Friday, December 7, 2012

Data privacy


Does anyone hate you? Is anyone threatening your life? Well today is your lucky day. When your information is posted in the internet its like showing to the whole world your crotch or your vagina. Such pa part is so private, and so as the information about as that only our friends and relatives may know. Pretty lucky for those who are the attention seekers because everyone may know if they want to stalk him or her. Even the celebreties doest want that to happen.. And pretty worse for the normal ones who wants to live a peaceful life and those who have lots of enemies who are recieving lots of death threats because the killer may know where they live and where they work..

Just like the "amalayer kid" who confronted scandalously the ladyguard at the lrt2 anonas station. Though she has her fault by making a scandal but some asshole video recorded her while doing it and exposed it in the internet... Where everybody can see it. And there is this audition video on mix that she undergone a vtr for the new mix vj that is supposed to be private and kept secret on the records of abscbn, but still again another asshole posted it on the internet which caused her another disgrace.. Another headline that the social media may talk about.. But we dont know if she may be enjoying the attention or the popularity or the celebrety feeling that everyone knows her. For a normal person with integrity, that is one hell of trouble.

It seems that Information Technology and Business Process Outsourcing industry by making it in line with International Standards of Privacy protection will benefit the most maybe because they are the ones that will act as the observer here and for it to prosper is that the government will need a lot of sklls from the information technology field. They said that our era is the technology era where computer specialist will be the in demand ones rather than any other professionals. Yeah, maybe because of this. That our world will not rotate if it were not for the computer experts and programmers. For me they are like the police man and detectives of this law because they are the only ones who can identify and track the culprits which are the computer and internet hackers.

Now Republic Act No. 10173 or the Data Privacy Act of 2012 is signed by the president, what will happen to all the computer users, well almost everybody uses the computer nowadays. It says that the law Applies to the processing of all types of personal information and to any natural or juridical person involved in personal information processing including those personal information controllers and processors who, although not found in the Philippines, use equipment that are located in the Philippines or those who maintain an office, branch or agency in the Philippines

Republic Act No. RA 10173 or Data Privacy Act of 2012 was approved by PNOY last August 15, 2012. It is an act protecting individual personal information in Information and Communication System in the Government and Private Sector, creating for this purpose a National Privacy Commission and for other purposes. The National Privacy Commission will administer and implement the provisions of this Act and to monitor and ensure compliance of the country with International Standard sets for data protection.[1]

Its says there that the personal information controller must implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing. So we computer users must be afforded with protection regarding our personal information against any accidental or unlawful destruction, alteration and disclosure and also to any other unlawful processing. The personal information controller shall implement reasonable and appropriate measures to protect personal information against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination. So we are also protected from all hackers that may unlawfully access, fraudulently misuse, unlawfully destroy, alter or contaminate our computer data with fatal viruses. Thus it will protect our personal information against natural danger such as accidental loss or destruction. The determination of the appropriate level of security under this section must take into account the nature of the personal information to be protected, the risks represented by the processing, the size of the organization and complexity of its operations, current data privacy best practices and the cost of security implementation. Subject to guidelines as the Commission may issue from time to time, the measures implemented must include:
(1) Safeguards to protect its computer network against accidental, unlawful or unauthorized usage or interference with or hindering of their functioning or availability;
(2) A security policy with respect to the processing of personal information;
(3) A process for identifying and accessing reasonably foreseeable vulnerabilities in its computer networks, and for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach; and
(4) Regular monitoring for security breaches and a process for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach.

                                                                                                                                            
Just like the one who invented the ILOVEYOU, also known as Love Letter, is a computer worm that successfully attacked tens of millions of computers in 2000 when it was sent as an attachment to a user with the text "ILOVEYOU" in the subject line. The worm arrived e-mail on and after May 4, 2000 with the simple subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FOR-YOU.". The final extension was hidden by default, leading unsuspecting users to think it was a normal text file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book and with the user's sender address. It also made a number of malicious changes to the user's system. Now he works in the pentagon for his incredible skills in programming that may be used by the united states of america. But isnt he suppose to be in prison because of what he did? He invented a virus that contaminated millions of internet users. Or if not, yes because he has outstanding skills that can be used by the government, why not the philippine government and instead the united states? It just reflects the fact that filipinos are just supplier of their outstanding skilled citizens. And it also relfects that there is no opportunity here in our country thats why many filipinos choose to work for other countries and not their own because here in the philippines a lot of filipinos say that "kahit gano ka katiyaga wala kang mapapala" which is true except for those who already have an stablished life. Also the personal information controller must further ensure that third parties processing personal information on its behalf shall implement the security measures required by this provision. So even thirdpersons are responsible and may be held liable if they fail to implement in behalf of the personal information controller the implementation of the security measures required by the law. The employees, agents or representatives of a personal information controller who are involved in the processing of personal information shall operate and hold personal information under strict confidentiality if the personal information are not intended for public disclosure. This obligation shall continue even after leaving the public service, transfer to another position or upon termination of employment or contractual relations. So the employees, agents or representatives of the personal information has a fiduciary relationship with the person owning the information. They must not disclose the information they know by way of their responsibility with their job as a personal information controller. Just like a relationship between lawyers and their clients and confession between priest and a catholic. And the sweet part is even after their term of service they must still remain in concealing the information disclosed to them by the user by the rest of their lives. The personal information controller shall promptly notify the Commission and affected data subjects when sensitive personal information or other information that may, under the circumstances[2], be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the Commission believes (bat such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject. The notification shall at least describe the nature of the breach, the sensitive personal information possibly involved, and the measures taken by the entity to address the breach. Notification may be delayed only to the extent necessary to determine the scope of the breach, to prevent further disclosures, or to restore reasonable integrity to the information and communications system. The information technology experts must take responsibility for the preservation of the communication system. In evaluating if notification is unwarranted, the Commission may take into account compliance by the personal information controller with this section and existence of good faith in the acquisition of personal information. and the Commission may exempt a personal information controller from notification where, in its reasonable judgment, such notification would not be in the public interest or in the interests of the affected data subject. it also says that the Commission may authorize postponement of notification where it may hinder the progress of a criminal investigation related to a serious breach. I dont like the part where the law gives the commission the power to postpone notification where it may hinder the progress of criminal investigation. Yeah the inaction of postponement will be a hindrance to the delivering of the service but it is still violence against to the right of an individual. However, it is correct that the right of the collective is greater than the right of an individual



[1] http://gb-sb.blogspot.com/2012/08/what-is-ra-10173-or-data-privacy-act-of.html
[2] http://money.cnn.com/2000/05/05/technology/loveyou/