Mastering the Relationship between

PICs, PIPs, and Crossboarder

Data Flow
Atty. Raul R. Cortez
Legal and Corporate Affairs Director
Microsoft Philippines, Inc.
Our world
 Our Topic
Speaker
• Why is there a need to master the relationship of PICs and PIPs?

Briefing
• What is the importance of mastering the nuances of crossboarder
data flows?

COMPLIANCE
and
GENUINE DESIRE TO PROTECT OUR CUSTOMERS
 Fine of
Php 100k – 5M
Imprisonment
from 6 months
to 7 years
 Additional
Penalty – Disqualification
from Public Office
Public Official
 Rule X. Outsourcing and
Subcontracting Agreements
•
Speaker
Obligations Imposed on a personal information processor
Processing only upon documented instructions of PIC including transfers to other countries
•
•
Briefing
Ensuring confidentiality
Implementation of appropriate security measures
• Not subcontract without consent
• Help PIC to fulfill obligations to respond to requests of data subjects
• Assist PICs with compliance requirements of the Act and other laws
• Destruction or return of data
• Make records of compliance available
• Other matters related to implementation and administration of the Act
Building a framework for trust
 Data Encryption Points
We work to protect your data across all communications stages.

Data in transit Data at rest End-to-end encryption of

Data in transit between a
between data centers communications
user and the service
between users

Protects user from Protects from bulk Protects from removal of Protects from interception
interception of their interception of data physical media or loss of data in transit
communication and helps between users
ensure transaction integrity
End-to-End Data Encryption Commitments
Microsoft is enhancing encryption services for customers

Implement perfect forward secrecy

with 2048-bit security for users
interacting with our services to
protect their communications from
interception

Aggressively roll-out encryption of

customer content between data
centers
The shift from on-premises IT to Your business leaders, partners, and
cloud computing comes customers expect your offerings will
with compliance and be consistent with standards,
regulatory challenges regulations, and the law
 What a compliant
cloud offers
More protection against data leaks and breaches

Less risk of regulatory or legal sanctions

International privacy and security standards

Respect for the rules of highly

regulated industries

Lower overall risk profile for

your data and business
Achieving compliance
on your own is
not simple
Compliance can be complex,
time consuming, and costly

Technology, standards, and regulations

are always evolving

Is compliance an obstacle to deploying

new technologies in your business?

Microsoft can help

How Microsoft will
help you
Microsoft cloud is already compliant with the most
relevant standards and regulations
Microsoft has assembled substantial compliance
technology, resources, and staff
Microsoft is committed to tracking and complying
with new and changing standards
Microsoft will fight for the legal rights
of its customers
Microsoft helps you turn compliance into
a competitive advantage for your business
Our legal and
compliance leadership
We strive to be first to market with key new standards
• First with CJIS compliance for law enforcement
• First with ISO 27018 cloud privacy standard
• First with key regional standards—e.g., CS Mark (Japan), CCSL IRAP, and
MTCS (Singapore)

We anticipate major regulatory issues that impact you

• With EU-US Safe Harbor in jeopardy, built Model Clauses approved by
all 28 EU members
• Datacenters in your region or country to address data residency and
sovereignty requirements
• Flexible cloud architectures to meet technical and regulatory needs

We fight for your legal rights

• Challenged US government three times, including Dublin Warrant Case
Cross-industry international standards
Plus standards spanning verticals and regions
Healthcar
e

Manufacturin
g

Educatio
n

Financial
services

Government
and law
enforcement
A cloud you can trust

“Businesses and users are going

to embrace technology only if
they can trust it.”
– Satya Nadella