Living in the IT Era:

Instructional Material for GEE 1

 Module 6 - Privacy
MODULE OVERVIEWSTUDY GUIDE FOR MODULE NO. 6

Privacy can be described as imposing constraints on access to and/or use of personal

information.

Privacy refers to the usage of information collected about individuals and stored in databases.
This module will discuss the difference between privacy and security, explain various risks to
Internet privacy, and identify and understand the different key privacy and anonymity issues.

MODULE LEARNING OBJECTIVES

At the end of this, students are expected to:

1. Difference between privacy and security.

2. Explain various risks to Internet privacy.
3. Identify and understand the different key privacy and anonymity issues.

LEARNING CONTENTS (Privacy Protection and the Law)

WHAT IS PRIVACY?

Privacy focuses on having control and regulation over the sharing or revealing of certain data
about yourself or your behavior. Privacy is often hard to return by lately because we are so
connected and open with our information. Two decades ago, internet privacy would have
meant ensuring your computer’s network connection was secure. Now a days, we use more
internet-connected devices during a single day, including your smartphone, smart home
device, smartwatch, tablet, and laptop.

Much of the web today is being employed by big companies like Google, Facebook, and
Amazon trying to gather people’s data for monetization and marketing purposes. Another
problem experience is that not only our privacy being captured, but it’s also being given in a
privacy-focused products. In many cases, when we’re given access to a free product, we pay
with our data information. If we don’t want to be tracked, we often need to prefer to use paid,
privacy-friendly options.

INFORMATION PRIVACY

Information privacy is that the relationship among the gathering and circulation of
information, technology, the public expectation of privacy, and therefore the legal and political
issues surrounding them. It is also best-known as data privacy or data protection.

Data privacy is difficult since it try to use data while securing a person's privacy
preferences and personally typical information. The fields of computer security, data

2
security, and knowledge security all design and use software, hardware, and human
resources to deal with this issue.

Information privacy, data privacy or data protection laws render a legal structure on
the way to get, use and store data of natural persons. The various laws all over the world
describe the interest of natural persons to regulate who is using its data. This includes
usually the proper to urge details on which data is stored, for what intention and to request
the deletion just in case the aim isn't given anymore.
✓ For all data gathered, there should be a stated purpose.
✓ Information collected from a private can't be expose to other organizations or
individuals unless clearly authorized by law or by consent of the individual.
✓ Records kept on an individual should be authentic and up to date.
✓ There should be instrument for individuals to review data about them, to check
accuracy. This may include periodic reporting.
✓ Data should be removed when it's not needed for the stated purpose.
✓ Transmission of private information to determine where "equivalent" personal data
protection can't be confirmed is prohibited.
✓ Some data is just too sensitive to be collected, unless there are severe circumstances
(e.g., sexual orientation, religion).

What is Privacy Protection?

Privacy protection is keeping the information you’d like to secure to yourself from getting
into the custody of companies, hackers, government organizations, and some other
groups. The explanation of privacy protection changes from person to person. Each
person has various assumptions of privacy, therefore the level of security they want to
feel that their privacy is really secure limit importantly.

Advantages of Privacy Protection

• Protect Your Personal Data

Privacy protection keeps your personal data secure from people that might
want to take advantage of it. Minimizing your digital trace makes it harder for
people to make advantage of your data.

• Stop Unwanted Solicitations

Without privacy, marketers can target advertisements and other messaging at
once to you. If these sorts of ads bother you, the simplest way to avoid them
is to stop the marketers from getting your data. Privacy-intrusive data
collection runs the web advertising industry. If you'll end the flow of
information you give to the marketers, they’ll not be ready to target you with
ads.

• Protect Your Email Address

3
 If you'll keep third-parties from acquiring your email address, you'll avoid
getting plenty of unwanted spam email. Willingly giving out your email leads to
an intense flow of advertising messages in your inbox.

Disadvantages to Privacy Protection

• Privacy-Focused Products Cost Money

Keeping your personally distinctive data secure isn’t free. Because more
mainstream services gather and exchange your data to form money, private
alternatives need to adopt various business models. Free tools often collect
your information, so you don’t need to pay. Privacy-friendly business models
often use a subscription-based payment model.

• Is it Really Private?
You can take all recommended step towards privacy and as to one deficiency,
leak your information. It’s our viewpoint that any privacy protection is best than
none, but it could be overwhelming. If you sense like your efforts aren’t being
honor, it might be difficult to continue using privacy-focused products and
services.

• Your Information Might Still Be Public

If you need privacy products your data should be private. Forgetting only
one aspect of protecting your privacy could let your personal information slip
into an enormous database and within the hands of an online advertiser.

• Your Reputation May Be In Question

There are some spots surrounding privacy on the web. Some people feel
that the merely reason that somebody would want to hide their tracks online is
because they’re performing something illegal. While this isn’t the case, it’s an
hopeless condition for anyone who sees the benefits of keeping your internet
activity hidden from prying eyes.

PHILIPPINES – THE DATA PRIVACY ACT OR RA NO. 10173

In 2012, the Philippines passed Republic Act No. 10173 or the Data Privacy Act of 2012
(DPA) “to protect the fundamental human right to privacy of communication while ensuring
free flow of information to promote innovation and growth. The State recognizes the vital role
of information and communications technology in nation-building and its inherent obligation to
ensure that personal information in information and communications systems in government
and in the private sector are secured and protected”.

The DPA was passed in accordance with the Philippines agreements under ASEAN Vision
2020 and at the urging of the growing business process outsourcing industry. The law was
modeled after the Data Protection Directive (95/46/EC) with many of its terminologies and
provisions like privacy laws in other jurisdictions.

4
What acts are covered by the DPA?

The DPA and its Implementing Rules and Regulations (IRR) apply to all acts done or
practices engaged in and outside of the Philippines if:

• If the person, either an individual or an institution, involved in the processing of

personal data is in the Philippines;
• The act or practice involves personal data of a Philippine citizen or Philippine resident;
• The processing of personal data is done in the Philippines; or
• The act, practice or processing of personal data is done by an entity with links to the
Philippines, subject to international law and comity.

“Personal data” refers to all types of personal information.

“Processing” is any operation/s performed upon personal data. These operations include, but
are not limited to the collection, recording, organization, storage, updating or
modification, retrieval, consultation, use, consolidation, blocking, erasure, or
destruction of data.

Who implements the DPA?

The National Privacy Commission (NPC) oversees administering and implementing the DPA.
It is also tasked to monitor and ensure compliance of the Philippines with international
standards for personal data protection. The major functions of the NPC are as follows:

• Rulemaking.
• Advisory. The NPC is the advisory body on matters related to personal data protection.
• Public education. The NPC shall launch initiatives to educate the public about data
privacy, data protection and fair information rights and responsibilities.
• Compliance and monitoring. The body has compliance and monitoring functions to
ensure personal information controllers comply with the law. It is also tasked to
manage the registration of personal data processing systems.
• Complaints and investigations.
• Enforcement.

“Personal information controller” is an individual or institution, or any other body who controls
the processing of personal data, or instructs another to process personal data on its behalf.

How to comply with the Data Privacy Act?

If you are a personal information controller, you must follow the following by the law:

Registration of data processing systems (DPS). An individual or institution employing fewer

than 250 employees need not register unless its data processing operations: involves sensitive

5
personal information of at least 1,000 individuals; likely to pose a risk to the rights and
freedoms of data subjects; or the processing is not occasional.

Notification of automated processing operations where the processing becomes the sole
basis of making decisions about a data subject and when the decisions would significantly
affect the data subject. A “data subject” is an individual whose personal, sensitive personal or
privileged information is process.

NOTE: No decision with legal effects concerning a data subject shall be made solely based
on automated processing without the consent of the data subject. The consent may be in
written, electronic or recorded form. It may be given by a lawful representative or agent.

Appointment of a Data Protection Officer in charge of ensuring compliance with the DPA;
Creation of a data breach response team that will at once address security incidents or
personal data breach; Adoption of data protection policies that support data security
measures and security incident management; Annual report of the summary of documented
security incidents and personal data breaches; and Compliance with other requirements as
may be provided by the NPC.

LEARNING CONTENTS (Key Privacy and Anonymity Issues)

PRIVACY AND ANONYMITY ISSUES

Data Breaches

Data breaches involving big databases of personal information have resulted in a tremendous
number of identity theft occurrences. Data breaches are occasionally the result of hackers
hacking into a database, but often, they are the result of negligence or a failure to follow
adequate security standards.

Organizations are hesitant to reveal data breaches for fear of negative publicity and consumer
litigation. Victims whose personal information was compromised because of a data breach,
on the other hand, need to be informed so that they can take precautionary steps.

The cost of a data breach to a business is sometimes expensive. Approximately half of the
value is often a result of missed business potential relating to clients whose patronage has
been lost because of the occurrence. Other expenses include public-relations charges to
protect the firm's reputation, as well as higher customer-service fees for information hotlines
and credit monitoring services for victims.

Electronic Discovery

The compilation, preparation, examination, and production of electronically stored material for
use in criminal and civil actions and procedures is known as electronic discovery (e-discovery).
Electronically stored information (ESI) is any type of digital data, such as electronic mails,
drawings, graphs, Web sites, pictures, word-processing files, sound/audio recordings, and

6
databases, that is saved on any type of electronic storage device, such as hard drives, CDs,
and flash drives. Several types of ESI of a private or personal nature (e.g., personal emails)
are extremely likely to be exposed throughout the e-discovery process.

Traditional software increase firms as well as legal organizations have established the
growing need for enhanced processes to speed up and lessen the costs associated with
e- discovery. As a result, lots of companies offer e- discovery software that cater the
ability to do the following:

• Evaluate large volumes of ESI instantly to perform early case assessments.

• Simplify and assign data collection from across all relevant data sources in various
data formats.
• Choose large amounts of ESI to lessen the include documents that need to processed
and reviewed.
• Identify all participants in an investigation to figure out who knew what and when.

