data privacy act

Question 1

Its purpose is to ensure that personal information and communications systems in
government and in the private sector are secured and protected.

Answer 1

Data Privacy Act of 2012

Question 2

the other name of data privacy?

Answer 2

Information privacy

Question 3

R.A is also known as “Data Privacy Act of 2012”

Answer 3

R.A 10173

Question 4

When was the Data Privacy Act of 2012 approved?

Answer 4

a. August 15, 2012

Question 5

total number of sections under the “Data Privacy Act of 2012”

Answer 5

45

Question 6

6. Who is the president who signed the approval of “Data Privacy Act of 2012”

Answer 6

Gloria Macapagal Arroyo

Question 7

7. Who is in charge of administering and implementing the DPA?

Answer 7

National Privacy Commission

Question 8

What is one of the major functions of NPC?
a.

Answer 8

Policymaking

Question 9

is to educate the public about data privacy, data protection, and fair information rights
and responsibilities.

Answer 9

Advisory

Question 10

It is to manage the registration of personal data processing systems.

Answer 10

Compliance and monitoring

Question 11

refers to the commission that is created by virtue of the RA 10173.

Answer 11

National Privacy Commission

Question 12

It refers to a system for generating, sending, receiving, storing or otherwise processing
electronic data messages or electronic documents.

Answer 12

Information and Communications System

Question 13

13. It refers to a person or organization who controls the collection, holding, processing, or
    use of personal information.

Answer 13

Personal Information Controller

Question 14

It refers to any natural or juridical person qualified to act as such under this Act to
whom a personal information controller may outsource the processing of personal data
pertaining to a data subject.

Answer 14

Personal Information Processor

Question 15

It refers to any and all forms of data which under the Rules of Court and other pertinent
laws constitute privileged communication.

Answer 15

Privileged Information

Question 16

1. Data privacy does not apply to clinical laboratories because they handle sensitive data or
   information related to their patients.
   t or f

Answer 16

f

Question 17

Data privacy is connected with data security
t or f

Answer 17

true

Question 18

Data Privacy Act of 2012 requires each organization to appoint Data Protection Officer (DPO)

Answer 18

(TRUE)

Question 19

DOH is tasked to monitor and ensure compliance of the Philippines with international standards
for personal data protection. ()

Answer 19

FALSE

Question 20

Data privacy is a subset of data protection that focuses on the proper handling of data ()

Answer 20

TRUE

Question 21

ra 10173 is also known as the “Data Privacy Act of 2010” (

Answer 21

false

Question 22

the policy of the State to protect the fundamental human right of privacy and communication
to promote innovation and growth. ()

Answer 22

TRUE

Question 23

The consent of the data subject can be evidenced by written, electronic, or recorded means.
()

Answer 23

TRUE

Question 24

ra 10173 does not apply to the processing of all types of personal information and to any natural
and juridical person involved in personal information processing. ()

Answer 24

false

Question 25

Data Privacy Act of 2012 does not apply to personal information processed for journalists,
artistic, literary, or research purposes. ()

Answer 25

TRUE

Question 26

It refers to any freely given, specific, informed indication of will, whereby the data
subject agrees to the collection and processing of personal information relating to them.

Answer 26

coinsent

Question 27

It refers to an individual whose personal information is processed. (

Answer 27

A. Data Subject)

Question 28

It refers to any operation or any set of operations performed upon personal information.
(E. )

Answer 28

Processing

Question 29

It refers to communication by whatever means of any advertising or marketing material
which is directed to particular individuals. (

Answer 29

C. Direct Marketing)

Question 30

It refers to any information whether recorded in a material form or not, from which the
identity of an individual is apparent or can be directly ascertained. (

Answer 30

D. Personal
Information)

Question 31

What does the Data Privacy Act of 2012 primarily aim to protect?

Answer 31

Answer: b) Personal data privacy

Question 32

Which government agency in the Philippines is responsible for implementing the provisions of
the Data Privacy Act?

Answer 32

b) National Privacy Commission

Question 33

What is the maximum fine, in Philippine Pesos, for offenses under Section 37 (Unauthorized
Processing of Personal Information) of the Data Privacy Act?

