Most Discussed Threads

default avatar
Compliance of Banks with BSP Requirements and DPA
Banks 6 months agoBy: marian_padin

Will the compliance of banks with BSP requirements be considered compliance with the DPA and IRR? Some requirements overlap. Will NPC defer to the BSP on this matter? We understand that there is a possibility of a memorandum of agreement between NPC and BSP to align their requirements; is there any update on this?

2     6
default avatar
Consent of contact reference provided by the client.
Non-bank Financial Institution 4 months agoBy: [email protected]

Hi Team, 

I would like to inquire If one of our requirement for granting a loan for a client is a contact reference number on whom we wil confirm information of the client and also as an alternate contact if in case the client is unreachable, should we also get that consent from the provided contact reference or we can assume that the client has already got the consent of the contact reference they provided?

In the data privacy perspective how can we be covered if this happens?


0     2
default avatar
DPO ACE Program
Non-bank Financial Institution 4 months agoBy: [email protected]

When will be the release of the DPO ACE program this 2019?

3     2
default avatar
Education Sector FAQs v.2
Education 6 months agoBy: lainelumanog


Education SECTOR

Frequently Asked Questions


  • Is the fact that an individual has passed the entrance exam of a school considered personal information about education, and therefore, qualifies as sensitive personal information?

In our Advisory Opinion No. 2018-020, we treated the names of who have passed entrance exams as personal information. As such, the posting of the names of successful examinees were grounded on Section 12 (f) of the Data Privacy Act of 2012 (DPA) as such posting was necessary for the purposes of the legitimate interest of the institution.

5     2
default avatar
FAQ Hotels
Hotels 6 months agoBy: issagayas



Frequently Asked Questions


Q. 1. Does the Data Privacy Act of 2012 (DPA) apply to hotels?

The Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing. If you collect, store, use, share, or disclose any information about a person, the Act applies to your establishment.

Aside from hotels, the law also applies to similar accommodation providers like resorts, tourist inns, pension houses, and serviced apartments who process personal information.


Q. 2. ...

5     2
default avatar
Retail/Manufacturing 6 months agoBy: levibcruz

Suggesting the creation of a unique Channel for the Distribution segment or industry as that for Retial/Direct Marketing does NOT seem to fit our business model. Is this workable come the next Data Privacy Stakeholders Assembly or any upcoming DPO-centric caucus or session? Thank you.

2     2
default avatar
FAQs from the Government Sector
Government 6 months agoBy: Glenda Leah Caringal

Here are answers to the FAQs of the Government Sector

2     2
default avatar
DPO Summit 21: Open Forum Question 2
Retail/Manufacturing 2 weeks agoBy: krishna.tana

QUESTION 2: It is customary in our company to post birthday celebrants every month. Do we violate their privacy?

ANSWER: Age (and by implication Birthday) is a sensistive personal information. The law provides that a sensitive personal information can only be processed on the basis of data subject's consent or other legal basis provided under Section 13 of DPA. 

If the purpose of the processing (posting of birthday celebrant) does not fall under any legal basis under Section 13, you can only post such upon the celebrant's consent. 

TIP: If you encounter a situation where you ...

2     1
default avatar
Privacy for Foundations and other Charity Organizations
National Privacy Commission (Public) 5 months agoBy: meloalcala

Are foundations and/or Charity Organizations required to comply with RA10173??

1     1
default avatar
Opt-in vs Opt-out
Non-bank Financial Institution 4 months agoBy: beth.perez


In taking consent and upholding the right of the data subject to object, when and how Opt-In and Opt-out approach can be best applied?

0     1