Secure CyberPrivacy Project

The Project to Secure Cyber Infrastructure and Data Privacy of Personal Information

Secure CyberPrivacy Project is enabling the integration of information security and data privacy objectives in order for the business enterprises and government agencies to achieve their mandated obligation on personal data protection and to respect the data privacy rights of a Data Subject.

The data subject is any person whose privacy rights and security of personal information are protected by R.A. 10173, known as the privacy act of 2012. And whose person, information and devices are to be secured against cybercrime as identified in R.A. 10175, known as the crime prevention act of 2012.

Secure CyberPrivacy Project builds the capability of every personal information controller and personal information processor to design, build, operate and maintain the structure, rules, procedure and technology that enable data privacy rights process, privacy by design system, privacy management by default, and information security.

It enables plan-do-check-act the published compliance checklist of R.A. 10173 regulations and advisories using the whole-of-enterprise approach to create the verifiable methodology and documentation to have the following capabilities that are necessary to manage data protection. The privacy management capability assessment areas based on ISO 29190 are:

1. Governance
2. Policy
3. Inventory
4. Risk Management
5. Procedures and Controls
6. Information Security
7. Third-Party Management
8. Compliance

It provides a valid, necessary, acceptable ane actionable framework to secure the technology infrastructure or the cyberspace of interaction between the Data Subject and the Personal Information Controller and Processor of personal data collection, processing, retention, disclosure, and disposal.

Secure CyberPrivacy Project recognizes the value of. R.A. 10175 - Cyber Crime Prevention Act of 2012 and R.A. 10173 -Data Privacy Act of 2012 to provide the rules and standards to create the citizen or customer experience of cybersecurity and data privacy of personal information, sensitive personal information and privileged information of every human person called "Data Subject."

The rules and standards-based capability building of leadership, management, workforce and customer to secure personal data protection and to respect the data privacy rights of a "Data Subject" is the mission of Secure CyberPrivacy Project.

The Information Security Domain of Secure CyberPrivacy Project;

Personal Information Controller and Data Subject have to see Information security to represent the principles, language, component, concept, metrics, methodologies and technologies that protect the confidentiality, integrity, and availability of information.

The ISO 27000 describes Information security as the preservation of confidentiality, integrity, and availability of information

1. Confidentiality is an information property that information is not made available or disclosed to unauthorized individuals, entities, or processes.

It is safeguarding "trust" that only those authorized to perform the action on the information.

integrity is the property of information for accuracy and completeness

2. Integrity is the information property that information is accurate and complete.

It is safeguarding the accuracy, completeness of the information found in the processing system

3. Availability is information property of being accessible and usable on demand by an authorized entity.

It is safeguarding access to the information. The provision of immediacy and continuity of connection to the information

The security of information is imperative to be directed and controlled by any personal information controller and processor in the cyberinfrastructure or technology platform of personal data collection, processing, retention, disclosure, and disposal.

The criminal acts enumerated in R.A.. 10175 known as the cybercrime prevention act of 2012 have to prevented and responded in order for the following security threats to be remedied.

Data Privacy Domain of Secure CyberPrivacy Project

The Personal Information Controller, Personal Information Processor, and Data Subject, in R.A. 10173 represent the mandated implementation of respecting the human person's rights, and amongst which is the privacy of personal data.

The personal data of a human person that is collected, processed, retained, disclosed and disposed of are required by data privacy law and cybercrime law to be protected against illegal access, misrepresentation, inaccuracy, illegitimate use, unlawful disclosure, unwanted destruction, denial of availability, and criminal acts

Data privacy is focused on the processing of personal data to be marked with privacy principles, lawful criteria, impact assessment, and security measures to protect personal information.

ISO 29100 family standards provide the knowledge and skills set of data privacy assurance to be applied in various contexts.

Privacy Impact Assessment

1. Data Processing Regulatory Registry

Data, Process and System Configuration Inventory

Privacy Management Program

The creation of Privacy Management is guided by practice standard that integrates information security and data privacy in respecting data privacy rights and to secure personal data protection,

It is ISO27701 - Privacy Information Management System. It integrates the privacy-related knowledge domain in the control objectives of a Privacy Management Program that is founded on ISO 27001 and ISO 27002.

Secure CyberPrivacy Project Terms of Reference

Secure CyberPrivacy Project 2020 is to challenge the mind, move the heart, and brave the spirit of the personal information controller and processor to protect the privacy rights and data security of a Data Subject as required by R.A. 10173, known as Data Privacy Act of 2012.

It implements the whole-of-enterprise approach to plan-do-check-act the data-subject-centric rules, procedure, technologies, and culture of customer experience that demonstrates respect for a person's right to privacy, application of lawful condition in processing personal information and sensitive personal information, and the assurance of confidentiality, integrity, and availability of personal data.

The Secure CyberPrivacy Project 2020 makes the service frontlines of personal data processing to demonstrate compliance check pieces of evidence of:

1. Compliance governance and capability

2. Data protection and security policy,

3. Registry of information asset inventory

4. Security risks and privacy impact assessment,

5. Privacy control management system and manual

6. Privacy by design system development project and privacy by default operation

7. Security operation center and privacy breach response team

8. Privacy and security training plan and implementation

The place of work is the project event site for the Data privacy competency development that plan-do-check-act the "whole-of-enterprise approach to security and privacy capability management.

With the known problem statements of compliance, the Secure CyberPrivacy Project uses the openly shared and published rules and standards that an enterprise or agency has to consider for acquisition and adoption for that valid understanding, decision and action of enabling data privacy rights processes, and data protection security measures.

With rules and practice standards-based approach to understanding, decision and work of data privacy assurance and information security, Secure CyberPrivacy Project makes it simple, learnable, valid, verifiable and shareable the implementation of data privacy regulation.