L Admir.1strat1~

I I j I

r ... ·..-v:"uS & CORRESPONDENCE l~·]1l ' - I I ' ... ·~ o~cr Ta/ED I \ _. ,,, ~~ . i,J ll\ L ' a_: ~ lti - I

lj '( : I

REPUBLIC OF THE PHILIPPINES (Ji< l"E: II ~ lo tM E: Ill: ~i'f'JM I DEPARTMENT OF TRANSPORTATION I ~i; .. ;:.l.'.,q.~i::g...~10N I j

LAND TRANSPORTATION OFFICE ~~-silt:~ v ~i---1

I

E-mail Address: [email protected] • Website: WWW.Ito. o . h Admir.1strat"1~ Rotes and Regutauons East Avenue, Quezon City OFFICt. ol the tjATION.\L ,l,Qt.llNISTRATIV~ REGISTER\

MEMORANDUM ~~§~~~ ~ All Service, Division and Sections Chiefs, Regioilal Directo'I' Assistant Regional Directors, Heads of District and Extension Offices, and other Officials and Employees Concerned

T O

DATE 20 October 2020

SUBJECT Adoption of Measures and Practices in Compliance witl'.I Republic Act No. 10173 · otherwis~ · known as the "Data Privacy Act of 2012'1 1

'. •

I

In compliance with Republic Act No. 10173 otherwise known as the "Data Privacy Act of 2012" , you are hereby directed to adopt the following measures and practices:

1. Posting of the L TO Privacy Notice • The L TO Privacy Notice shall be posted in your offices particularly at the

transacting windows to inform our clients how their personal data are being processed and used. This aims to promote transparency and to give our clients more control over the way their data is collected and used.

2. Securing of alJ Documents and· Records containing Personal and Personal Sensitive Information • Keep all records (physical and digital) with personal and personal sensitive

information in a secured Records Room/Data Center wherein only the Records Officer/authorized personnel is allowed to have access on all the records. No other employee shall be allowed to have access inside the Records Room/Data Center unless, he or she fills-out an access form, approved by the Head of Office. Further, an access logbook must be filled out by everyone who shall access the records room/data center, for recording, security and traceabili ty.

G No records containing personal/personal sensitive information shall be left in the personnel's respective tables or work area after working hours.

---- - --- --- - -- - - -----·-----

I

l I I

I

I ,

I

3. Preparation and inclusion of a Non-Disclosure Clause and Non-Disclosure Agreement • A non-disclosure clause shall be included in all contracts between the L TO and

the Job Order or Contract of Service personnel to prevent the disclosure of any confidential information particularly personal and .personal sensitive information collected from clients (external or internal) in connection with their function unless authorized.

• The Human Resource Officers are required to prepare a non~disclosure .. agreement between the L TO and all the frontline personnel collecting/handling_ personal and personal sensitive information for them not to disclose any information collected from clients (external or internal) unless authorized.

For guidance and strict compliance.

Assis ta

Tl)) NOV i 7 2020 L~ CCIEil . TIME:~ SY:

- - ---- - ------·· --- - .. -- - -. .

I · I

I

I I

·1

·l I

.i

I·

I I I ! I I

1 '

DIHA PRIVACY NOTICE

1. lntrocluciion The Land Transportation Office (LTO) is committed to ensuring that your personal information is protected and secured. Should we ask you to provide certain information, by which you can be identified you can be assured that it w ill only be used in accordance with the law and this Data Privacy Policy.

2. Personal Data Collected and its Method of Collection Any information obta ined during your application shall be used in accordance with law and this Data Privacy Policy,. In processing your application you may be required to submit the following::

a. Full Name f. Civil Status j. Tax Identification No.

b. Birthdate g. Citizenship

c. Place of Birthd. Home Address h. Father/Mother/Spouse Name I<. Driver's License No.

e. Gender i. Height/Weight

Processing of your personal infonm;tion shall include the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of the data. ·

3. Purpose of Collection We shall use your personal information to provide you services pursuant to our mandate under Republic Act No. 41 36 otherwise known as the "Land Transportation and Traffic Code," as amended, <ind Republic Act No. 8792, otherwise known as the "Electronic Commerce Act." ·

By using our site and in processing your application you consent to the prpcessing of your personal information in accordance with this Data Privacy Policy.

4. Storage and Transmission The L TO stores personal data in paper-based and electronic forms. Paper-based records are stored at.the Records Rooms of ecich LTO offices, while, Electronic Records are stored in the servers ·1ocaled at the Central Office .

. We are committed to ensuring the safety and security of your personal information. Nevertheless, keep in mind that no method of transmission over the internet or method of electronic storage will guarantee full ecurity In order to prevent unauthorized access or disclosure, we have implemented physica l, techniccil and organizationaf measures and proceciures to safeguard the data we collect from you. White we use such means and methods to protect your personal data, we cannot guarantee its absolute secLirity.

5. Method of Use The data sha lt be used for the issua nce ot,~ertifica tion , verification, reference for future transactions, and other legitimate purposes.

