Data Privacy Act Flashcards

1
Q

Commission in the Data Privacy Act

A

National Privacy Commission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Any freely given, specific, informed indication of will.

A

Consent of data subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Individual whose personal info is processed

A

Data subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Any act of information relating to natural or judicial persons to the extent that set is structured so that specific information relating to a particular person is readily accessible

A

Filing system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

System for generating, receiving, storing or processing electronic data messages or electronic documents

A

Information and Communication System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Person or organization who controls the collection, holding, processing or use of personal information

A

Personal information controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Person or organization who controls the collection, holding, processing or use of personal information is not a PERSONAL INFORMATION CONTROLLER if:

A
  1. Performs functions as instructed by another person/organization
  2. Processes personal info in connection with personal family or household affairs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

To whom a personal information controller may outsource the processing of personal data

A

Personal information processor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the scope of application of the Data Privacy Act?

A
  1. Processing of all types of personal info
  2. Any natural or juridical person involved in personal information processing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Privacy Act does not apply in the following cases:

A
  1. Info about any individual who is/was an officer of a government institution
  2. person performing service under contract for a government institution
  3. discretionary benefit of a financial nature
  4. personal info processed for journalistic, artistic, literary or research purposes
  5. info necessary to carry out functions of public authority
  6. info necessary for banks and other financial institutions
  7. personal info collected from residents of foreign jurisdictions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Does the Data Privacy Act have extraterritorial application? Does it apply to an act done or practice engaged in outside the Philippines?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three data privacy principles under which processing of personal information is allowed?

A
  1. Principle of proportionality
  2. Principle of legitimate purpose
  3. Principle of transparency
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Information from which the identity of an individual is apparent, can be reasonably or directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual

A

Personal information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Who must ensure implementation of personal information processing principles?

A

Personal information controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are considered privileged information?

A
  • Attorney-client privileged info
  • Doctor-patient privileged info
  • Marital privileged communication
  • Priest-confessor privileged info
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is included in SENSITIVE PERSONAL INFORMATION?

A
  1. race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations
  2. health, education, genetic or sexual life, proceedings for any offenses committed or alleged to have been committed, disposal of any proceedings, or the sentence of any court
  3. issued by government agencies peculiar to the individual (social security numbers, previous or current health records, licenses or its denials, suspension or revocation, tax returns)
  4. specifically established by an EO or act of Congress to be kept classified
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Who is responsible for ensuring that proper safeguards are in place to ensure:
1. the confidentiality of the personal information processor
2. prevent its use for unauthorized purposes
3. comply with the requirements of the Data Privacy Act and other laws for the processing of personal information

A

Personal information controller

18
Q

Identify if personal info, sensitive personal info or privileged info

Gender

A

Personal info

19
Q

Identify if personal info, sensitive personal info or privileged info

School graduated from and date graduated

A

Sensitive personal info

20
Q

Identify if personal info, sensitive personal info or privileged info

Laptop’s IP address

A

Personal info

21
Q

Identify if personal info, sensitive personal info or privileged info

Email address

A

Personal info

22
Q

Identify if personal info, sensitive personal info or privileged info

Bank account number

A

Sensitive personal info

23
Q

Identify if personal info, sensitive personal info or privileged info

Home address

A

Personal info

24
Q

Identify if personal info, sensitive personal info or privileged info

Income tax return

A

Sensitive personal info

25
Identify if personal info, sensitive personal info or privileged info Location
Personal info
26
Identify if personal info, sensitive personal info or privileged info Court cases filed against the individual
Sensitive personal info
27
Disclosures made to an auditor
Privileged info
28
What are the eight rights of a data subject?
1. Right to Informed Consent 2. Right to Object 3. Right to Withhold Consent 4. Right to Access 5. Right to Correction 6. Right to Erasure 7. Right to Damages 8. Right to Data Portability
29
(T/F) The lawful heirs and assigns of the data subject may invoke the right of the data subject for which he or she is an heir or assignee at any time after the death of the data subject or when the data subject is incapacitated or incapable of exercising the rights
TRUE. This pertains to the transmissibility of rights of the data subject
30
(T/F) The rights of the data subject are applicable 100% of time.
FALSE The rights of the data subject are not applicable: 1. Only used for scientific and statistical research. No activities are carried out and no decisions are taken 2. Purpose of investigations in relation to criminal, administrative, or tax liabilities
31
What is the period within which the data processor must report the breach to the National Privacy Commission?
Within 72 hours upon knowledge of or the reasonable belief by the personal information controller or personal information. This can only be delayed to the extent necessary to: -determine scope of breach -secure or restore integrity -prevent further disclosures
32
When is delay in the notification of the breach prohibited?
- Breach involves at least 100 data subjects - Disclosure will harm or adversely affect the data subject Full report is submitted within 5 days
33
When is a personal information controller or personal information processor that employs fewer than 250 people required to register
1. Processing is likely to pose a risk to the rights and freedoms of data subjects 2. Processing is not occasional 3. Processing involves sensitive personal info of at least 1,000 individuals
33
Is the personal information controller responsible for personal information under its control or custody that have been transferred to a third person for processing?
Yes. A personal information controller is responsible for personal information under its control or custody, including info that has been transferred to a third party for processing
33
Individuals designated by the personal information controller who are accountable for the organization's compliance with the Data Privacy Act
Data Protection Officer
34
Penalties for UNAUTHORIZED PROCESSING. Any person who processes personal information without the consent of the data subject or without being authorized
Personal information Imprisonment: 1 to 3 years Fine: 500K to 2M Sensitive personal information Imprisonment: 3 to 6 years Fine: 500K to 4M
35
Penalties for ACCESS Any person who, due to negligence, provided access to personal info without being authorized
Personal information Imprisonment: 1 to 3 years Fine: 500K to 2M Sensitive personal information Imprisonment: 3 to 6 years Fine: 500K to 4M
36
Penalties for CONCEALMENT OF SECURITY BREACHES INVOLVING SENSITIVE PERSONAL INFO Any person who after having knowledge of a security breach and of the obligation to notify the Commission, intentionally or by omission conceals the fact of such security breach
Imprisonment: 1.5 years to 5 years Fine: 500K to 1M
37
Penalties for MALICIOUS DISCLOSURE Any personal information controller or personal information processor who with malice and bad faith discloses unwarranted or false information relative to any personal information or personal sensitive information obtained by him or her
Imprisonment: 1.5 years to 5 years Fine: 500K to 1M
38
Penalties for UNAUTHORIZED DISCLOSURE Any personal information controller or personal information processor or any of its officials, employees, or agents, who discloses to a third party personal or sensitive personal information, not covered by Malicious Disclosure, without consent of the data subject
Personal information Imprisonment: 1 to 3 years Fine: 500K to 1M Sensitive personal information Imprisonment: 3 to 5 years Fine: 500K to 2M
39
What is the penalty for an offender who is a public official or employee who is found guilty of Improper Disposal of Personal Information and Sensitive Personal Information and Processing of Personal Information and Sensitive Personal Information for Unauthorized Persons?
In addition to the listed penalties, he will suffer perpetual or temporary absolute disqualification from office