Scribd
Upload
7 views3 pages

Personal Information Processing Guidelines

The document outlines the principles and criteria for the lawful processing of personal information, emphasizing transparency, legitimate purpose, and proportionality. It specifies conditions under which personal information can be processed, including consent from the data subject and compliance with legal obligations. Additionally, it addresses the handling of sensitive personal information, subcontracting of data processing, and the principle of privileged communication.

Uploaded by

asaytonoria23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
7 views3 pages

Personal Information Processing Guidelines

The document outlines the principles and criteria for the lawful processing of personal information, emphasizing transparency, legitimate purpose, and proportionality. It specifies conditions under which personal information can be processed, including consent from the data subject and compliance with legal obligations. Additionally, it addresses the handling of sensitive personal information, subcontracting of data processing, and the principle of privileged communication.

Uploaded by

asaytonoria23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

PROCESSING OF PERSONAL INFORMATION

Section 11. General Data Privacy Principles. – The processing of personal information shall be
allowed, subject to compliance with the requirements of this Act and other laws allowing disclosure
of information to the public and adherence to the principles of transparency, legitimate purpose and
proportionality.

Personal information must, be:

(a) Collected for specified and legitimate purposes determined and declared before, or as
soon as reasonably practicable after collection, and later processed in a way compatible with
such declared, specified and legitimate purposes only;

(b) Processed fairly and lawfully;

(c) Accurate, relevant and, where necessary for purposes for which it is to be used the
processing of personal information, kept up to date; inaccurate or incomplete data must be
rectified, supplemented, destroyed or their further processing restricted;

(d) Adequate and not excessive in relation to the purposes for which they are collected and
processed;

(e) Retained only for as long as necessary for the fulfillment of the purposes for which the
data was obtained or for the establishment, exercise or defense of legal claims, or for
legitimate business purposes, or as provided by law; and

(f) Kept in a form which permits identification of data subjects for no longer than is necessary
for the purposes for which the data were collected and processed: Provided, That personal
information collected for other purposes may lie processed for historical, statistical or
scientific purposes, and in cases laid down in law may be stored for longer
periods: Provided, further, That adequate safeguards are guaranteed by said laws
authorizing their processing.

The personal information controller must ensure implementation of personal information processing
principles set out herein.

Section 12. Criteria for Lawful Processing of Personal Information. – The processing of personal
information shall be permitted only if not otherwise prohibited by law, and when at least one of the
following conditions exists:

(a) The data subject has given his or her consent;

(b) The processing of personal information is necessary and is related to the fulfillment of a
contract with the data subject or in order to take steps at the request of the data subject prior
to entering into a contract;

(c) The processing is necessary for compliance with a legal obligation to which the personal
information controller is subject;

(d) The processing is necessary to protect vitally important interests of the data subject,
including life and health;
(e) The processing is necessary in order to respond to national emergency, to comply with
the requirements of public order and safety, or to fulfill functions of public authority which
necessarily includes the processing of personal data for the fulfillment of its mandate; or

(f) The processing is necessary for the purposes of the legitimate interests pursued by the
personal information controller or by a third party or parties to whom the data is disclosed,
except where such interests are overridden by fundamental rights and freedoms of the data
subject which require protection under the Philippine Constitution.

Section 13. Sensitive Personal Information and Privileged Information. – The processing of
sensitive personal information and privileged information shall be prohibited, except in the following
cases:

(a) The data subject has given his or her consent, specific to the purpose prior to the
processing, or in the case of privileged information, all parties to the exchange have given
their consent prior to processing;

(b) The processing of the same is provided for by existing laws and
regulations: Provided, That such regulatory enactments guarantee the protection of the
sensitive personal information and the privileged information: Provided, further, That the
consent of the data subjects are not required by law or regulation permitting the processing
of the sensitive personal information or the privileged information;

(c) The processing is necessary to protect the life and health of the data subject or another
person, and the data subject is not legally or physically able to express his or her consent
prior to the processing;

(d) The processing is necessary to achieve the lawful and noncommercial objectives of
public organizations and their associations: Provided, That such processing is only confined
and related to the bona fide members of these organizations or their associations: Provided,
further, That the sensitive personal information are not transferred to third parties: Provided,
finally, That consent of the data subject was obtained prior to processing;

(e) The processing is necessary for purposes of medical treatment, is carried out by a
medical practitioner or a medical treatment institution, and an adequate level of protection of
personal information is ensured; or

(f) The processing concerns such personal information as is necessary for the protection of
lawful rights and interests of natural or legal persons in court proceedings, or the
establishment, exercise or defense of legal claims, or when provided to government or public
authority.

Section 14. Subcontract of Personal Information. – A personal information controller may


subcontract the processing of personal information: Provided, That the personal information
controller shall be responsible for ensuring that proper safeguards are in place to ensure the
confidentiality of the personal information processed, prevent its use for unauthorized purposes, and
generally, comply with the requirements of this Act and other laws for processing of personal
information. The personal information processor shall comply with all the requirements of this Act
and other applicable laws.
Section 15. Extension of Privileged Communication. – Personal information controllers may invoke
the principle of privileged communication over privileged information that they lawfully control or
process. Subject to existing laws and regulations, any evidence gathered on privileged information is
inadmissible.

CHAPTER IV

You might also like