bg-intro-1-banner

Philippines Data Privacy Act of 2012 Compliance

Thales can help your organization comply with the Philippines Data Privacy Act of 2012

Philippines Data Privacy Act of 2012

Test

The Philippines Data Privacy Act adopts international principles and standards for personal data protection related to the processing of personal data across both government and the private sector.

Thales can help your organization comply with these rules through:

  • Preventing access to customer and employee data outside of their home legal jurisdiction;
  • Encryption key management;
  • Safeguarding sensitive data in cloud environments.
  • Regulation
  • Compliance

Technical Security Requirements

Section 28 of the rules, entitled Guidelines for Technical Security Measures, offers the following direction:

Where appropriate, personal information controllers and personal information processors shall adopt and establish the following technical security measures:

a. A security policy with respect to the processing of personal data;

b. Safeguards to protect their computer network against accidental, unlawful or unauthorized usage, any interference which will affect data integrity or hinder the functioning or availability of the system, and unauthorized access through an electronic network;

...

d. Regular monitoring for security breaches, and a process both for identifying and accessing reasonably foreseeable vulnerabilities in their computer networks, and for taking preventive, corrective, and mitigating action against security incidents that can lead to a personal data breach;

...

g. Encryption of personal data during storage and while in transit, authentication process, and other technical security measures that control and limit access.

Thales Compliance Solutions

The following Thales solutions can help you comply with the Technical Security Requirements outlined in the “Regulation” section.

The Vormetric Data Security Platform

The Vormetric Data Security Platform is an extensible infrastructure that delivers centralized key and policy management for a suite of data security solutions that secure your organization’s sensitive and regulated data wherever it resides. The result is low total cost of ownership, as well as simple, efficient deployment and operation.

Vormetric Data Security Manager

The Vormetric Data Security Manager from Thales offers centralized management of keys and policies for the entire suite of products available within the Vormetric Data Security Platform. The product is available as a physical or virtual appliance.

Vormetric Transparent Encryption

Vormetric Transparent Encryption from Thales provides file and volume level data-at-rest encryption and integrated, secure key management with a best practices implementation. Access controls extend protection from data breaches by limiting data access to only authorized personnel and programs. And data access monitoring provides the security intelligence information required to identify accounts that may represent a threat because of a malicious insider, or a compromise of account credentials by malware.

Security Intelligence Logs

Vormetric Security Intelligence Logs from Thales can deliver granular file access logs to popular security information and event management (SIEM) systems and be used to support audits.

Vormetric Application Encryption

Vormetric Application Encryption from Thales adds another layer of protection, enabling organizations to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Tokenization with Dynamic Masking

Vormetric Tokenization with Dynamic Masking lets administrators establish policies to return an entire field tokenized or dynamically mask parts of a field. With the solution’s format-preserving tokenization capabilities, managers can restrict access to sensitive assets, yet at the same time, format the protected data in a way that enables many users to do their jobs.

  • Related Resources
  • Other key data protection and security regulations

    GDPR

    Regulation
    Active Now

    Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.

    PCI DSS

    Mandate
    Active Now

    Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

    Data Breach Notification Laws

    Regulation
    Active Now

    Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.