ITLAW FINLAS REVIEWER

Terminology Description/Explanation
Data Privacy Act 2012
Chief Compliance and Monitoring
Dr. Rolando R. Lansigan
Division NPC
Raymund E. Liboro Privacy Commissioner and Chairman
MOTTO Do not collect, if you cannot protect
BOTPA
Damian Mapa Former Deputy Privacy Commissioner
An act protecting individual personal
information in information and
communications systems in the
Republic Act 10173 government and the private sector,
creating for this purpose a national
privacy commission, and for other
purposes.
a body that is mandated to administer
National Privacy Commission
and implement this law(DPA 2012)
DPA - 2012
NPC - March 2016
TIMELINE IRR - August 2016
IRR Reg. - September 9, 2017

Refers to an individual whose, sensitive

ROLES in DPA
personal, or privileged information is
Data Subjects
processed personal
Controls the processing of personal data,
Personal Information Controller
or instructs another to process personal
(PIC)
data on its behalf.
Organization or individual whom a
Personal Information Processor personal information controller may
(PIP) outsource or instruct the processing of
personal data pertaining to a data subject
Data Protection Officer Responsible for the overall management
(DPO) of compliance to DPA
Independent body mandated to
administer and implement the DPA of
2012, and to monitor and ensure
National Privacy Commission
compliance of the country with
international standards set for personal
data protection
COMELeak Example of Data Breach
Top two government imposed data
Apple and Google
privacy fines worlwide frm. 1999-2014
Rights of the Data Subject 1. Right to be informed - IRR, Section 34.a
 2. Right to object - IRR, Section 34.b
3. Right to access - IRR, Section 34.c
4. Right to data portability - IRR, Section 36
5. Right to correct (rectification) - IRR,
Section 34.d
6. Right to erasure or blocking - IRR,
Section 34.e
7. Right to file a complaint - IRR, Section
34.a.2
8. Right to damages - IRR, Section 34.f
9. Transmissibility of Rights - IRR, Section
35
Refers to any information whether
recorded in a material form or not, from
which the identity of an individual is
Personal Information
apparent or can be reasonably and
directly ascertained by the entity holding
the information.
race, ethnic origin, marital status, age,
color, religious, philosophical or political
affiliations, health, education, genetics,
sexual life, any proceeding for any
offense committed or alleged to have
been committed, the disposal of such
Sensitive Personal Information
proceedings, the sentence of any court in
such proceedings;
social security numbers, previous or
current health records, licenses or its
denials, suspension or revocation, and
tax returns;
Based on,
1. Law
Data Retention and Disposal
2. Industry Best Practices
3. Business Needs
A data subject must be aware of the
nature, purpose, and extent of the
processing of his or her personal data,
including the risks and safeguards
Principle of Transparency
involved, the identity of personal
information controller, his or her rights as
a data subject, and how these can be
exercised.
The processing of information shall be
compatible with a declared and specified
Principle of Legitimate Purpose
purpose, which must not be contrary to
law, morals, or public policy.
Principle of Proportionality The processing of information shall be
adequate, relevant, suitable, necessary,
 and not excessive in relation to a
declared and specified purpose. Personal
data shall be processed only if the
purpose of the processing could not
reasonably be fulfilled by other means.
1. Appoint a Data Protection Officer (DPO)
2. Conduct a Privacy Impact Assessment
(PIA)
3. Create your Privacy Management
Five Pillars of Compliance Program and Privacy Manual
4. Implement your privacy and data
protection (PDP) measures
5. Regularly exercise your Breach Reporting
Procedures (BRP)
Personal data shall be:
1. processed fairly and lawfully
2. processed only for specified, lawful and
compatible purposes
3. adequate, relevant and not excessive
4. accurate and up to date
Data Privacy Principles 5. kept for no longer than necessary
6. processed in accordance with the rights of
data subjects
7. kept secure
8. shared to other PICs only if there is a
DSA.
1. Fair obtaining
2. Purpose specification
3. Use and disclosure of information
Self-help Checklist on Data Protection 4. Security
Policy 5. Adequate, relevant and not excessive
6. Accurate and up-to-date
7. Retention time
1. Lock rooms containing confidential
information when not in use.
2. Make sure employees don’t write their
passwords down.
3. Use swipe cards or keypads to access the
office.
4. Use CCTV cameras to monitor your office
space.
5. Shield keyboards when inputting
passwords.
12 offline measures to keep your 6. Shred confidential waste.
physical data secure 7. Use forensic property marking equipment
and spray systems to mark assets.
8. Use anti-climb paint on exterior walls and
drains.
9. Install an alarm system.
10. Place bars on ground floor windows.
11. Hide valuable equipment from view when
not in the office.
12. Assign a limited number of trustworthy
employees as key safe holders.
 A Primer on Compliance to the Data Privacy Act
1. Hacking or malware
2. Unintended disclosure
Type of Breach 3. Portable Device
4. Insider
5. Unknown or other
Personal Information Controller Those
A travel technology company that is
Sabre Corp. Breach hacked and caused 36,000 hotel
worldwide affected.
1. Commit to comply: Appoint a DPO
2. Know your risk: Conduct a PIA
3. Be Accountable: Create your
Privacy Management Program and
Privacy Manual
Data Privacy Act Checklist 4. Demonstrate Your Compliance:
Implement your privacy and data
protection (PDP) measures
5. Be Prepared for Breach:Regularly
exercise your Breach Reporting
Procedures (BRP).
Sensitive Personal Information
1000 or more records
High Risk
Includes other nationalities
Multiple sites storage
Personal Information
Less than 1000 records
Medium Risk
Filipino citizen only
One site storage location
No personal data
Less than 250 records
Low Risk
Less than 8 hours of access
Less than 50 users
DPO Tasks List 1. Monitor compliance
2. Ensure conduct of PIA’s
3. Ensure data subject rights are
respected.
4. Ensure proper breach mgmt.
5. Cultivate internal awareness on
data privacy
6. Advocate a privacy-by-design
approach
7. Serve as a contact person for a
privacy matters
8. Serve as a conduit with the NPC
9. Perform other duties as may be
 assigned.
Process Owner
HR Team
Legal
DPO Support Needed
Others
Top Management

