Scribd Logo
Upload

Welcome to Scribd!

  • 02 Screening and Accreditation PIA

    Uploaded by

    Tin Miguel
    22 views10 pages
    The screening and accreditation process collects personal information such as names, ages, and medical records to validate qualifications of learners and coaches to participate in athletic events. This presents a high privacy risk if the data is breached, altered, or used for unauthorized purposes, as it could enable identity theft, improper qualification or disqualification from events, and other harms. However, it provides the key benefit of fairness in sports. Controls like consent forms, locked storage, backups, and anonymization help reduce risks, but further assessment is needed to ensure privacy is adequately protected given the high risk level.

    Original Description:

    ppt screening and accreditation

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The screening and accreditation process collects personal information such as names, ages, and medical records to validate qualifications of learners and coaches to participate in athletic events. This presents a high privacy risk if the data is breached, altered, or used for unauthorized purposes, as it could enable identity theft, improper qualification or disqualification from events, and other harms. However, it provides the key benefit of fairness in sports. Controls like consent forms, locked storage, backups, and anonymization help reduce risks, but further assessment is needed to ensure privacy is adequately protected given the high risk level.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views10 pages

    02 Screening and Accreditation PIA

    Uploaded by

    Tin Miguel
    The screening and accreditation process collects personal information such as names, ages, and medical records to validate qualifications of learners and coaches to participate in athletic events. This presents a high privacy risk if the data is breached, altered, or used for unauthorized purposes, as it could enable identity theft, improper qualification or disqualification from events, and other harms. However, it provides the key benefit of fairness in sports. Controls like consent forms, locked storage, backups, and anonymization help reduce risks, but further assessment is needed to ensure privacy is adequately protected given the high risk level.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    Screening and Accreditation

    Draft Privacy Impact Assessment


    August 6, 2018
    Step 1: Define the Process
    1. What data is being collected by this process Name of learner, age, grade level, LRN, Form 137,
    (list all, including personal as well as non- address, name of parents, Government-issued
    personal)? identification, dental and medical records
    2. Which data (if any) is considered sensitive Name of child, age, height, weight, gender, LRN,
    personal information (underline these)? medical records

    3. Who are we collecting this data from? Learner, parents, guardian, schools (form 137),
    4. How are we collecting this data? coaches
    Prescribed form, form 137, PSA birth certificate

    5. Why is this data being collected?


    6. Will we use this data to make any decisions To validate the qualifications of the learner and
    that have a legal effect on the data subject? coaches
    Yes. Data will b used for qualifying individuals

    7. Who will be handling and accessing this data? National Screening and Accreditation
    8. Will the data be shared with any other Committee, Regional Screening and
    organizations? Accreditation Committee, Division Screening
    and Accreditation Committee
    9. What is the key benefit/s the data subject
    gets from this process? Fairness; to ensure that the learner who will
    10. What is the key benefit/s for the community participate in athletic meet is indeed qualified
    or society? based on age and school affiliation. Sports
    Step 2:
    Ensure that processing is legally allowed and in compliance with the Data Privacy Act of 2012.

    1. What is the legal basis for collecting this RA 10558 “Palarong Pambansa Act”
    data No. There have been cases of impersonation,
    2. Are we over-collecting improper qualifications, fraud

    3. How will consent be obtained Through registration and consent forms


    4. Do individuals have the opportunity Yes. If they decline to provide information,
    and/or right to decline to provide data they will not be allowed to join the athletic
    5. What happens if they decline meet

    6. How will the data collected be checked for Based on public document ssuch as birth
    accuracy certificate, form 137
    7. How will data subjects be allowed to There are processes for correction of data
    correct errors, if any (gender – for PB only)
    8. Will the data be re-used
    Yes, for verification in the succeeding athletic
    9. How
    meet. Due to attempts of impersonation, etc.

    10. How long are we required to keep the 15 years.


    data Align DepEd Records Manual, in accordance
    with guidelines of National Archives of the
    11. How do we plan to dispose of the data
    Philippines. Returned to the parents
    Threats and Risks

    Theft Earthquake Human Error

    Espionage Eavesdropping Image Capture

    Loss Phishing Man-in-middle

    Fire Ransomware Forgery/impersonation

    Flood Online Redirection

    SW Malfunction HW Malfunction Malice


    Step 3:
    Define the the probability that the activity involving data
    will result in harm, or a loss of the rights and freedoms of the data subject.
    1. How easy would it be to identify me (on a scale of 1 to 1: virtually impossible
    4) if this data were to be breached or exposed? 2: difficult but possible
    3: relatively easy 4
    4: extremely easy

    2. What things might happen if someone unauthorized 1: slight inconvenience


    gets this data 2: stressful inconvenience
    3. How might this happen (describe scenario/s) 3: major difficulties
    3
    4. How much damage would this cause me (on a scale of 4: extreme consequences 3 impersonation
    1 to 4) 4

    5. What things might happen if someone alters or 1: slight inconvenience 4


    changes my data 2: stressful inconvenience 3 improper
    6. How might this happen (describe scenario/s) 3: major difficulties
    qualification/disqualification
    7. How much damage would this cause me (on a scale of 4: extreme consequences
    1 to 4) 3
    8. What things might happen if this data suddenly 1: slight inconvenience
    becomes unavailable 2: stressful inconvenience 4 cannot participate
    9. How might this happen (describe scenario/s) 3: major difficulties 3 improper
    10. How much damage would this cause me (on a scale of 4: extreme consequences qualification/disqualification
    1 to 4) 4

    11. What things might happen if this data is used for 1: slight inconvenience Improper screening
    other purposes 2: stressful inconvenience Credit Card Scams
    12. How might this happen (describe scenario/s) 3: major difficulties 4
    13. How much damage would this cause me (on a scale of 4: extreme consequences
    Improper
    qualificat
    Alterati ion/disqu
    Extreme
    on alificatio
    n

    S ID
    theft
    E
    Major
    V
    E
    R
    I Loss of
    Stressful data
    T
    Y

    Telemark
    Slight eters

    Nil Low Med High


    Nil Low Med High
    Privacy Risk
    LIKELIHOOD Map
    Step 4: Review existing controls, if any. Identify new controls using privacy-by-design principles
    Cost/Effort
    (H/M/L
    Is there a way we can increase the Waiver and consent forms
    benefits provided? If yes, how? Data privacy notices M
    Separate screening forum (photo gallery)

    Is there a way we can collect less data


    Separate screening forum (photo
    and thus reduce the exposure level? gallery not for the public)
    L

    How can we reduce the privacy risks Locked filing cabinet/ secured
    related to someone unauthorized getting connection and devices L
    this data? Security Clearances

    How can we reduce the privacy risks Have parent/child/coach/chaperone/adviser


    related to someone altering or changing verify the data and correct data if necessary L
    Implement Security Clearances
    the data?
    How can we reduce the privacy risks Backup copy (e.g. use encrypted
    related to the data suddenly becoming multimedia devices) if original is M
    inaccessible? lost
    How can we reduce the privacy risks Anonymize the data / Coding (Not
    related to re-using the data for other L
    LRN)
    purposes?
    Step 5:
    Summary (for sign-off by the “Chief Executive”)

    Process
    Screening and Accreditation

    Legal Purpose
    Screening of qualified participants to
    Palarong Pambansa

    Providing this benefit


    (H/M/L) (High)

    Privacy risk (H/M/L)


    (High)

    Controls Organizational: Require Authoritzation


    and Security Clearance
    Physical: Filing cabinet with lock
    Technical: Backup, Anonymization
    Overall Assessment
    For Further Assessment
    Program,
    Impact
    Process, or Privacy Risk Benefit Controls
    Assessment
    Measure

    Screening HIGH HIGH For further


    MEDIUM
    evaluation

    For further
    Accreditation High High Medium
    evaluation
    END

    You might also like