ALBURO ALBURO AND ASSOCIATES LAW OFFICES ALBURO ALBURO AND ASSOCIATES LAW OFFICES
contact  

Quezon City, Philippines


contact

(02)7745-4391


contact

info@alburolaw.com

contact

MON-SAT 8:30AM-5:30PM

June 1, 2022 rizzlemay

GENERAL PRINCIPLES IN COLLECTION, PROCESSING AND RETENTION OF DATA UNDER THE DATA PRIVACY ACT

Image via: https://www.iff-international.com/wordpress/wp-content/uploads/2017/08/Data-collection-in-quantitative-research-4-1024×538.jpg

Read also: EXEMPTION FROM NOTIFICATION REQUIREMENTS IN CASES OF DATA PRIVACY BREACH

  • Collection must be for a declared, specified, and legitimate purpose.

  • Personal data shall be processed fairly and lawfully.

  • Processing of data should ensure data quality and personal data collected shall not be retained longer than necessary.

The processing of personal data must adhere to general principles in the collection, processing, and retention of personal data provided for by the Data Privacy Act.

The Implementing Rules and Regulations of Republic Act No. 10173, known as the “Data Privacy Act of 2012” provides that:

a. Collection must be for a declared, specified, and legitimate purpose.

  1. Consent is required prior to the collection and processing of personal data, subject to exemptions provided by the Data Privacy Act and other applicable laws and regulations. When consent is required, it must be time-bound in relation to the declared, specified and legitimate purpose. Consent given may be withdrawn.
  2. The data subject must be provided specific information regarding the purpose and extent of processing, including, where applicable, the automated processing of his or her personal data for profiling, or processing for direct marketing, and data sharing.
  3. Purpose should be determined and declared before, or as soon as reasonably practicable, after collection.
  4. Only personal data that is necessary and compatible with declared, specified, and legitimate purpose shall be collected.

b. Personal data shall be processed fairly and lawfully.

  1. Processing shall uphold the rights of the data subject, including the right to refuse, withdraw consent, or object. It shall likewise be transparent, and allow the data subject sufficient information to know the nature and extent of processing.
  2. Information provided to a data subject must always be in clear and plain language to ensure that they are easy to understand and access.
  3. Processing must be in a manner compatible with declared, specified, and legitimate purpose.
  4. Processed personal data should be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
  5. Processing shall be undertaken in a manner that ensures appropriate privacy and security safeguards.

c. Processing should ensure data quality.

  1. Personal data should be accurate and where necessary for declared, specified and legitimate purpose, kept up to date.
  2. Inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted.

d. Personal Data shall not be retained longer than necessary.

  1. Retention of personal data shall only for as long as necessary:
    1. for the fulfillment of the declared, specified, and legitimate purpose, or when the processing relevant to the purpose has been terminated;
    2. for the establishment, exercise or defense of legal claims; or
    3. for legitimate business purposes, which must be consistent with standards followed by the applicable industry or approved by appropriate government agency.
  2. Retention of personal data shall be allowed in cases provided by law.
  3. Personal data shall be disposed or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public, or prejudice the interests of the data subjects.

e. Any authorized further processing shall have adequate safeguards.

  1. Personal data originally collected for a declared, specified, or legitimate purpose may be processed further for historical, statistical, or scientific purposes, and, in cases laid down in law, may be stored for longer periods, subject to implementation of the appropriate organizational, physical, and technical security measures required by the Act in order to safeguard the rights and freedoms of the data subject.
  2. Personal data which is aggregated or kept in a form which does not permit identification of data subjects may be kept longer than necessary for the declared, specified, and legitimate purpose.
  3. Personal data shall not be retained in perpetuity in contemplation of a possible future use yet to be determined.

Alburo Alburo and Associates Law Offices specializes in business law and labor law consulting. For inquiries, you may reach us at info@alburolaw.com, or dial us at (02)7745-4391/0917-5772207.

All rights reserved.

SUBSCRIBE NOW FOR MORE LEGAL UPDATES!

[email-subscribers-form id=”4″]

Share
Tweet
Share
0 Shares

21 thoughts on “GENERAL PRINCIPLES IN COLLECTION, PROCESSING AND RETENTION OF DATA UNDER THE DATA PRIVACY ACT

Leave a Reply

Your email address will not be published. Required fields are marked *

0 Shares
Share
Tweet
Share