Ownership
Stakeholder Involvement
Privacy Risk Map
Privacy Impact Assessment
Controls/Measures Framework
Sign-off
Implementation/Monitoring Plan
1) Registration of DPO with the NPC
by Sept. 09, 2017.
2) Registration of automated
processes,etc. by March 8, 2018
3) PIA by ASAP, conducted by the
process owner
4) Breach team and procedures in
place by ASAP, after conduct of
PIA
Compliance Procedures 5) Privacy policies and data
protection measures by ASAP,
disseminated within the
organization
6) PIP contracts/data sharing
agreements by ASAP, with
assistance from legal
7) Notification from NPC within 72
hours by ASAP, in the event of
peronal breach.
Introduction to Data Privacy Act
Republic Act 10173 Data Privacy Act of 2012
Any and all forms of data which under the
Privileged Information Rules of Court and other pertinent laws
constitute privileged communication.
Interaction between two parties which the
law recognizes as PRIVATE,
PROTECTED relationship. Whatever is
Privileged Communication communicated between these parties
shall remain CONFIDENTIAL and the law
CANNOT FORCE DISCLOSURE of
these communications.
Scope of Information(Excluded) 1) PUBLIC OFFICERS and
EMPLOYEES
 2) GOVERNMENT CONTRACTORS
3) DISCRETIONARY BENEFITS
4) JOURNALISTIC, ARTISTIC,
LITERARY and RESEARCH
5) FUNCTIONS OF PUBLIC
AUTHORITY
6) BANKS AND OTHER FINANCIAL
7) RESIDENTS OF FOREIGN
JURISDICTIONS

For Sensitive
For Personal
Punishable Act Personal
Information
Information
JAIL TERM

Unauthorized processing 1-3 years 3-6 years

Access due to negligence 1-3 years 3-6 years

Improper disposal 6 months – 2 years 3-6 years

18 months – 5
Unauthorized purposes 2-7 years
years

Intentional breach 1-3 years

Concealment of breach 18 months – 5 years

Malicious disclosure 18 month – 5 years

Unauthorized disclosure 1-3 years 3-5 years

Combination of acts 1-3 years

Each PERSONAL INFORMATION
CONTROLLER is responsible for
personal information under its control or
custody, including information that have
Principle of Accountability
been transferred to a third party for
processing, whether domestically or
internationally, subject to cross-border
arrangement and cooperation.
Onsite Access No employee of the government shall
 have access to sensitive personal
information on government property or
through online facilities unless the
employee has received a security
clearance from the head of the source
agency.
sensitive personal information maintained
by an agency may not be transported or
accessed from a location off government
Offsite Access
property unless a request for such
transportation or access is submitted and
approved by the head of the agency
Requirements for offsite access agency shall approve or disapprove the
Deadline for Approval or request within two (2) business days after
Disapproval the date of submission of the request
Limitation to One thousand shall limit the access to not more than
(1,000) Records one thousand (1,000) records at a time
shall be secured by the use of the most
Encryption secure encryption standard recognized
by the Commission.
Keeping these three keywords in mind
CONSENT, COMPLIANCE and GOOD
can help you to NOT violate the Data
FAITH
Privacy Act!
to any freely given, specific, informed
indication of will, whereby the data
Consent subject agrees to the collection and
processing of personal information about
and/or relating to him or her.
1. Legitimate
2. Fairly and lawfully
3. ACCURATE, RELEVANT and, UP
TO DATE;
4. ADEQUATE and NOT
General Principle of Personal
EXCESSIVE
Information
5. Retained only FOR AS LONG AS
NECESSARY
6. ADEQUATE SAFEGUARDS are
guaranteed.
7. ENSURE IMPLEMENTATION
Lawful Processing of Personal 1. CONSENT;
Information 2. FULLFILMENT OF A CONTRACT
3. COMPLIANCE WITH A LEGAL
OBLIGATION
4. PROTECT VITALLY IMPORTANT
INTERESTS OF THE DATA
SUBJECT, including life and
 health;
5. RESPOND TO NATIONAL
EMERGENCY
6. FOR THE PURPOSES OF THE
LEGITIMATE INTERESTS
PURSUED BY THE PERSONAL
INFORMATION CONTROLLER.
the personal information controller shall
be responsible for ensuring that proper
Sub-Contract of Personal Information safeguards are in place to ensure the
confidentiality of the personal information
processed
Subject to existing laws and regulations,
Extension of Privileged Information any evidence gathered on privileged
information is inadmissible.
1. Subject needs to be informed.
2. Right to dispute inaccuracy
Rights of the Data Subjects 3. Right to withdraw removal
4. Right to indemnification
5. Right to data portability
1. DESCRIPTION
2. PURPOSES
3. SCOPE and METHOD
4. RECEPIENTS
5. METHODS USED FOR
Subject Needs to Know AUTOMATED ACCESSES
6. IDENTITY and CONTACT
DETAILS
7. PERIOD
8. EXISTENCE OF DATA SUBJECT
RIGHTS
shall NOT be amended without prior
Notifying the Data Subject
notification of data subject
The lawful heirs and assigns of the data
subject may invoke the rights of the data
subject for, which he or she is an heir or
assignee at any time after the death of
Transmissibility of Rights
the data subject or when the data subject
is incapacitated or incapable of exercising
the rights as enumerated in the
immediately preceding section.
on the basis of such, NO ACTIVITIES are
Non-applicability and Exceptions carried out and NO DECISIONS are
taken regarding the data subject
Notifying NPC 1. NATURE of breach
2. SENSITIVE PERSONAL
 INFORMATION POSSIBLY
INVOLVED
3. Measures taken to address the
breach
Overview: IP Legal Regime in the Philippines
Atty. Ricardo R. Blancaflor Director General, IPO of the Philippines
Any technical solution of a problem in
any field of human activity which is new,
Patent or Patentable Invention involves an inventive step(not obvious),
and is industrially applicable(useful and
can be re produced).
Term of Protection 20 years from the filing date
Any technical solution of a problem in any
field of human activity which is new and is
Utility Model
industrially applicable(useful and can be
reproduced).
Term of Protection 7 years from the filing date
Any composition of shape, lines, colors,
or a combination thereof, or any three-
Industrial Design dimensional form which produce an
aesthetic and ornamental effect in their
tout ensemble or when taken as a whole.
5 years from filing date with two 5-year
Term of Protection
renewals.
Patent
Categories Utility Model Industrial Design
(Invention)
Article of
manufacture (Over-
Apparatus Apparatus all aesthetic and
Subject Matter of
(Product) & (Product) & pleasing
Protection
Method (Process) Method (Process) appearance of the
article of
manufacture)
Novelty YES YES YES

Inventive Step YES NO NO

Industrial
YES YES YES
Applicability
 Only one (1)
More than one (1)
generic claim is
generic claim is Omnibus type of
Claim allowed. No limit
allowed and claim
on the number of
dependent claims
dependent claims.
Ornamental
Features of shape,
configuration,
form, NO NO YES
or a combination
thereof
Five (5) years from
Twenty (20) years the date
Seven (7) years
from the date of of filing with 2 five
from
Term of Protection filing year term
the date of filing
with payment of renewals upon
without renewal
annuities payment of
fees
In 1983, Gatorade and Stokely-Van
Camp, Inc., Gatorade’s mother company,
were purchased by Quaker Oats
Company for $220 million •In 2001,
PepsiCo acquired Quaker Oats Company
for $13 billion
Gatorade Story While Gatorade has since been
sold, the University of Florida is still
entitled to 20% royalties and has earned
$100 million from it since 2004
As of 2009, Gatorade is considered
as PepsiCo’s 4th largest brand based on
worldwide annual retail sales
Any visible sign capable of distinguishing
Mark
the goods or services of an enterprise
Marks that are arbitrary and fanciful of the
Trademark
goods or services can be registered
Manny Pacquiao, Pilot, Jollibee,
Trademarks(Goods)
Samsung
Bruno’s Barbers, Belo Medical Group, Mr.
Service Mark
Quickie, MasterCard hologram
Collective Mak several enterprises
Apple for computers, Boracay for
Trademark – Arbitrary
alcoholic beverage
Xerox for printing equipment, Kodak for
Trademark – Fanciful
camera
Protection afforded to original literary,
Copyright
scientific, and artistic works
 Choreography: Swan Lake by Moscow
City Ballet
Photograph: Afghan Girl (1984) by Steve
McCurry
Copyright Examples Painting: Untitled (2000)
by Former President Cory Aquino
Audiovisual: Budoy
(ABS-CBN show)
Dumb show / Pantomime
1. Reproduction of the work or
substantial portion of the work

2. Dramatization, translation,
adaptation, abridgment,
arrangement or other
transformation of the work

3. First public distribution of the

original and each copy of the work
by sale or other forms of transfer
of ownership

4. Rental of the original or copy of an

Economic Rights
audiovisual or cinematographic
work, a work embodied in a sound
recording, a computer program, a
compilation of date and other
materials or a musical work in
graphic form.

5. Public display of the original or

copy of the work

6. Public performance of the work

7. Other communication to the public

of the work
1. Right to attribution
Moral Rights
2. Right of Integrity
the right of the author to be recognized as
the creator of the work
Right to attribution
shall last during lifetime of the author and
in perpetuity after the author’s death.
the right of the author to prevent any
Right of integrity distortion or misrepresentation of the
work
 1. Infringement of the economic
and/or moral right
2. Unauthorized exercise of the
author’s exclusive rights
Copyright Violation
(economic and moral rights)
3. IP Code governs the law on
copyright
4. Criminal offence
1. Passing off of the work of
another as one’s own
2. Deliberate effort to steal
another’s work and pass it off as
Plagiarism one’s own
3. Educational Institutions can
apply its own norms in what
constitutes plagiarism
4. Issue in ethics
covers all intellectual property rights
Philippine Technology Transfer Act of
derived from research and development
2009 (Republic Act 10055)
activities funded by the government
1. Intellectual Property Code of the
Philippines
2. Amendment to the IP Code
creating the Bureau of Copyright &
Other Related Rights and giving
the IPOPHL quasi-enforcement
powers
3. Protection of Layout Design of
Integrated Circuits
4. Cheaper Medicines Act
Legal Framework
5. Food, Drug, and Cosmetics Act
6. Special Law on Counterfeit Drugs
7. Electronic Commerce Act
8. Philippine Plant Variety Protection
Act
9. Optical Media Act
10. Anti-Camcording Act
11. Amendment to the Anti-Money
Laundering Act
12. Cybercrime Prevention Act
Work sharing between patent offices to
expedite the examination process,
Patent Prosecution Highway
maximize use of resources, and improve
the quality of examination
3 PPH of IPOPHL 1. Japan Patent Office (JPO)
2. United States Patent and
 Trademark Office (USPTO)
3. Korean Intellectual Property Office
(KIPO)
has earned for UP Manila over Php60
Lagundi
million in royalties
Mango Waste as Mango Pectin and
University of San Carlos
Mango Polyphenal
Intellectual Property Law in The Philippines
The Philippines became a member of the
1980
World Intellectual Property Organization
the exclusive right to inventions, writings
and artistic creations shall be secured to
1973 Constitution
inventors, authors, and artists for a
limited period
1987 Constitution State shall protect intellectual property

Republic Act No. 8293 or Philippine an act that outlines the intellectual
Intellectual Property Code property rights of a Filipino citizen, and
the benefits to which he/she is entitled
1. the intellectual property office,
2. the law on patents,
3. the law on trademarks, service
Republic Act No. 8293 Division
marks, and trade names,
4. the law on copyright, and
5. other financial provisions.
refers to anything created by someone,
including but not limited to inventions,
literary works, items created by artists
Intellectual property (e.g. artwork and musical pieces),
symbols, designs, images, pictures, and
even names that are used for commercial
purposes
refers to the exclusive rights to a product
or process, as well as its improvements—
Patent
granted that the product or process offers
something new and useful
a tool used to differentiate services and
goods from one another.
Trademark It can be in the form of a word or a group
of words; a sign, logo, or symbol. It could
even be a combination of those above
an international treaty, allowing trademark
registration in the Philippines or any
The Madrid Protocol
country—as long as they are part of the
Madrid Protocol
 refers to the protection given to the owner
of an original work covering literary
Copyright
works, musical pieces, paintings, and
computer programs, among others
Copyright Issues in the E-Environment
a bundle of rights granted under the IP
Copyright
Code to “authors”
It attaches from moment of creation until
How long is the copyright?
50 years from death of author
1. Right to reproduce (copy)
2. Right to dramatize, adapt or
transform the work (derivative
works)
3. First public distribution of the
Right of the Author original
4. Rental right
5. Public display
6. Public performance
7. Other communication to the public
of the work
1. Author
2. Joint authors – co-ownership
3. Employee
Regular duties – employer
Copyright Owner
Not part of regular duties –
employee
4. Commissioned work – copyright to
creator
From moment of creation
Term of Protection
Lifetime plus 50 years
File Sharing
All forms of Infringement
Online Piracy Domain Name Cybersquatting if
constituting infringement
Framing Manila Bulletin incident
refers to a provider of online services or
network access, or the operator of
facilities therefor, including entities
offering the transmission, routing, or
Service Provider providing of connections for online
communications, digital or otherwise,
between or among points specified by a
user, of electronic documents of the
user’s choosing;
Service Providers Example 1. ISPs
2. Telecomms Companies (wire and
 wireless)
3. Webhosts
4. Mail Providers (Yahoo!, Gmail,
Ymail, PinoyMail)
5. YouTube, Google Video
6. Pix Sites (Flickr)
7. Groupmail (Yahoo!/Google
Groups)
8. Social Networking Sites
(Facebook, Friendster)
9. SMS-Web Providers (Chikka)
10. Blogging services (blogger.com,
wordpress.com)
1. Impositions on creative process
2. Attacks on fair use (exaggerates
its inherent weakness)
3. Rent-seeking
4. Anti-competitive behaviour (Aibo
Pet)
5. Restricting technological
Rising Cost of Copyright innovation (P2P)
6. Free speech/Censorship (Bush-
Blair)
7. Internet magnification
8. Impositions upon Internet users
(StarWars Kid)
9. What the Internet can do (Free
Culture)
2014-2015 Cybercrime Report
Atty. Menardo I. Guevarra Current Justice Secretary
Chief State Counsel Ricardo V. Paras
Chair, Office of Cybercrime
III
Assistant Secretary Geronimo L. Sy Vice chair, Office of Cybercrime
1. RA 10175 – Cybercrime
Prevention Act of 2012
2. RA 9995 – Anti-Photo and
Voyeurism Act of 2009
3. RA 9775 – Anti-Child Pornography
Act of 2009
Cybercrime Jurisdictions
4. RA 8792 – E-Commerce Act of
2000
5. RA 8484 – Access Devices
Regulation Act of 1998
6. RA 4200 – Anti-Wiretapping Law of
1965
 Internet Users 33.6 million
In 2002, the virus bolstered the
insufficiency of the government‟s policies
Love bug or I love you Virus
on cybercrime suppression, investigation
and prosecution
September 12, 2012
completely addresses crimes committed
Cybercrime Prevention Act
against and by means of computer
system
is considered as the major threat that
Cyberespionage or intellectual
increasingly hits the manufacturing
property theft
sectors
Global Alliance against Child Sexual
was launched on 5 December 2012
Abuse Online
gives credence to admissibility of
evidence in electronic form and to secure
E-Commerce Act of 2000
legal framework and environment for
electronic commerce
an inter-agency body created by virtue of
the Philippine Cybercrime Prevention Act
of 2012, and is under the administrative
supervision of the Office of the President
CICC
which was established for policy
coordination among concerned agencies
and for the formulation and enforcement
of the national cyber security plan
an office within the DOJ created under
Republic Act 10175 or the “Cybercrime
Prevention Act of 2012” and is designated
OOC
as the Central Authority in all matters
relating to international mutual assistance
and extradition for cybercrime cases
tasked to investigate all cyber related
crimes punishable under CPA and related
laws, and to establish and maintain an
Incident Response Team and Digital
NBI-CCD
Forensic Section that will be responsible
for responding to the current and
emerging cyber threats, and conducting
digital forensic examination and analysis
PNP-ACG investigates all cybercrimes and other
crimes in which Information and
Communications Technology (ICT) is
used in the commission of criminal acts
or the object of attack, conduct data
recovery and forensic analysis on all
 computers, computer peripherals and
storage devices, and other digital
evidence seized by PNP units and any
other law enforcement agencies within
the country
authorized by U.S. Congress to create a
reporting mechanism for members of the
public, law enforcement, and certain
corporate entities, including U.S.
CyberTipline electronic service providers (ESPs) that
have statutory reporting obligations to
report to NCMEC instances of child
sexual exploitation, including child
pornography
the international community of
INTERPOL specialized units to save children from
sexual exploitation
1. Department of Justice (DOJ) –
Office of Cybercrime;
2. DOJ – National Prosecution
Service;
3. DOJ – Office of the Chief State
Counsel;
4. Department of Science and
Technology – Information and
Communications Technology
TWG Office (DOST-ICTO);
5. Department of Foreign Affairs
(DFA);
6. Department of Local and Interior
Government (DILG);
7. Philippine National Police (PNP);
and
8. National Bureau of Investigation
(NBI).

