RA 10173 – Data Privacy Act of 2012

- Act protecting individual personal information in Information and communication systems in thr
government and the private sector, creating for a purpose a National Privacy Commission and
for other purposes.
- To protect the fundamental right of privacy, of communication while ensuring free flow of
information to promote innovation and growth

Data subject- an individual whose personal information is processed

Consent of the data subject- any freely given, specific, informed indication of will, whereby the data
subject agrees to the collection and processing of personal information about and/or relating to him or
her

Consent- evidenced by written, electronic or recorded means. It may also be given on behalf of the data
subject by an agent specifically authorized by the data subject to do so

Filing system- any act of information relating to natural or juridical personas to the extent that is
structures by reference to individuals or by reference to the criteria relating to individuals and readily
accessible

Information and Communications System- system for generating, sending, receiving, storing or
otherwise processing electronic data messages or electronic documents and includes the computer
system or other similar device by or which data is recorded, transmitted or stores and any procedure
related to the recording, transmission or storage of electronic data, electronic message, or electronic
document

Personal information- to any information whether recorded in a material form or not, from which the
identity of an individual is apparent of can be reasonably and directly ascertained by the entity holding
the information

Personal information controller- person or organization who controls the collection, holding, processing
or use of personal information, including a person or organization who instructs another person or
organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf

Processing- any operation or any set of operations performed upon personal information including, but
not limited to, the collection, recording, organization, storage, updating or modification, retrieval,
consultation, use, consolidation, blocking, erasure or destruction of data

Sensitive personal information:

Race, ethnic origin, marital status, age, color, religious, philosophical or political affiliations,
about individual’s health, education, genetic or sexual life of a person, or to any proceeding for any
offense committed or alleged to have been committed by such person, the disposal of such proceedings,
or he sentence of any court in such proceedings, issued by government agencies, sss numbers, previous
and current health records, licenses or its denials, suspension, or revocation and tax returns

RIGHTS OF THE DATA SUBJECT

- Be informed whether personal information pertaining to him or her shall be, are being or have
been processed
 - Be furnished the information before the entry of his or her personal information into the
processing system of the personal information controller

PERSONAL INFORMATION CONTROLLER SHOULD PROVIDE

- Description of the personal info to be entered into the system
- Purposes for which they are being or are to be processed
- Scope and method of the personal information processing
- The recipients or classes of recipients to whom they are or may be disclosed
- Methods utilized for automated access, if the same is allowed by the data subject, and the
extent to which such access is authorized
- The identity and contact details of the personal info controller or representative
- The period for which the information will be stored
- The existence of their rights, i.e, to access, correction, as well as the right to lodge a complaint
before the Commission

Principle of Accountability:
Each personal information controller is responsible for the personal information under its
control or custody, including info that have been transferred to a third party for processing, whether
domestically or internationally, subject to cross-border arrangement and cooperation

Penalties
1. Unauthorized Processing of Personal Info and Sensitive Personal Info
- Imprisonments 1 year to 3 years and a fine of not less than 500,000 but not more 2,000,000
shall be imposed on persons who process personal info without consent of the data subject or
without being authorized under this Act or any existing law

2. Unauthorized Processing of personal sensitive info

- Imprisonments 3 years to 6 years and a fine of not less than 500,000 but not more 4,000,000
shall be imposed on persons who process personal info without consent of the data subject or
without being authorized under this Act or any existing law

3. Accessing Personal Information and Sensitive Personal Info due to negligence

- Imprisonment ranging from 1 year to 3 years and a fine of not less than 500,000 but not more
than 2,000,000 shall be imposed on persons who due to negligence, provide access to personal
info without being authorized under this Act or any existing law

4. Accessing sensitive personal info due to negligence

- Imprisonment ranging from 3 years to 6 years and a fine of not less than 500,000 but not more
than 4,000,000 shall be imposed on persons who due to negligence, provide access to personal
info without being authorized under this Act or any existing law

5. Improper Disposal of Personal Info and Sensitive Personal Info

- Imprisonment ranging from 6 months to 2 years
- Fine of not less than 100,000 but not more than 500,000
- Persons who knowingly or negligently dispose or discard or abandon the personal info of an
individual in an area accessible to the public or has otherwise placed the personal info of an
individual in its container for trash collection
 6. Processing of Personal Info and Sensitive Personal Info for Unauthorized Purposes
- Imprisonment ranging from 1 year and 6 months to 5 years
- Fine of not less than 500,000 but not more than 1,000,000
- Imposes on persons processing personal info for purposes not authorized by the data subject

7. Unauthorized Access or Intentional Breach

- Imprisonment ranging from 1 year to 3 years
- Fine not less than 500,000 but not more than 2,000,000
- Persons who knowingly and unlawfully or violating data confidentiality and security data
systems, breaks in any way into any system

8. Malicious Disclosure
- Any personal info controller or personal info processor or any of its officials, employees or
agents who with malice or bad in faith, discloses unwarranted or false info relative to any
personal info or personal sensitive info obtained by him or her
- Imprisonment ranging from 1 year and 6 months to 5 years
- Fine of not less than 500,000 but not more than 1,000,000

Data Quality- overall utility of a dataset as a function of its ability to be processed easily and analyzed for
a database, data warehouse or data analytics team

ASPECTS:
- Accuracy
- Completeness
- Relevance
- Consistency
- Reliability
- Presentability
- Accessibility

Lot Assurance Sampling (LQAS)- tool that allows use of small random samples to distinguish between
groups of data elements (lots) with high and low data quality
Purpose:
- Used in data quality assurance
- Used in district health information system (DHIS) in establishing their monthly reports, sections
monthly report and group data elements

Routine Data Quality Assessment (RDQA)

- Simplified version of Data Quality Audit (DQA)
- Allows programs and projects to verify and assess the quality of reported data
- Aims to strengthen data management and reporting system
Objectives:
- Rapidly verify the quality of reported data for key indicators at selected sites
- Implement corrective measures with action plans
- Monitor capacity improvements

Uses:
- Routine data quality checks
 - Initial follow-up assessment of data management and reporting systems
- Strengthening of the program staff’s capacity in data management and reporting
- Preparation for a formal data quality audit
- External assessment by partners of the quality of data

DATA IMPLEMENTATION PLAN

- Project management tool that illustrates how a project is expected to process at a high level
- Ensure that a development team is working to deliver and complete tasks on time
- Ensures efficient flow of communication between those who are involved in the project
- Validates the estimation and schedule of the project plan

DATA QUALITY TOOLS

- Analyzes information
- Identifies incomplete or incorrect data
- Used prior to data cleansing
- Maintains data integrity

Uses of Data Quality Tools:

- Parsing and standardization
- Generalized data cleansing
- Matching
- Profiling
- Monitoring
- Enrichment

ROOT CAUSE ANALYSIS:

- Identifies the root causes of problems or events
- Improves the quality of products and services
- Systemic way of addressing problems and finding effective solutions
- Used in protocol development and strategic planning

TECHNIQUES:
1. Failure Mode and Effective Analysis (FMEA)
- Aims to find various modes of failure within a system
- Used when new product or process launch
- During updates of the product
- Problem is reported through customer feedback

2. Pareto Analysis
- Uses pareto principle: 20% of the work creates 80% of the results
- Used when there are multiple potential causes to a problem
- Uses a bar graph and tracks collective percentage in a line graph to the top of the table. The
reflected causes from the table should account for at least 80% of those involved in the analysis.

3. Fault Tree Analysis (FTA)

- used in risk and safety analysis
- uses Boolean logic: all values are either true or false
- undesirable result at the top and potential causes below
4. Current Reality Tree (CRT)
- Used when root causes of multiple problems need to be analyzed at once
- Problems are listed down followed by the potential cause of the problem to identify the
common cause

5. Ishikawa Diagram/ Fish Bone Diagram

- Aka cause and effect diagram
- Shows categorized causes and sub-causes of a problem
- Useful in grouping causes

6. Kepner-Tregoe Technique
- Breaks a problem down to its root cause by assessing a situation using priorities and order of
concern for specific issues
- Outlined various solutions to address the problem
- Potential problem analysis is made to endure sustainability of recommended actions

7. Rapid Problem Resolution (RPR Problem Diagnosis)

- Diagnoses the causes of recurrent problems
- Uses Discover- Investigate- Fix technique