NOTE: This version of the ITBS Smart Country Ecosystem App is specially modified and customized with the aforementioned laws with its objectives and purposes, and in relation with DILG Memorandum Circular No. 2005-69 and to the RESPONSE Cluster functions as stated on the RA 10121, IRR Rule 3, Section 2 in order to serve its purpose in the context of Emergency, Crisis and Disaster management using an accurate data and information from the grass-roots level to address priorities and concerns during emergencies and disasters.
Data Processing System
Upon registration to the application, the Data Subject, as defined in the RA 10173, will be asked to provide their personal information and accept the terms and conditions by saving the information with their consent. The data subject must be provided specific information regarding the purpose and extent of processing, including, where applicable, the automated processing of personal data for profiling, or processing for direct marketing, and data sharing. The purpose will be determined and declared before or, as soon as reasonably practicable, after collection. Only personal data that is necessary and compatible with declared, specified, and legitimate purpose shall be collected.
This will be used for major purposes such as Citizen Registration, Repatriation for OFW/s, OF/s and Foreign Tourists, PNPKI application and for Health Services, Social Services and other Government Services during Emergencies, Crisis and Disaster Response Management. The information gathered will be shared with concerned government agencies. It will also be shared with the Local Government Unit/s (Barangay, Municipalities City/s) who analyze, utilize and update the data provided by the application in digital form in compliance with the DILG Memorandum Circular No. 2005-69, issued July 21, 2005, requiring the maintenance and updating of record of all Inhabitants of the Barangay. The personal information will be asked in order to access the application services up to the fullest extent possible.
The Data Subject may have a choice not to disclose their personal information to the application. However, they may not be able to access the whole functionality of the application, and the benefits accruing to the constituent.
What are the Personal Information collected and how are they used?
Any personal or private information collected through the mobile application shall be used for any legitimate purposes as provided by the law. This information may be shared to any authorized personnel who may need it to continue and complete processes.
Disclosure of Personal Information
The personal information of the user shall not be disclosed without their consent. However, once the user agrees to the Terms and Conditions set by the application, this means that the user agrees that personal information will be disclosed to authorize personnel only for any legitimate and beneficial purpose it may serve.
Disclosure to Healthcare Professional
To highlight even more the functionality and importance of the application system in today’s crisis, an authorized healthcare professional will be given access to the selected information needed by the health sector in order to assess and analyze the current situation faced by the sector. The authorized personnel will be given access to the assessment result, location, contact number, and other personal information that may be needed to contact the citizen concerned.
Disclosure to Government Official
Since this app aims to promote transparency and streamline processes for the government, the information provided will be disclosed to authorized government official for the purpose of monitoring and verifying the help and assistance extended to the citizen. The information that will be disclosed to the authorized government official are the following: user’s VALID ID, name, address, and contact number.
Deactivation and Re-Activation of Account
The ITBS as the Data Processor will only conduct any actions and assistance to the Government/Institutions as the Data Controller relative to deactivation and Re-Activation of any Data Subject records and information will be based on the conducted validation and verification of the Administrator (end-user) from the affiliated government unit/agencies/office or other institutions, which is complied in any grounds as stated on the provision based on RA 11055, IRR, Section 9 and 10.
Amendment or Change of Entries
The ITBS as the Data Processor shall comply in any provisions reiterated in RA 11055, IRR, Section 11 and RA 10173.
The OTP will be used to access the CITICEN REGISTRATION MANAGEMENT SYSTEM (CRMS) GENERATOR. This feature is where the approved applicant may generate a unique digital signature in the form of a QR Code. Prior to the generation of a QR Code, however, the approved applicant shall be required to upload a set of government-issued IDs to again authenticate and validate the approved applicant. These digital copies will be saved in the application and may be used for future authentication and validation of the approved applicant.
The apps have an ADD DOCUMENT feature. This is where legal documents are uploaded for transmission to the receiver. Prior to transmission, the system shall prompt the approved applicant (now referred to as the “Sender”), to fill out, among others, the Name of Sender, the Name of Addressee and the Purpose/Nature of the document to be transmitted. In turn, the system shall automatically generate the Date and Time and the Reference Number of the document. This unique Reference Number shall also contain the Region, Province, City, Barangay, Citizen ID number and the IMEI number of the Sender. This information is then embedded on the QR Code and is attached to the document as a stamp of its authenticity.