project aims to enable criminal justice

authorities to engage in international
Global Action against Cybercrime
cooperation on cybercrime and electronic
Project
evidence on the basis of the Budapest
Convention.
the first educational institution approved
by the Commission on Higher Education
NU
to offer a four year bachelor degree
program in digital forensics
 provides for an exchange of expertise
MOA
and sharing of resources
a form of sexual exploitation that employs
non-physical forms of coercion to extort
Sextortion money from the victim in exchange of the
non-posting of the victim‟s sexual video
online
1. National Computer Forensics
Training Program
Future Plans and Program 2. First cyber-responders training
3. CPA v2
4. Cybercrime Courts
launched to train and capacitate our law
NCFTP
enforcers in computer forensics jointly
Padre Faura, Ermita, Manila, Philippines
Office of Cybercrime
1000
PHILIPPINES’ CYBERCRIME PREVENTION ACT OF 2012
Chronology of Relevant Legislations
1998 Access Device Regulation Act
2000 Electronic Commerce Act
2003 Anti-Trafficking in Persons Act
2009 Anti Child Pornography Act
2009 Anti-Photo and Video Voyeurism Act
2012 Data Privacy Act
2012 Cybercrime Prevention Act
2013 Anti-Bulling Act
IT Governance Initiatives of the
Philippines
Formulation of National Cyber Security
2004
Plan
2008 National Coordinator for CyberSecurity
2012 iGovPhil Project
2013 Administrative OrderNo. 39
2013 TV White Space
2013 Open Data ProjectData.gov.ph
First cybercrime conviction happened
JJ Maria Giner with JJ Maria Giner convicted underthe
E-Commerce Law
 PNP-ACG Operations Center
Camp Crame, Quezon City
PNP-ACG Phone: (632)414-1560
Fax: (632)414-2199
E-mail: info@acg.pnp.gov.ph
Taft Avenue, Manila
Phone: (632)523-8231 to 38 local 3454,
NBI-CCD
3455
E-mail: ccd@nbi.gov.ph
Padre Faura Street
Ermita, Manila
DOJ-OOC Phone: (+632)521-8345 and
(+632)524-2230
E-mail: cybercrime@doj.gov.ph
Cybercrime: Prevention and Detection
 A crime in which:
 a computer is the object of
the crime, e.g., hacking or
breaking into a computer or
system
Cybercrime
 a computer is used as a tool
to commit an offense, eg.,
child pornography, hate
crimes

