GUIDELINES FOR TECHNICAL SECURITY MEASURES UNDER DATA PRIVACY ACT

Read also: PHYSICAL SECURITY MEASURES UNDER DATA PRIVACY ACT

• Technical Security Measures must be adopted to protect personal data, these includes protecting the computer network against accidental, unlawful or unauthorized usage.

• Encryption, authentication process, and other technical security measures that control and limit access of personal data must also be adopted.  

• There should be a process for regularly testing, assessing, and evaluating the effectiveness of the security measures adopted.

Each personal information controller and personal information processor must implement technical security measures to ensure that there are appropriate and sufficient safeguards to secure the processing of personal data, particularly the computer network in place, including encryption and authentication processes that control and limit access.

The Implementing Rules and Regulations of Data Privacy Act provides for the Guidelines for Imposing Technical Security Measures.

Where appropriate, personal information controllers and personal information processors shall adopt and establish the following technical security measures:

1. A security policy with respect to the processing of personal data;
2. Safeguards to protect their computer network against accidental, unlawful or unauthorized usage, any interference which will affect data integrity or hinder the functioning or availability of the system, and unauthorized access through an electronic network;
3. The ability to ensure and maintain the confidentiality, integrity, availability, and resilience of their processing systems and services;
4. Regular monitoring for security breaches, and a process both for identifying and accessing reasonably foreseeable vulnerabilities in their computer networks, and for taking preventive, corrective, and mitigating action against security incidents that can lead to a personal data breach;
5. The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
6. A process for regularly testing, assessing, and evaluating the effectiveness of security measures;
7. Encryption of personal data during storage and while in transit, authentication process, and other technical security measures that control and limit access.

---

Alburo Alburo and Associates Law Offices specializes in business law and labor law consulting. For inquiries, you may reach us at info@alburolaw.com, or dial us at (02)7745-4391/0917-5772207.

All rights reserved.

---

SUBSCRIBE NOW FOR MORE LEGAL UPDATES!

[email-subscribers-form id=”4″]