Finally, to verify the authenticity of the digital signature on the document, the receiver may either use the VERIFY Button of the application or the camera of the smart phone (with the ability to read a QR Code). With the VERIFY button command, a screen shall prompt the receiver to input the Document Title/Reference Number or, by using the phone camera, scan the QR Code. Either of these actions will display the information embedded in the digital signature attached to the document. The document will only be considered valid once the details generated from the QR Code match the details written in the document, otherwise, the QR Code is deemed falsified. To further enhance the integrity of the system, Reference Numbers are blockchained for historical verification.
Layers of Security:
1. BARANGAY LEVEL:
The Barangay conducts registration through its Certified Registration Officer (CRO) and could verify newly registered barangay inhabitant (Citizen) based on its Full Name, Middle Name, Last Name, Age, Address, Contact Number and Blood Type, pertaining on the submitted Government IDs and Documents as proof of his/her registration using the Mobile Registration App (MRP). If the Data Subject (person owned the personal information) has unable to submit any required IDs and documents, his/her registration status will be on PENDING STATUS from the Barangay Admin User-Interface/Dashboard during the suggested period of time, until the required IDs and Documents will be submitted. The Data Subject will receive ”daily, weekly, or monthly” notification, reminding to submit their required documents within six (6) months in order to verify all entries of information during registration for Barangay Certification purposes.
The Barangay Admin User-Interface/Dashboard has automatic access point to the Local Civil Registry (LCR) User-Interface/Dashboard for validation, verification of the submitted data/information and documents from the Barangay Inhabitant Records Registration System (BIRRS). The LCR will conduct verification and validations of the submitted data/information of documents from the BIRRS based on their records of documents such as Birth Certificate, Marriage Certificate, Death Certificate, and Alien Registration Certificate for the authentication process of the Barangay Inhabitant Registration Information (BIRI).
The Barangay Administrator/ Secretary/ or BDRRMO has their access to their User-Interface/Dashboard with filtered and limited information of the basic Data Subject Information (DSI) only such as; First Name, Middle Name, Last Name, Age, Gender, Address, Blood Type, Contact Number/Email Address and Facial ID.
The Barangay Administrator/ Secretary/ or BDRRMO can also monitor the daily progress of the Barangay Inhabitant Registrations, conducted by its CRO which is accredited by the Local Government Unit (LGU) through its LCR.
The Barangay Inhabitant Records Registration (BIRR) actions, facilitated by CROs can be monitor the numbers of registered inhabitants within particular Purok or Communities, also the Basic Personal Information of the registered inhabitants on a daily basis, especially during registration implementation through the BIRRS.
DISCLAIMER: From Barangay User-Interface to LCR User-Interface;
2. CITY/MUNICIPALITY LEVEL:
Data Subject Personal Information:
Data Subject Personal Information:
Aside from personal information, the application and the system also collect non-personal information that does not completely concern the user. The authorized personnel may view, share, transfer, and use the non-personal information for whatever purpose it may serve as long as it is legitimate and beneficial to the government.
Note that any non-personal information combined with any personal information will be considered as personal thus, guidelines for personal information shall be followed.
Protection of Personal Information
Aside from the functionality of the system, the developers also give importance to the data collected and the role it plays in formulating the solution for a crisis. Along with this, equal importance is given to the security of the personal information collected by the application. The system uses a private cloud where all the information obtained will be securely stored by utilizing advance security technologies and methodologies. These security measures are updated regularly to counter new and more sophisticated threats.
Finally, personal data is aggregated and kept in a form which does not permit identification of data subjects.
Integrity and Retention of Personal Information
The information gathered by the application will be updated, stored, and retained in the databank as long as they serve their purpose. Even after a crisis, this information may still be used for community development and in building-back better. Otherwise, the information may be disposed in a secured and proper manner in such a way that it cannot be processed anymore by any unauthorized entity.
Privacy Rights of the Users
In general, the right of the user, as contained in the Republic Act No. 10713, is paramount in the development of the system. This includes the right to keep his information updated and/or corrected. Any requests that are deemed unnecessary and inappropriate will be declined and rejected.
What are cookies? These are small data files that are being written in to the user’s device once the application has been visited. These cookies have been put in to use in order to maximize the functionality of the application and provide a better user experience. Also, these cookies provide aid in the secure collection of information, more specifically the non-personal one. However, these cookies also give access to the collection of the different identifiers such as Internet Protocol (IP) Address, which, as per the law, are considered as personal information.