1. Illegal Access
2. Illegal Interception
3. Data Interference
Common Cybercrime Offenses
4. System Interference
5. Misuse of Devices
6. Cybersquatting
The access to the whole or any part of a
Illegal Access
computer system without right
The interception made by technical
means without right of any non-public
transmission of computer data to, from, or
Illegal Interception within a computer system including
electromagnetic emissions from a
computer system carrying such computer
data
The intentional or reckless alteration,
damaging, deletion or deterioration of
computer data, electronic document, or
Data Interference
electronic data message, without right,
including the introduction or transmission
of viruses.
 The intentional alteration or reckless
hindering or interference with the
functioning of a computer or computer
network by inputting, transmitting,
damaging, deleting, deteriorating, altering
System Interference
or suppressing computer data or
program, electronic document, or
electronic data message, without right or
authority, including the introduction or
transmission of viruses
A computer password, access code, or
similar data by which the whole or any
part of a computer system is capable of
Misuse of Devices
being accessed with intent that it be used
for the purpose of committing any of the
offenses under this Act.
he acquisition of a domain name over the
internet in bad faith to profit, mislead,
Cybersquatting
destroy reputation, and deprive others
from registering the same
1. Computer-related forgery
Computer-related offenses 2. Computer-related fraud
3. Computer-related Identity Theft
The act of knowingly using computer data
which is the product of computer-related
Computer-related forgery forgery as defined herein, for the purpose
of perpetuating a fraudulent or dishonest
design
The unauthorized input, alteration, or
deletion of computer data or program or
Computer-related fraud interference in the functioning of a
computer system, causing damage
thereby with fraudulent intent:
The intentional acquisition, use, misuse,
transfer, possession, alteration or deletion
of identifying information belonging to
Computer-related Identity Theft another, whether natural or juridical,
without right: Provided, That if no damage
has yet been caused, the penalty
imposable shall be one (1) degree lower.
1. Cybersex
Content-related offenses 2. Child Pornography
3. Libel
Cybersex The willful engagement, maintenance,
control, or operation, directly or indirectly,
of any lascivious exhibition of sexual
 organs or sexual activity, with the aid of a
computer system, for favor or
consideration
The unlawful or prohibited acts defined
and punishable by Republic Act No. 9775
Child Pornography or the Anti-Child Pornography Act of
2009, committed through a computer
system
a public and malicious imputation of a
crime, or of a vice or defect, real or
imaginary, or any act, omission, condition,
status or circumstance tending to
Libel
discredit or cause the dishonor or
contempt of a natural or juridical person,
or to blacken the memory of one who is
dead.
unauthorized access into a computer
Hacking
system/server
The intentional or reckless alteration,
damaging, deletion or deterioration of
computer data, electronic document, or
Data Interference
electronic data message, without right,
including the introduction or transmission
of viruses
A buyer orders an item from a website
Sales or Marketing Fraud and the item is delivered BUT buyer does
not pay / remit payment
Infecting a number of computers
Botnet connected to the internet with a malware
– making the computer a “zombie”
Data Theft Unauthorized access to a database
Unsolicited Commercial Communication
Spamming – struck down by Supreme Court as
unconstitutional
Solicits information / update from target,
eg., updating a bank account but
Phishing directing a victim to a website that
deceptively looks like the legitimate
website of the bank
Using identity information that belongs to
Identity Theft
another for gain, financial or otherwise
The sending of email messages or
posting of information on social media
Bullying
sites which tend to cause psychological
or emotional harm to the target individual
 Violation of the Intellectual Property Code
P2P Sharing
using computers
1. Curiosity
2. Fun
3. Ego
4. Personal Reasons
a) Stalking
Cybercrime Motivations
b) Emotional Harassment
c) Vengeance
5. Political Reasons
6. Espionage
7. Financial Gain
1. From guns to computers and
software
2. From bullets and bombs to bits
Tools
and bytes
3. Downloadable malware scripts
4. Botnet for rent
1. Computers, Networks,
Telecommunications Infrastructure,
Information and Communications
Systems
Targets
2. Data / Information
3. Persons
4. Organizations
5. Government
Cyber Safety
refers to the collection of tools, policies,
risk management approaches, actions,
training, best practices, assurance and
Cyber Security
technologies that can be used to protect
the cyber environment and organization
and user’s assets.
The State of Global Information
Security
3,000 companies (including banks,
retailers, defense contractors have
FBI
suffered some form of information
security breach
105million payment card information
In South Korea
exposed
In Germany 18 million email addresses stolen
Government agencies Web wars or Keyboard wars
Threat Actors
Individuals disgruntled employee; kids out to have
 fun, ego boost and peer pressure, etc.
drug operations, child abuse, cybersex
Cybercrime Groups
operations, human trafficking
Nation-states economic espionage, geopolitical discord
1. Internet of Things
2. Big Data
Challenges to Information Security
3. BYOD – tablets, smartphones,
wearables
1. Deep Web, also Deepnet, Invisible
Web, Hidden Web
Attribution Challenge 2. Dark Web, Dark Internet
3. Tor Browser (Anonymity Network)
4. Anonymity
1. You are your own brand
2. Your product description:
3. Your personality and character
4. Your skills, knowledge, and
Product and You expertise
5. Your experience
6. Your education
7. Your online identity
8. Your online reputation
1. Be Aware
2. Adopt Information Security
Protect your Online Reputation
Practices
3. Live it! Breathe it!
1. ISO 27000/27001
Information Security Practice
2. PCI DSS
Standards
3. Business Continuity
1. Protect
Information Security Practice 2. Detect
3. Respond
Information Assurance
is the sender or signer the person he
Authentication
claims to be
the sender or signer cannot deny that he
Non-repudiation
sent or signed the information
can the information be independently
Verifiability
verified?
can the receiver of the information rely on
Reliability the completeness, integrity, and
authenticity of the information received?
Nothing is Perfect!
Ephemeral electronic communication
 refers to telephone conversations, text
messages, chatroom sessions, streaming
audio, streaming video, and other
Ephemeral electronic communication
electronic forms of communication the
evidence of which is not recorded or
retained
lasting one day only, lasting a very short
Ephemeral
time
Dallas Mavericks Basketball player who
venture to help people reduce their digital
footprint.
Mark Cuban
“when you send a text or email you
lose ownership of that message, but
you don’t lose responsibility.”
New mobile application that assures that
messages are, “Gone Forever: Messages
Cyber Dust
never hit a hard drive, so when they
disappear, they disappear for good.”
types of programs that are most personal
ephemeral technology communication platform
self-destruct
an application (“app”) that allows users to
send pictures, videos, and chat
Snapchat, Wickr, Frankly messages to other users, who can view
the content for one to ten seconds before
it disappears.
during the viewing period, the recipient
Snap must maintain contact with the device's
touchscreen or the message.
the term used to describe the deletion of
Wall scrubbing
Facebook posts
COMMON TYPES OF INTERNET FRAUD SCAMS
TYPES OF INTERNET FRAUD SCAMS
refers to a room where salesmen work
using unfair, dishonest sales tactics,
sometimes selling foreign currency
stocks, private placements or committing
BOILER ROOM
outright stock fraud. The term carries a
negative connotation, and is often used to
imply high-pressure sales tactics and,
sometimes, poor working conditions.
They play on emotional triggers to get
you to provide money, gifts and personal
ROMANCE SCAM details. Scammers target victims by
creating fake profiles on legitimate
internet dating services.
 An email, letter or text message from a
lottery institution arrives from out of
nowhere. It will advise you that you have
LOTTERY SCAM
won a lot of money or fantastic prizes—in
a lottery or competition that you did not
enter.
BANKING AND ONLINE ACCOUNT
SCAM
the illegal copying of information from the
1. CARD SKIMMING magnetic strip of a credit or Automated
Teller Machine (ATM) card.
also called brand spoofing is the creation
of email messages and Web pages that
2. PHISHING
are replicas of existing and legitimate
sites.
he creation of email messages with a
forged sender address something which
is simple to do because the core
3. EMAIL SPOOFING
protocols do no authentication.
to mislead the recipient about the origin
of the message
NIGERIAN SCAMS
a form of advance fee fraud or money
transfer request similar to the Spanish
Prisoner scam dating back to the late
1. NIGERIAN 419 SCAMS 19th century. In that con, businessmen
were contacted by an individual allegedly
trying to smuggle someone connected to
a wealthy family out of prison in Spain.
You might receive an offer from a
potential buyer often quite generous and
2. CHECK OVERPAYMENT SCAM accept it. The scammer then sends you a
check, but the check is for more money
rather than the agreed price.
when a scammer contacts you out of
nowhere to tell you that you‟ve been left,
or are entitled to claim, a large
3. INHERITANCE SCAM
inheritance from a distant relative or
wealthy benefactor who has died
overseas.
4. EMERGENCY OR In the typical scenario, a grandparent
"GRANDPARENT" SCAM receives a phone call from a con artist
claiming to be one of his or her
grandchildren. The caller goes on to say
that they are in some kind of trouble and
need money immediately. Typically they
 claim being in a car accident, trouble
returning from a foreign country or they
need money for bail.
THE SOCIAL MEDIA AND THE ACADEMIC COMMUNITY:
A LEGAL PERSPECTIVE
web-based communication tools that
enable people to interact with each other
Social Media
by both sharing and consuming
information.
refers to interacting with other people by
Social sharing information with them and
receiving information from them.
refers to an instrument of communication,
like the internet. TV, radio, TV and
Media
newspapers are traditional forms of
media
Access virtual libraries and encyclopedias
Cyberspace Post billboard-like notices or messages,
including pictures and videos
CYBERCRIME PREVENTION ACT OF
The cybercrime law aims to regular
2012
access to and use of the cyberspace and
(R.A. 10175; enacted on Sept. 12,
imposes penalties for violations.
2012)
1. Offenses Against Confidentiality,
Integrity and Availability of
Computer Data and Systems.
PUNISHABLE ACTS
2. Computer-related Offense
3. Content-related Offenses
4. Other Offenses
committed by means of writing, printing,
lithography, engraving, radio,
phonograph, painting, theatrical
exhibition, cinematographic exhibition, or
any similar means, shall be punished by
prision correccional in its minimum
Online libel
and medium periods (6 months and 1
day to 4 years and 2months) or a fine
ranging from 200 to 6,000 pesos, or
both, in addition to the civil action which
may be brought by the offended party.

Matthew Firsht vs.Grant Raphael

Dr. Vicky Belo vs Atty. Argee Guevarra
Libel cases
Gina Alajar vs Krista Ranillo
Woman from Cebu
Libel public and malicious imputation of a
 crime, or of a vice or defect, real or
imaginary, or any act, omission, condition,
status, or circumstance tending to cause
the dishonor, discredit, or contempt of a
natural or juridical person, or to blacken
the memory of one who is dead.
1. That there must be an imputation
of a crime, or of a vice, or defect,
real or imaginary, or any act,
omission, condition, status or
circumstances.
2. That the imputation must be made
publicly.
Elements of Libel 3. That it must be malicious.
4. That the imputation must be
directed at a natural or juridical
person, or one who is dead;
5. That the imputation must tend to
cause dishonor, discredit or
contempt upon the offended party.
6.
is presumed from a defamatory
imputation. Proof of malice is not
MALICE IN LAW
required, because it is presumed to exist
from the defamatory imputation
may be shown by proof of ill will, hatred,
MALICE IN FACT
or purpose to injure.
The Supreme Court held that only the
author of the offending online article is
liable.
LIABLE FOR ONLINE LIBLE
Internet service providers and content
providers like Globe, Smart, Sun Cellular,
Google, Facebook, Twitter and Internet
Café are not liable.
 ITLAW TERMINOLOGY

Abbreviation Expanded Form

Data Privacy Act 2012
ABCD-S Awareness, Breach Management,
Compliance, Data Protection Officer and
Security Measures
NACSRA NCR School Registrar Association
NPC National Privacy Commission
PIC Personal Information Controller
PIP Personal Information Processor
DPO Data Protection Officer
COP Compliance Officer for Privacy
PIA Privacy Impact Assessment
PMPPM Privacy Management Program and
Privacy Manual
PDP Privacy and Data Protection
BRP Breach Reporting Procedures
 DSA Data Sharing Agreement
BMP Breach Management Program
A Primer on Compliance to the Data Privacy Act
CIPP Certified Information Privacy Professional
CIPM Certified Information Privacy Manager
CIPT Certified Information Privacy Technologist
SUBPOENA
PDP Privacy and Data Protection
CIA Confidentiality, Integrity and Availability
CISA Credit Information System Act
Overview: IP Legal Regime in the Philippines
PTTA Philippine Technology Transfer Act
IPOPHL Intellectual Property Office of the
Philippines
JPO Japan Patent Office
USPTO United States Patent and Trademark
Office
KIPO Korean Intellectual Property Office
Intellectual Property Law in The Philippines
WIPO World Intellectual Property Organization
BPTTT Bureau of Patents, Trademarks and
Technology Transfer
Copyright Issues in the E-Environment
ECA 2000 Electronic Commerce Act of 2000
2014-2015 Cybercrime Report
OOC Office of Cybercrime
DOJ Department of Justice
Department of Justice – Office of
DOJ-OOC
Cybercrime
National Bureau of Investigation –
NBI-CCD
Cybercrime Division
Philippine National Police – Anti-
PNP-ACG
Cybercrime Group
DSL Digital Subscriber Line
SME Small and Medium Enterprise
ISTR Symantec Internet Security Threat Report
National Telecommunications
NTC
Commission
Cybercrime Investigation and
CICC
Coordination Center
ICTO-DOST Information and Communications
 Technology Office under the Department
of Science and Technology
VPN Virtual Private Network
National Center for Missing and Exploited
NCMEC
Children
IACAT Inter-Agency Council against Trafficking
ICSE International Child Sexual Exploitation
Inter-Agency Council against Child
IACACP
Pornography
TWG Technical Working Group
GLACY Global Action against Cybercrime
NU National University
MOA Memorandum of Agreement
United States
USHSI Manila
Homeland Security Investigations
CEOP Child Exploitation Online Protection
National Computer Forensics Training
NCFTP
Program
PHILIPPINES’ CYBERCRIME PREVENTION ACT OF 2012
TRO Temporary Restraining Order
Cybercrime: Prevention and Detection
FBI Federal Bureau of Investigation
BYOD Bring Your Own Device
Payment Card Industry Data Security
PCI-DSS
Standard

