Security of sensitive personal information in Government

1. Responsibility of Heads of Agencies

All sensitive personal information maintained by the government, its agencies, and instrumentalities shall be secured, as far as practicable, with the use of the most appropriate standard recognized by the information and communications technology industry, subject to these Rules and other issuances of the Commission. The head of each government agency or instrumentality shall be responsible for complying with the security requirements mentioned herein. The Commission shall monitor government agency compliance and may recommend the necessary action in order to satisfy the minimum standards. (Section 30, Rule VII, IRR of the Data Privacy Act)

2. Requirements Relating to Access by Agency Personnel to Sensitive Personal Information.

a. On-site and Online Access

1. No employee of the government shall have access to sensitive personal information on government property or through online facilities unless he or she the employee has received a security clearance from the head of the source agency. The source agency is the government agency who originally collected the personal data.

2. A source agency shall strictly regulate access to sensitive personal information under its custody or control, particularly when it allows online access. An employee of the government shall only be granted a security clearance when the performance of his or her official functions or the provision of a public service directly depends on and cannot ...

Already a subscriber? Log in below. Not yet a member? Subscribe. No advertisements when you are logged in.

Similar Posts