Data privacy principles

1. General Data Privacy Principles

The processing of personal data shall be allowed, subject to compliance with the requirements of the Act and other laws allowing disclosure of information to the public, and adherence to the principles of transparency, legitimate purpose, and proportionality. (Section 17, Rule IV, IRR of the Data Privacy Act)

The processing of personal data shall be allowed subject to adherence to the principles of transparency, legitimate purpose, and proportionality. (Section 18, Rule IV, Ibid.)

a. Transparency

The data subject must be aware of the nature, purpose, and extent of the processing of his or her personal data, including the risks and safeguards involved, the identity of personal information controller, his or her rights as a data subject, and how these can be exercised. Any information and communication relating to the processing of personal data should be easy to access and understand, using clear and plain language. (Section 18[a], Rule IV, Ibid.)

b. Legitimate purpose

The processing of information shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy. (Section 18[b], Rule IV, Ibid.)

c. Proportionality

The processing of information shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose. Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by ot...