Data Privacy Act Flashcards
Commission created by virtue of the data privacy act
national privacy commission
It refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and or or relating to him or her
consent
It refers to an individual whose personal information is processed
data subject
It refers to communication by whatever means of any advertising or marketing material which is directed to particular individuals
direct marketing
It refers to any act of information relating to natural or juridical persons to the extent that, although the information is not processed by equipment operating automatically in response to instructions given for that purpose, the set is structured, is there by reference to individuals or by reference to criteria relating to individuals in such a way that is specific information relating to a particular person is readily accessible
filing system
It refers to a system for generating, sending, receiving, storing or otherwise processing electronic data message and includes the computer system or other similar device by for which data is recorded, transmitted or stored and any procedure related to the recording, transmission or storage of electronic data
information and communications system
It refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to do the same on his or her behalf
personal information controller
The term personal information controller includes the person or organization who was instructed to perform or who performs the processing of personal information. True or false
False. The term only includes two person who controls or who instructs on other person to do so
It refers to any natural or juridical person qualified to act as such under the data privacy act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject
personal information processor
Determine whether or not the following are part of the scope of the data privacy act
- Processing of all types of personal information
- Any natural and juridical person involved in personal information processing
- Information about an individual who is or was an officer or employee of a government, related to his function
- Information about an individual who is or was performing service on their contract for government institution that relates to the services performed, including the terms of the contract, the name of the individual given in the course of the performance of the services
- Information relating to any discretionary benefit of a financial nature (e.g. License given by the government, name of the individual, and the exact nature of the benefit)
- Personal information processed for journalistic, artistic, literary or research purposes
- Information necessary in order to carry out the functions of public authority
- Emission necessary for banks and other financial institutions
- Personal information originally collected from residents of foreign jurisdictions in accordance with the laws of those foreign jurisdictions
1 and 2 only
These persons or afforded protection from being compelled to reveal the source of their information appearing in publications
publishers, editors or duly accredited reporters of any newspaper, magazine or periodical of general circulation
The data privacy act applies to an act done or practice engaged in and outside of the philippines by an entity if
- The act, practice or process relates to personal information about ___________________
- The entity has a link with the philippines and the entity is processing personal information in the philippines or even if the processing is outside of the philippines as long as it is about philippine citizens or residents such as but not limited to
a. _________ entered in the philippines
b. a ____________________ unincorporated in the philippines but has central management and control in the country
c. An entity that has a ____________________ in the philippines and the parent or affiliate of the philippine entity has access to personal information - The entity has other links in the philippines such as
a. The entity carries on business in the philippines
b. The personal information was collected or held by an entity in the philippines
philippine citizen or resident; contract; juridical entity; branch agency or subsidiary
Functions of the national privacy commission
- Compliance of personal information controllers
- Process complaints and investigate
- Issues cease and desist to orders; impose bans on processing
- Compare any entity to abide by its borders
- Monitor compliance of other agencies
- Coordinate with other agencies and the private sector to implement policies to strengthen the protection of personal information
- Publish on a regular basis a guide to all laws relating to data protection
- Publish a compilation of agency system of records and notices
- Recommend to the doj the prosecution and imposition of penalties under this act
- Review privacy codes voluntarily adhered to by personal information controllers
- Provide assistance on matters relating to privacy or data protection
- Comment on the implication on data privacy of proposed national or local statutes
- Legislation to laws on privacy or data protection
- Coordination with data privacy regulators in other countries
- Negotiate and contract with other data privacy authorities
- Assist philippine companies doing business abroad to respond to foreign privacy or data protection laws
- Facilitate cross-border enforcement of data privacy protection
The commission shall be attached to the department of __________________ and shall be headed by a _________________ who shall also act as _____________ of the commission
information and technology; privacy commissioner; chairman
The privacy commissioner shall enjoy the benefits, privileges and emoluments equivalent to the rank of ______________
secretary
The privacy commissioner shall be assisted by __________________
2 deputy privacy commissioners
One deputy privacy commissioner shall be responsible for _________________; the other is responsible for _______________
data processing systems; policies and planning
The deputy privacy commissioners shall and joy the benefits, privileges and emoluments equivalent to the rank of __________
undersecretary
Qualifications of the privacy commissioner
- At least ______ years of age
- A good moral character, unquestionable integrity and known probity
- A recognized expert in the field of information technology and data privacy
35
True or false. The deputy privacy commissioners must be recognized experts in the field of information and communications technology and data privacy
true
The privacy commissioner and the two deputy commissioners shall be appointed by the president of the philippines for a term of ______ and maybe reappointed for another term of _____
3 years; 3 years
True or false. Vacancies in the commission shall be filled in the same manner and which the original appointment was made
true
The commissioners or any person acting on behalf of them shall not be criminally liable for acts done in good faith in the performance of their duties. True or false
false. Civilly
True or false. Persons acting under the privacy commissioners shall be liable for willful or negligent acts done by him or witch or contrary to law, morals, public policy and good customs even if he or she acted on their orders or instructions of superiors
true
True or false. In case a lawsuit is filed against an official on the subject of the performance of his or her duties for such performance is lawful, he or she shall shoulder the cost of the litigation
false, he or she shall be reimbursed by the commission for reasonable costs of litigation
Majority of the members of the secretariat must have served for atleast ________ in any agency of the government that is involved in the processing of personal information
5 years
The processing of personal data shall be adequate, relevant, suitable, necessary and not excessive in relation to a declared and specified purpose. Personal data shall be processed by the company only if the purpose of the processing could not reasonably be fulfilled by other means. Principle of ______________
proportionality
The processing of personal data by the company shall be compatible with a declared and specified purpose which must not be contrary to law, morals or public policy. Principle of _________________
legitimate purpose
The data subject must be aware of the nature purpose and extent of the processing of his or her personal data by the company including the risks and safeguards involved, the identity of persons and entities involved in processing his or her personal data, his or her rights as a data subject, and how these can be exercised. Any information and communication relating to the processing of personal data should be easy to access and understand, using clear and plain language. Principle of ________________
transparency
These are information, whether recorded in a material form or not, from which the identity of an individual is apparent, or can be reasonably and directly asserted by the entity holding the information, or when put together with other information put directly and certainly identify an individual
personal information