G. Retention Period and Disposal The L TO ensures that personal data under its custody are protected against any accidental or unlawful destruction , alteration and disclosure as well as against any other unlawful processing. All information gathered shall be retained for a period specified in the Records Disposition Schedule. The disposition of these information shall be in the manner provided for by the National Archives of the Philippin'es (NAP) . We keep personal data only for as long as it is necessary and only for the fulfilment of the declared, specified, and legitimate purposes provided above, or when the processing relevant to the purpose has been terminated;

After which, personal data shall be disposed or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public , or prejudice the interests of the data subjects. ~

7. Log Data and Links to other website We collect information that your browser sends whenever you visit our site . This Log Data may include information such as your computer's Internet Protocol (IP) address, browser type, browser version, the pages of our site that you visit, the time and date of your visit, time spent on those pages, an·d other statistics.

Our site may contain links to other websites of interest. Once you access these links to leave our site, please note that we do not have any control over that other website. Therefore, we cannot be held responsible for the protection and privacy of any personal information which you provide whilst visiting such site; and such sites are not governed by this Data Privacy Policy.

8. Participation of Data S~bjects / You have the right lo recjuest for a copy of any personal data we hold about you, and have it corrected if you thinl( it is inaccurate. or incomplete. 1f you wish to request to do so, p lease reach out to us through our cQ.ntact information.

We will promptly respond to your request and execu.te the corresponding corrections of any information found to be incorrect or incomplete.

9. Contac·i: Us · · --,-·-~·~-;.. ··-·----: IK h · · . . . l U P 1..AV\ C:E! ~ fcR , 1 you ave any questions about our data policy and your personal mfOljl61<jl\lctnJ 1 1f,l~<il.~,~G.9,lt"llfil~ 1 M§1\:1Yrl1'1..ailEG 1STER'

registered mai l, private courier or email below: Administrative Rules and Reoutat1ons I

L TO DAT A PROTECTION OFFICER Office of the E)(ecutive Director Land Transpo1iation Office East Avenue, Dil iman, Quezon Cily Telephone numbers: 8921 -9077; 8926-9882 [email protected]

.. - . ··---------

m IBt ~~.~;,IE IIDI T" '· ~·----··-- U. . ~ •-A~-¥0-...--0• . ·----- - - --- ·

I ,

ACCESS REQUEST FORM

Access Request Form· No . . Date Issued:

LAND TRANSPORTATION OFFICE ~-· ~1: I

Office

I

Name of Employee: .. Employee ID. No.: Nature of Appointment:

Purpose :

Device surrendered: -

0 Approved O~ Disapproved

Name of RCOP/DCOP:

If disapproved, state the reason for disapproval: .

Name

ACCESSLOGBOOK (AW

ARFNo.

.,

..

-

Date Time Duration

-

U.P. LAW CENTER l OFFICE of lhe. NATIONAL ADMINISTRATIVE REGISTER j

Adm1nistrat1v~ Rules and Regulations /

i W . ~ov 1 ? 2020 ]])i1

-m. 0·~ IE IT W IE llJJ · ~~:~~r

.

. I I

I l I

NON-DICLOSURE CLAUSE

~

During the employment period or at any time thereafter, irrespective of the time, manner

or cause of the termination of this Contract, I will not directly or indirectly reveal, divulge,

disclose or communicate to any person o~ . entity, in any manner whatsoever, any

Confidential Information, Personal Information and Sensitive Personal Information as

defined under the Philippine Data Privacy Act and other related laws or regulations.

I understand that if I fail to comply with the above undertaking, such violation may be a

ground for the L TO to take appropriate disciplinary and/or legal action against me.

I U.P. LAW CENTER \ OFFICE of the N.'<TIONAL ADt,\lf<ISTRATIVE REGISTER j

ill:~~~;· .... IIDI TIME: ~ • ?J.& BY: ~..;:::J

CONFIDENTIALITY AND NON-DISCLOSURE .UNDERTAKING

I, (insert full name), a Filipino citizen , of legal age and with residence at (insert address), after being sworn in accordance with law, hereby declare that:

1. I am (insert position) of (division/section/office) of the Land Transportation Office (L TO) ·OR I am performing services for the L TO under a job order or as an independent contractor (insert appropriate description) and am executing this undertaking .in favor of the L TO.

2. In the course of performirig services for the L TO I may have ac~ess to or come across confidential information in the possession of, or being maintained by, the L TO. Confidential information is inform·ation that would be reasonably unders~ood as confidential as the same is non-public informatiorr about a person or an entity that, if disclosed, could reasonably be expected to place either the person or the entity at risk of criminal or civil liability, or damage the person or entity's financial interests or standing, employability, privacy or reputation etc. such that access thereto is limited only to those with a need to know by reason of the performance of their functions whether or not the information is -in writing or in a material form or has or has not been marked as confidential. It includes but is not limited to:

a. personal information as defined under the Philippine Data Privacy Act (OPA). It is any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information , or when put together with other information would directly and certainly identify an individual.

b. sensitive personal information as defined under the. DPA which includes personal information

(1) About an individual's race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;

(2) About an individual's health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; ·

(3) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation , and tax returns; and

(~)Specifically established by an executive order or an act of Congress to be kept classified. · ·

I I I

I I 1

-: .

