Course Hero Logo

Other login data biometric data copies of

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 29 - 31 out of 304 pages.

other login data; biometric data; copies of identification documents, licenses or unique identifierslike Philhealth, SSS, GSIS, TIN number; or other similar information, which may be made thebasis of decisions concerning the data subject, including the grant of rights or benefits.
NPC Advisory No.2017-02Access to Personalneets of Government Personnel3April2017B.There is reason to believe that the information may have been acquired by an unauthorizedperson; andC.The personal information controller or the Commission believes that the unauthorizedacquisition is likely to give rise to a real risk of serious harm to any affected data subject.SECTION 12.Public Information.A claim that the data involved in a breach is public information willnot automatically exempt a personal information controller from the notification requirements providedherein. When the level of availability or publicity of the personal data is altered by a personal databreach, it shall be considered as a personal data breach requiring notification, subject to the precedingparagraphs.SECTION 13.Determination of the Need to Notify. Where there is uncertainty as to the need fornotification, the personal information controller shall take into account, as a primary consideration, thelikelihood of harm or negative consequences on the affected data subjects, and how notification,particularly of the data subjects, could reduce the risks arising from the personal data breach reasonablybelieved to have occurred. The personal information controller shall also consider if the personal datareasonably believed to have been compromised involves:A.Information that would likely affect national security, public safety, public order, or publichealth;B.At least one hundred (100) individuals;C.Information required by applicable laws or rules to be confidential; orD.Personal data of vulnerable groups.SECTION 14.Discovery of Vulnerability. A discovery of a vulnerability in the data processing systemthat would allow access to personal data shall prompt the personal information controller or the personalinformation processor, as the case may be, to conduct an assessment and determine if a personal databreach has occurred.SECTION 15.Who should Notify.The personal information controller shall notify the Commissionand the affected data subjects upon knowledge of, or when there is reasonable belief that a personal databreach has occurred. The obligation to notify remains with the personal information controller even ifthe processing of information is outsourced or subcontracted to a personal information processor. Thepersonal information controller shall identify the designated data protection officer or other individualresponsible for ensuring its compliance with the notification requirements provided in this Circular.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 304 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
NoProfessor
Tags
government personnel

Newly uploaded documents

Show More

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture