ALANO, JULIUS N. TM 298 – Data Privacy and Info.

Security
2018 – 20700 Atty. Elson B. Manahan
Requirement 3: ESSAY EXAM

Questions:
1. What are the three data privacy principles, what are their key traits, and what are
their differences?
The three data privacy principles are transparency, legitimate purpose, and
proportionality. These principles serve as a guidance in the processing of personal data.
Through transparency, the data subject must be aware and well-informed on how the
personal data will be used by the personal information processor in manner that will be
understood in a clear and plain language. In legitimate purpose, personal data of the
data subject must be processed as specified in the purpose that is not contrary to the
law, moral, or public policy. With proportionality, information that should be processed
and acquired from the data subject must comply on the specified purpose and
requirement to avoid excessive unnecessary information.
2. What is the CIA Triad, what are the key traits, and what are their differences?
The CIA triad which CIA means confidentiality, integrity, and availability, is a model
created to serve as a guide in the policy making for information security in an
organization. The CIA triad’s primary goal is to protect and secure all information in an
organization. Confidentiality protects sensitive and private information from an
unauthorized access which must follow the principles of identification, authentication,
and authorization. Integrity promotes accuracy and assurance of information from being
modified from unauthorized individual which also involves the protection and storage of
data. Availability refers to the accessibility or the channels on how the data will be
accessed by an authorized person at any time.
3. What is the relation of Data Privacy and Information Security? Is one a subset of
the other? If yes, which one is the subset and why? If no, are there overlaps or
conflicts between them?
The relation of data privacy and information security is that their objective is to
protect data and information. They differ on their centricity as data privacy is individual
centric while information security is infrastructure centric. Information security is a
subset of data privacy as the information security is a means of protecting an individual
or organization’s data and information including private data in terms of access,
disclosure, modification, and/or destruction. Information security must also comply to
the data privacy guidelines as to where it is being used and applied. Data privacy
ensures transparency, legitimacy, and proportionality while information security is
necessary to comply with data privacy principles wherein confidentiality, integrity, and
availability principles comes in.