. ,, \ •

'

c. privileged information refers to any and all forms of data which under the Rules of Court-and other pertinent laws constitute privileged communication ·

d. proprietary information such as trade secrets, confidential research data, information the disclosure of which would prejudice intellectual property rights

e. confidential information pertaining to L TO operations such as transcripts of meetings, internal reports, internal memoranda, drafts of decisions as wel l as other information that are exceptions to the right to freedom of information under the IRR of RA 6713.

f. usernames, passwords, access codes and the like

g. information that is confidential under other applicable laws

h. information obtained by the L TO from third parties under non-disclosure agreements or any other contract that designates third party information as confidential

3. I undertake that I shall:

a. process or perform operations on confidential information including, but not limited to access, collection, reproduction, recording, organization, storage, updating or modification, retrieval, consultation, use, disclosure, consolidation, blocking, erasure or destruction only if reasonably necessary to fulfill my duties and ·the processing is allowed under applicable laws such as the DPA and the Code of Conduct and Ethical Standards for Public Officials and Employees.

i. Under the DPA, the processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists:

(a) The data subject has given his or her consent;

.. (b) The processing of personal information is necessary and is related to the fulfil lment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract;

(c) The processing is necessary for compliance with a legal obligation to wh ich the personal information controller is subject;

(d) The processing is necessary to protect vitally important interests of the data subject, including life and health;

(e) T[le processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority

I I

I I l

' ..

. '

. . . .. '

which necessarily includes the processing of pers.onal data for the fulfillment of its mandate; or

(f) The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution.

ii. Under the DPA, the processing of sensitive personal information and privi leged information shall ·be prohibited, except in the foilowing cases:

(a) The data subject has given his or her conse!'lt, specific to the purpose prior to the processing , or in the case of privileged information., ali parties to the exchange have given their consent prior to processing:

(b) The processing of the same is provided for by existing laws and regulations: Provided, That such regulatory enactments guarantee the protection of .. the sensitive · personal information and the privileged information: Provided, further, That the consent of the data subjects are not required by law or regulation permitting the processing of the sensitive personal information or the privileged information:

(c) The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing;

(d) The processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations: Provided, That such processing is only confined and related to the bona fide members of these organizations or their associations: Provided, further, That the sensitive personal information are not transferred to third parties: Provided, finally,~ that consent of the data subject was obtained prior to processing;

(e) The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured; or ·

•

(f) The processing concerns such personal information as is necessary for the protection of lawful rights and interests of . natural or legal persons in court proceedings, or the establishment, exercise or defonse of legal claims, or when provided to government or public authority.

1

·l

1·

b. consult and seek guidance from my immed!ate superior and/or the appropriate official in the event I am unsure of whether I am authorized to process or perform operations (access, copy use, disclose etc. as stated in 3.a. above) on confidential information.

c. exercise due diligence in safeguarding the confidentiality of such information by preventing unauthorized processing of such information by others such as by locking or logging off the computer when not in use, not leaving the office unattended or unlocked, keeping hard copies of Confidential Information in a secure place (e.g., locked drawer or cabinet) when not in active use, shredding such hard copies when no longer needed in accordance with instructions given by the proper official, L TO policy, or any applicable contractual agreement or law.

d. report any unauthorized or accidental processin·g of Confidential Information to the proper office.

e. report the unlawful or accidental processing of personal or sensitive personal information to the proper head of office and data protection officer.

f. return and/or destroy all Confidential Information and make the appropriate certification regarding the return and/or destruction of such information when requested by the concerned L TO official to do so.

g. comply with all L TO policies and procedures applicable to Confidential . Information.

h. not act for personal gain or to the detriment of the L TO based on Confidential Information to which I have access or which is in my possession.

4. I agree that my obligations pursuant to this undertaking apply to Confidential Information that I came across or had access to from the time my employment or engagement with the L TO commenced and that such obligations will survive the tenure of my employment/engagement with the L TO.

5. I understand that if I fail to comply with this undertaking, such violation may be a ground for the L TO to take appropriate disci,:::>linary and/or legal action against me. I am also aware that the DPA provides· for criminal penalties (imprisonment and a fine) for unauthorized -processing of personal and sensitive personal information.

1 j ''

.. ' r

'

. . ~ ~

iN WITNESS WHEREOF, I have affixed my signature to this Undertaking this [date] at [city] , Philippines.

SIGNATURE OVER PRINTED NAME

WITNESSED BY

-- --U.P. LAW CENTER

OFFICE ..Jlf the :~A l!ON'1L AO\llNISTRATIVc REGISTER Mm1ni>1ra:1 v~ Rules and Hc9ula1.ons

llJ) NOV 1 7 2020 TI\\ ~~Thff_~,n~~J

,------------ -··-· - - --------

I I

!

I ·\· I

\

I