Answer 33

b) ₱1,000,000

Question 34

Sensitive personal information, as defined by the Data Privacy Act, includes details such as:

Answer 34

c) Credit card number

Question 35

The individual to whom personal data pertains is referred to as:

Answer 35

data subject

Question 36

An entity or person who determines the purpose and means of processing personal
information.

Answer 36

Personal Information Controller

Question 37

Permission provided by the data subject for the processing of their personal data.

Answer 37

Consent

Question 38

An individual appointed by a personal information controller to ensure compliance with the
Data Privacy Act.

Answer 38

Data Privacy Officer

Question 39

The person to whom the personal data pertains.

Answer 39

_____ Data Subject

Question 40

The government agency responsible for enforcing the Data Privacy Act.

Answer 40

National Privacy Commission

Question 41

The Data Privacy Act of 2012 only applies to large corporations.
Answer:

Answer 41

False

Question 42

Data subjects have the right to request access to their personal data and have it
corrected if it’s inaccurate.
Answer:

Answer 42

True

Question 43

Consent of the data subject is not required when processing sensitive personal
information.
Answer:

Answer 43

False

Question 44

The National Privacy Commission is responsible for enforcing the provisions of
the Data Privacy Act.

Answer 44

Answer: True

Question 45

True or False: Data privacy rights under the Data Privacy Act may not be waived or forfeited by
the data subject.
Answer:

Answer 45

False

Question 46

Subjected to the guidelines that the Commission issued in Section 20. Security of
Personal Information is the regular monitoring and implementation of preventive,
corrective, and mitigation processes for any security breaches. (t o f)

Answer 46

TRUE

Question 47

The employees, agents or representatives of a personal information controller who are
involved in the processing of personal information shall operate and hold personal
information under strict confidentiality if the personal information is not intended for
public disclosure. ()

Answer 47

TRUE

Question 48

The Commission can authorize postponement of notification to determine the scope of
the breach, to prevent further disclosures, or to restore reasonable integrity to the
information and communications system. ()

Answer 48

TRUE

Question 49

It was stated in Section 20. Principle of Accountability that each personal information
controller is responsible for personal information under its control or custody, including
information that has been transferred to a third party for processing, whether domestically
or internationally, subject to cross-border arrangement and cooperation. (t or f)

Answer 49

FALSE

Question 50

As recommended by the Commission, all sensitive personal information maintained by
the government, its agencies and instrumentalities shall be secured with the use of the
least appropriate standard recognized by the information and communications technology
industry. )

Answer 50

(FALSE

Question 51

A request of approval is an important requirement for accessing agency personnel and
sensitive personal information. (t or f )

Answer 51

TRUE

Question 52

Even without the approval and security clearance from the head of the agency, employees
of the government can still access sensitive personal information. (t or f )

Answer 52

FALSE

Question 53

Any technology used to store, transport or access sensitive personal information for
purposes of off-site access approved under this subsection shall be secured by the use of
the most secure encryption standard recognized by the Commission. (t or f )

Answer 53

TRUE

Question 54

Any technology used to store, transport or access sensitive personal information for
purposes of on-site access approved under this subsection shall be secured by the use of
the most secure encryption standard recognized by the Commission. (t or f )

Answer 54

FALSE

Question 55

10. The improper disposal of personal information shall be penalized by imprisonment
    ranging from one (1) month to three (3) years and a fine of not less than One hundred
    thousand pesos (Php100,000.00) but not more than Five hundred thousand pesos
    (Php500,000.00). ()

Answer 55

FALSE

Question 56

What section indicates the “Responsibility of the Heads of Agencies”?

Answer 56

Section 22

Question 57

12. What type of access should be applied when sensitive personal information is transported
    and maintained from a location off government property?

Answer 57

Off-site Access

Question 58

If a request is approved, the head of the agency shall limit the access to ________ records
at a time.

Answer 58

Not more than 1, 000

Question 59

14. The __________ is accountable for complying with the requirements of this Act and shall
    use contractual or other reasonable means to provide a comparable level of protection while the
    information is being processed by a third party.

Answer 59

Personal Information Controller

Question 60

What type of access should be applied if sensitive personal information is maintained on
government property and online facilities?

Answer 60

On-site and Online Access