Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

RFBT (Oct 2023 CPALE) > Data Privacy Act > Flashcards

Data Privacy Act Flashcards

1
Q

Individual whose personal information is processed

A

Data subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Communication by whatever means of an advertising or marketing material which is directed to particular individuals

A

Direct marketing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Person or organizations who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his/her behalf.

A

Personal information controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Personal information excludes:

a. Person who performs such functions as instructed by another person or organization
b. Individual who collects, holds, processes or uses personal information in connection with the individual’s personal, family or household affairs.
c. Choices a and b
d. None of the choices

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Natural or juridical person qualified to act as such to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.

A

Personal information processor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This principle states that processing of personal data shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specific purpose.

Hint: “…relevant, suitable, necessary, and not excessive” = should be balanced. It should be p _ _ po_ ti_ n _ t e

A

Principle of Proportionality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This principle states that processing of personal data shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy.

Hint: “…not be contrary to law, morals, or public policy”

A

Principle of Legitimate Purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data subject must be aware of the nature, purpose, and extent of the processing of his/her personal data by the company. What principle is this?

Hint: “…must be aware…”

A

Principle of Transparency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Refers to any operation or any set of operations performed upon personal information

A

Processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

True or false: Personal information must be collected for specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection, and later processed in a way compatible with such declared, specified and legitimate purposes only.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The following are criteria for lawful processing of personal information, except:

a. Data subject has given his/her consent
b. Processing is necessary for compliance with a legal obligation to which the personal information controller is subject
c. Processing is necessary and in which it may or may not be related to the fulfillment of a contract with the data subject
d. Processing is necessary in order to protect vitally important interests of the data subject

A

c.

“…necessary and is related to the fulfillment of a contract”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.

A

Privileged information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Juan has the following personal information

Marital Status: Single
Age: 24 y/o
Ethnic origin: Aeta

What do you call these information?

a. Sensitive personal information
b. Privileged information
c. Choices a and b
d. None of the choices

A

a.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Luis went to the church to confess his sins to priest, Fr. Mariano.

What information will Fr. Mariano receive when Luis makes his confessions?

a. Sensitive personal information
b. Privileged information
c. Choices a and b
d. None of the choices

A

b.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True or false: A personal information control can never subcontract the processing of personal information in order to protect the data subject.

A

False.

The personal information controller shall be responsible for ensuring that proper safeguards are in place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

This right of the data subject states that such shall be informed whether personal information pertaining to him/her shall be, are being, or have been processed.

a. Right to object
b. Right to informed consent
c. Right to withhold consent
d. Right to access

A

b.

17
Q

The data subject shall have the right to object to the processing of his/her personal data, including processing for direct marketing, automated processing or profiling.

a. Right to object
b. Right to informed consent
c. Right to withhold consent
d. Right to access

A

a.

18
Q

Data subject shall be notified and given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the data subject.

a. Right to object
b. Right to informed consent
c. Right to withhold consent
d. Right to access

A

c.

19
Q

Data subject shall have the right to dispute the inaccuracy or error in the personal information and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable.

a. Right to object
b. Right to informed consent
c. Right to withhold consent
d. Right to correction

A

d.

20
Q

The data subject has the right to suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s filing system

a. Right to erasure
b. Right to informed consent
c. Right to withhold consent
d. Right to access

A

a.

21
Q

The data subject shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.

a. Right to object
b. Right to informed consent
c. Right to damages
d. Right to access

A

c.

22
Q

Right of the data subject to obtain from the personal information controller a copy of data, where personal information is processed by electronic means and in a structured and commonly used format.

a. Right to object
b. Right to use
c. Right to data portability
d. Right to access

A

c.

23
Q

When a data subject dies, who may invoke the rights of the data subject for which he/she is an heir/assignee?

A

Lawful heirs and assigns

24
Q

When there is a data breach, the Commission shall be notified within _____ hrs. upon knowledge of or reasonable belief by the personal information controller/processor.

a. 72
b. 48
c. 24
d. 12

A

a.

25
Q

When shall there be no delay in the notification?

A
  1. When it involves at least 100 data subjects; or
  2. Disclosure of sensitive personal information will harm/adversely affect data subject
26
Q

The following are requirement by the National Privacy Commission in relation to the Data Privacy Act

A
  1. Registration of personal data processing systems operating in the country that involves accessing or requiring sensitive personal information of at least 1,000 individuals
  2. Notification of automated processing operations
  3. Annual report of the summary of documented security incidents and data breaches
  4. Compliance with other requirements
27
Q

Who is responsible for all sensitive personal information maintained by the government, its agencies, and instrumentalities?

A

Head of each gov. agency/instrumentality

28
Q

What is the penalty for unauthorized processing?

A

Personal information: 1-3 yrs. imprisonment, fine of P500k - P2M

Sensitive Personal information: 3-6 yrs imprisonment, fine of P500K - P4M

29
Q

What is the penalty when a person, due to negligence, accesses personal information without being authorized?

A

Personal information: 1-3 yrs. imprisonment, fine of P500k - P2M

Sensitive Personal information: 3-6 yrs imprisonment, fine of P500K - P4M

30
Q

What is the penalty for improper disposal of personal information?

A

Personal information: 6 mos. - 2 yrs. imprisonment, fine of P100K - P500K

Sensitive Personal information: 1-3 yrs imprisonment, fine of P100K - P1M

31
Q

What is the penalty for processing for unauthorized purpose?

A

Personal information: 1 yr & 6 mos - 5 yrs. imprisonment, fine of P500k - P1M

Sensitive Personal information: 2-7 yrs imprisonment, fine of P500K - P2M

32
Q
A

RFBT (Oct 2023 CPALE) (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions