Framework of engagement : big data for official use Roy D. Ibay AVP Regulatory PLDT – Smart

 “Data is increasingly building up on who we are, who we know, where we are, where we have been and where we plan to go. Mining and analyzing this data lets us understand and predict how people behave at the individual, group and global level.”  “ The types, quantity and value of data being collected are vast: from personal profiles on sites like Facebook or Instagram to demographic data, from bank accounts to medical records to employment profiles. Our web searches and sites visited, including our likes and dislikes and purchase histories; our heart rates, food intake, home temperatures, whether our lights are on or off.” Source: Data and the fourth industrial revolution (2 Dec 2015) by Alan Marcus Senior Director, Head of Information Technology and Telecommunications Industries, World Economic Forum.

 TYPES OF RAW DATA (on line/off line)  PUBLIC  PERSONAL  PHYSICAL

Government/ Public Agencies  Philippine Statistical Authority  other gov’t agencies (LGUs, etc)  PAG ASA

Private Companies PLDT TALAS

Atos Global

Potential for big data use  Market research  Medical research  Search engines  Credit scores  Tax databases  Fight against terrorism  Combination with physical data  Migration, mobility, behavior, patterns, unlimited potential

Philippine Framework Other laws :  Anti-Wire tapping law (R.A. 4200)  NTC MC  DTI Department Administrative Order #8  Access Device Regulation Act  E Commerce Act (R.A. 8792)  Human Security Act of 2007  Cybercrime law

Data Privacy Act (R.A )

 PRINCIPLES OF DATA PROTECTION  Fair and lawful  Specific Purpose  Adequate  Retention  Rights  Security

 Draft implementing rules released ( 17 June 2016)  No final rules yet in place  Extra territorial application of the law ( sec. 6)  Person or entity processing personal data is found in the Phils.  Processing relates to personal data of Filipino or resident of the Phils.  Act of processing is done in the Philippines  Act of processing by an entity has links to the Philippines (equipment, contract, central management in country, branch /agency, entity holds data in country)

 DATA PRIVACY OFFICER  accountable for ensuring compliance  Manage the privacy aspect in all areas of operation (human resources)  Plan, implement and evaluate programs ( i.e. accountability and transparency) for data privacy, security  PERSONAL INFORMATION CONTROLLERS  Protocol, design for data collection,  Policy and procedure for data subjects to exercise their rights  Access management policy  Procedures to limit, monitor, remedies for breach, disposal of records  Contracts with third parties; quality management program  Guidelines for physical security, technical security

Principles for Data sharing (RA 10173)  Data sharing or further processing of personal data  Specifically provided for by law or allowed  Data subject consents to the data sharing  Data sharing for commercial purpose covered by an agreement  Data subject be provided with the following information ( identity of all controllers, purpose, categories, intended recipients, rights of subject, other info)  Further processing adhere to data privacy act principles  Data sharing agreement should be comprehensive enough  Agreement shall be subject for review by Commission  Other cases allowed by the Commission

GSMA Privacy Design Guidelines for Mobile Applications

 WHY LOCATION DATA PRIVACY MANAGEMENT IS CHALLENGING Growing Complexity:  Access  Technology  Business models  Data Uniquely Sensitive :  Inference  Completeness  Hidden Details Legal Differences :  Unclear precedence & similarities  (Location forum-location data privacy guidelines)

 FURTHER CHALLENGES  Device (new technologies, artificial intelligence)  Man to Machine  Machine to Machine  ACCURACY, INTEGRITY, COMPETENT AUTHORITY

END OF PRESENTATION thank you