 10173)-
- Scope of Implementation
- Definition of Key terms per Implementing Guidelines (IRR)
Ø Personal Data Processing
Ø Personal Information Controller
Ø Personal Information Processor
Ø Personal Data
Ø Sensitive Personal Data
- Rights of Data Subject
- 10 Pointers of Substantial Compliance
- Security Measures
- Penal Sanctions
- Enforcement
III. Data Mapping Inventory
- Identify categories of personal data (customers, employees, vendors, etc.)
- Map out personal data sources, storage, and destinations.
- Conduct gap analysis based on your personal data collected.
- Document the data flows, including the types of personal data, systems, and risks involved.
IV. Data Processing System and DPO Registration
- NPC Circular No. 2022-04
- Mandatory Registration
- Authority to Register
- Registration Process through NPC Registration System (NPCRS)
V. Understanding your obligations in Processing Personal Information with regards to Right to Privacy
- Data Subject Rights
o Right to be informed
o Right to object
o Right to access
o Right to correct/rectify
o Right to block/remove
o Right to data portability
o Right to file a complaint
o Right to be indemnified
- Criteria for Lawful Processing of Personal Information per Data Privacy Act
- Definition of Consent
- Privacy Notice vs. Consent
- Personal Information Processing in various scenarios
- Drafting of Privacy Notice and Consent Language
VI. Creating a Privacy Policy/ Statement/Notice for website
- Introduction
- Collection and Use of Personal Data
- Data Sharing
- Information Control and Limitation
- Personal Data Security
- Use of Cookies
- Links to website
VII. Privacy Impact Assessment (PIA) Workshop
- Assessing current Privacy-related Environment (local laws and regulatory requirements)
- Identify the risk and vulnerabilities
- Recommend controls and remediation to mitigate the risks
- Addressing the gap
- Monitoring and Compliance Auditing for Continued Success
VIII. Assessing Risks using Third Parties
- Managing Privacy with Vendors/ Suppliers
- Data Privacy Clauses in Contracts
- KPIs with Vendors
- Obligations of Vendors/ Suppliers
IX. Data Breach Notification and Incident Response Plan
- Formulation of Security Incident Response Plan
- Data Breach Notification Process
- Data Breach Notification requirements (72 hours window) per Data Privacy Act
- Security Incident drills
- Annual Security Incident Reporting (ASIR) through Data Breach Notification Management System of NPC
X. Case Studies
XI. Seminar Conclusion
- Plan for Actions
CPE units: 7
CANCELLATION & SUBSTITUTION POLICY
- Cancellations received 48 hours before the seminar date and no-show will be charged 50% of the registration fee. Request for refund of the remaining fee must be done through email. Expect at least two weeks of processing time upon verification of refund.
- Substitutions are allowed if the membership status of the two participants is the same; otherwise, the difference in the ticket price must be settled.