E-discovery increase many ethical issues: Should an organization ever plan to destroy or
hide incriminating evidence that would rather be revealed during discovery? To what
degree must an organization be proactive and careful in supplying evidence needed
through the discovery process? Should an organization plan to hide incriminating
evidence during a mountain of trivial, routine ESI?

Consumer Profiling
When people register on websites, take surveys, fill out forms, or take part in online
competitions, companies fully collect personal information about them. Various firms also
collect information on Web surfers using cookies, which are text files that are transferred to
the hard disks of users who visit a website so that the website can recognize visitors on later
visits.

Tracking software is frequently used by businesses to allow their websites to examine surfing
behavior and deduce personal interests and preferences. The use of cookies and tracking
software is dubious since corporations may obtain information about customers without their
knowledge. Cookies, once saved on your computer, allow a website to customize the
advertising and promotions that are displayed to you. The marketer is aware of which
advertisements are being seen the least and ensures that they are not shown again unless
the advertiser has chosen to promote utilizing repetition. Some cookies may also monitor
which other websites a person has visited, allowing advertisers to use that information to make
informed estimates about the types of advertising that would be almost fascinating to the user.

Consumer data privacy has evolved into a key marketing concern. Companies that are unable
to safeguard or respect consumer information frequently lose business, and some become
defendants in class action lawsuits arising from privacy violations.

Consumer profiling opponents are also worried that confidential information is being gathered
and shared with other parties without the consent of the customers who supply the information.
Consumers have no means of knowing how or who is using the information once it has been

7
gathered.

Workplace Monitoring

There is enough data to support the idea that many workers squander significant amounts of
time doing non-work-related activities. According to one recent survey, between 60% and 80%
of workers' internet time is spent on non-work-related activities. According to another research,
workers spend roughly four or five hours each week on personal problems on average.
According to a recent poll conducted by an IT staffing business, 54% of firms reported
restricting the usage of social networking to help reduce waste at work.

The actual for decreased productivity and increased legal liabilities has led many
employers to watch workers to make sure that corporate IT usage policies are being
followed. Many firms find it necessary to record and review employee communications
and activities on the job, along with phone calls, email, and Web surfing. Some are even
videotaping employees on the work. In addition, some companies use random drug
testing and psychological testing. With some exceptions, these progressively common
(and many would say intrusive) practices are perfectly legal.

Advanced Surveillance Technology

Several breakthroughs in information technology, such as surveillance cameras and satellite-

based systems that can detect a person's actual position, provide incredible new data-
gathering capabilities. However, these advancements have the potential to reduce individual
privacy and simplify the problem of how much information about people's private lives should
be kept protected.

• Camera Surveillance

Surveillance cameras are employed in major cities across the world to deter crime and
terrorist activity. Critics claim that such inspection violates civil rights and are
concerned about the cost of the equipment and additional persons needed to view the
video feeds. Supporters of surveillance cameras provide report data indicating that the
cameras are effective in preventing crime and terrorism. They can provide examples
of how cameras aided in the resolution of crimes by verifying witness testimony and
aiding in the identification of criminals.

• Vehicle Event Data Recorders

A vehicle event data recorder (EDR) is a device that collects vehicle and occupant data
for a few seconds before, during, and after any vehicle incident severe enough to
cause the air bags to deploy. Sensors located throughout the vehicle collect and record
data such as vehicle speed and acceleration, seat belt use, air bag formation,
activation of any automated collision notification system, and driver actions such as
brake, accelerator, and turn signal usage. The EDR cannot collect any information that
might be used to identify the vehicle's driver. It also cannot identify if the motorist was

8
 under the influence of drugs or alcohol while operating the car.

The fact that most automobiles now come equipped with an EDR, and that the
information from this device might be used as evidence in a court of law, is unknown
to the public. The future capability of EDRs, as well as the extent to which their data
will be used in court proceedings, remains to be seen.

• Stalking Apps

Technology has made it possible for one individual to track the locations of another
person in the shortest amount of time possible, without ever having to follow the
person. Cellphone spy software, also known as a stalking application, is frequently
downloaded and installed on someone's cellphone or smartphone in minutes, allowing
the user to perform location tracking, record calls, view every text message or picture
sent or received, and record the URLs of any internet site visited on the phone. Even
when the phone is switched off, the built-in microphone is frequently triggered remotely
to be used as a listening device. All information gathered by such applications is
frequently transferred to the user's email account, where it may be read in real time or
at a later date. Some of the most popular spy software consist of Mobile Spy,
ePhone Tracker, Flexi SPY, and Mobile Nanny.

There is no law that prevents a company from developing an app whose primary aim
is to let one person track another, and this software is available for purchase on the
internet. (Some users have said that they got virus after installing stalker applications
or that the program did not work as described.) However, it is unlawful to install the
software on a phone without the owner's permission. It is also unlawful to listen in on
another person's phone calls without their knowledge and consent. These legal
nuances, however, are not a deterrent to a persistent stalker.