CSI CYBER KEY REVIEWER

Episode 7: URL, Interrupted
Key Word Definition
Zoey Tan victim of cyber bullying
Jordan Tan a former patient of Agent Ryan’s from her
psychotherapist days
Flintwood High School A school where bullying of Zoey
originated.
Rock Creek Park A place where search team found Zoey’s
phone
Spoofing A device or program is manipulated to
masquerade as another
 Kill Yourself Zoey Tan A website found on Zoey’s laptop
Arianna Peterson Zoey’s guidance counselor
Owen Campbell A guy who is Zoey had online relationship
with
Aaron Assistant Deputy Director Sifter’s son
One of the online bully
Jennifer a fellow student at Flintwood High
ToggleFly A site that shows undressed woman
Chesapeake Bay Zoey was headed to her father’s cabin
burner phone used to call Jordan earlier
#WorstGuidanceCounselorEver
New Hampshire A power plant whom Raven hacked after
learning from bullying and eventually
hacking

Episode 8: Selfie 2.0

Elizabeth Marks A dead abducted young women whose
social network pages are being kept up to
date
Location Service Software on your smart device that
constantly tracks your location
TrueLoveWaiting.com A dating site use by the predator who is
the kidnapper
New York a search was conducted on women
Missy Bowers She was the same age, height, hair
color/eye color to Elizabeth
She lives in Lake Placid, New York
5 foot 2 and Eyes of Blue A synonymous words from a song that
says a kidnapper’s criteria on abducting
women
Vanessa The first girl kidnapped since 2004
Jasper The kidnapper
Albany Where captive women held that was
miles away from the nearest neighbor
Episode 9: L0M1S
FAA Crisis
Miami International Airport Is where the six flights attacked were left
 L0M1S A hacker codename who attacked the
airport
Willa A sixteen year old girl who coordinated
the attack from one flight heading to San
Diego
Juice Jacking Invasion of your personal device while
you’re simply charging your battery
Denial of Service Attack Used by LOMIS to get the credit card
information of anyone who connected to
the wifi in the plane
USB plug has four ports — two for power and two
for data
Chelsea A woman who recieve a ransom message
from her phone after having charged to
the charging station at the airport
Senator Carla Finnis One of the passenger who had been
stolen a personal data by LOMIS. One of
the most affected person during the
hacking
Rachel Carrington A woman who is killed by one of the juice
jacker to install their hacking device at the
charging station
wizard hat a badge from the hacker collective
gotcha An imaginary word with irritating monster
that appears to Krumitz screen when he
failed to catch LOMIS Identity
RAT/Remote Access Trojan An illegal hacking tool used by Krumitz to
pay the ransom that appears to the
victim’s devices and eventually get
LOMIS identity.
Episode 10: Click Your Poison
Cleveland, Ohio Is where a dizzyman at the beginning got
accident by a truck
Mr Carl Bruno A guy who found dead by dumping into a
truck and appeared on the accident is pill
 bottle that falls out to his pocket
JPBPharmacy An online canadian medical scam that is
attached to a site and used by the victime
to buy a medical drugs.
ScrollMD A medical site which was hacked and
was owned by Marcus Billing
Heart Disease A wormhole on ScrollMD site which
appeared to be interconnected with non
related disease
San Antonio, Texas A placed where a middleman dealer of
illegal drugs lived.
Paul Cumming A middle man who has cancer and a
retailer of the medical drugs which he has
no idea how it’s chemical ingredients
worsen his cancer
DOT Tracking Device A tracking device attached on a trafific
post that is used to match to the VIN
number of the distributor’s car.
Randall Fung A trained pharmacist who sells the illegal
drugs to
Online Poker Site A game used to pay Fung and Paul for
thieir services
KeyMark Bank A bank in Lexington, Kentucky where the
fake drug mastermind is doing his
transaction
Sean Morris A fake drug mastermind
Episode 11: Ghost in the Machine
Chicago Is where a teenage gamer deliver a black
box containing gun
Spencer Chapman A 15 year old gamer shot with a gun
hidden in a drill
Ghost37 Spencer’s online handle
Blacklight: Retribution Spencer’s favorite FPS game
Used by the gunman to negotiate with the
gamers
Viper75 A gunman handle
 the swap space A memory in the hardrive that stores
audio and video conversation on the
console. It is used to retrieved the voice
record of Viper75 during his conversation
with Spencer
Ace Micah Gordon’s game handle and also
the second victim of Viper
Golden Beast Gamer whom Viper still the katana sword
armor to reward to other
Trigger A long time arm dealer whom Viper75
negiotiating with
Ramsey Scott The guy who found spencer dead shot on
his garden.
game transfer phenomena where players think they can what their
game avatars can do
Tampa Public Library Where FBI found Trigger
Episode 12: Bit by Bit
Detroit Where massive power outage causing
problems.
Benjamin Christos Store owner’s son of jewelry shop
Laptop with a bitcoin account Is what the hacker trying to steal
Steven Benjamin older brother
Brian Kramer Who has been robbing bitcoin accounts
botnet When hackers secretly control numerous
indiviual computers to conduct illegal
activities
Jeremy and Henry Spitz Two ex-military, found out the
Episode 13: Family Secrets
tabloid gossip Exploitation of random people’s account
and personal information
Dr Richard Chan The therapist targeted by the hacker who
hacked Avery before.
Found dead and where Avery found her
stolen hourglass
RAT(Remote Access Trojan) Malicious code that allows a hacker to
infect and control any phone, tablet, or
computer.
 Connecticut
77 patient files
Logan Reeves Former patient of Avery, who had abused
from his father who owned a steel factory
Taylor Pettis A criminal whom Krumitz intrigued with
4826 Riverside Drive where steel factory placed and where the
hacker put Avery to
Arizona Ave. A bus terminal where the Avery drop the
gun in the locker
Locker 805 With code 2005
Avery’sTemplate name Placed in the steel factory and stolen by
the hacker
Carbon Monoxide Poisoning
Delusional fantasies