Data Privacy Act Flashcards

1
Q

Commission in the Data Privacy Act

A

National Privacy Commission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Any freely given, specific, informed indication of will.

A

Consent of data subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Individual whose personal info is processed

A

Data subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Any act of information relating to natural or judicial persons to the extent that set is structured so that specific information relating to a particular person is readily accessible

A

Filing system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

System for generating, receiving, storing or processing electronic data messages or electronic documents

A

Information and Communication System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Person or organization who controls the collection, holding, processing or use of personal information

A

Personal information controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Person or organization who controls the collection, holding, processing or use of personal information is not a PERSONAL INFORMATION CONTROLLER if:

A
  1. Performs functions as instructed by another person/organization
  2. Processes personal info in connection with personal family or household affairs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

To whom a personal information controller may outsource the processing of personal data

A

Personal information processor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the scope of application of the Data Privacy Act?

A
  1. Processing of all types of personal info
  2. Any natural or juridical person involved in personal information processing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Privacy Act does not apply in the following cases:

A
  1. Info about any individual who is/was an officer of a government institution
  2. person performing service under contract for a government institution
  3. discretionary benefit of a financial nature
  4. personal info processed for journalistic, artistic, literary or research purposes
  5. info necessary to carry out functions of public authority
  6. info necessary for banks and other financial institutions
  7. personal info collected from residents of foreign jurisdictions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Does the Data Privacy Act have extraterritorial application? Does it apply to an act done or practice engaged in outside the Philippines?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three data privacy principles under which processing of personal information is allowed?

A
  1. Principle of proportionality
  2. Principle of legitimate purpose
  3. Principle of transparency
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Information from which the identity of an individual is apparent, can be reasonably or directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual

A

Personal information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Who must ensure implementation of personal information processing principles?

A

Personal information controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are considered privileged information?

A
  • Attorney-client privileged info
  • Doctor-patient privileged info
  • Marital privileged communication
  • Priest-confessor privileged info
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is included in SENSITIVE PERSONAL INFORMATION?

A
  1. race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations
  2. health, education, genetic or sexual life, proceedings for any offenses committed or alleged to have been committed, disposal of any proceedings, or the sentence of any court
  3. issued by government agencies peculiar to the individual (social security numbers, previous or current health records, licenses or its denials, suspension or revocation, tax returns)
  4. specifically established by an EO or act of Congress to be kept classified
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Who is responsible for ensuring that proper safeguards are in place to ensure:
1. the confidentiality of the personal information processor
2. prevent its use for unauthorized purposes
3. comply with the requirements of the Data Privacy Act and other laws for the processing of personal information

A

Personal information controller

18
Q

Identify if personal info, sensitive personal info or privileged info

Gender

A

Personal info

19
Q

Identify if personal info, sensitive personal info or privileged info

School graduated from and date graduated

A

Sensitive personal info

20
Q

Identify if personal info, sensitive personal info or privileged info

Laptop’s IP address

A

Personal info

21
Q

Identify if personal info, sensitive personal info or privileged info

Email address

A

Personal info

22
Q

Identify if personal info, sensitive personal info or privileged info

Bank account number

A

Sensitive personal info

23
Q

Identify if personal info, sensitive personal info or privileged info

Home address

A

Personal info

24
Q

Identify if personal info, sensitive personal info or privileged info

Income tax return

A

Sensitive personal info

25
Q

Identify if personal info, sensitive personal info or privileged info

Location

A

Personal info

26
Q

Identify if personal info, sensitive personal info or privileged info

Court cases filed against the individual

A

Sensitive personal info

27
Q

Disclosures made to an auditor

A

Privileged info

28
Q

What are the eight rights of a data subject?

A
  1. Right to Informed Consent
  2. Right to Object
  3. Right to Withhold Consent
  4. Right to Access
  5. Right to Correction
  6. Right to Erasure
  7. Right to Damages
  8. Right to Data Portability
29
Q

(T/F) The lawful heirs and assigns of the data subject may invoke the right of the data subject for which he or she is an heir or assignee at any time after the death of the data subject or when the data subject is incapacitated or incapable of exercising the rights

A

TRUE.

This pertains to the transmissibility of rights of the data subject

30
Q

(T/F) The rights of the data subject are applicable 100% of time.

A

FALSE

The rights of the data subject are not applicable:

  1. Only used for scientific and statistical research. No activities are carried out and no decisions are taken
  2. Purpose of investigations in relation to criminal, administrative, or tax liabilities
31
Q

What is the period within which the data processor must report the breach to the National Privacy Commission?

A

Within 72 hours upon knowledge of or the reasonable belief by the personal information controller or personal information.

This can only be delayed to the extent necessary to:
-determine scope of breach
-secure or restore integrity
-prevent further disclosures

32
Q

When is delay in the notification of the breach prohibited?

A
  • Breach involves at least 100 data subjects
  • Disclosure will harm or adversely affect the data subject

Full report is submitted within 5 days

33
Q

When is a personal information controller or personal information processor that employs fewer than 250 people required to register

A
  1. Processing is likely to pose a risk to the rights and freedoms of data subjects
  2. Processing is not occasional
  3. Processing involves sensitive personal info of at least 1,000 individuals
33
Q

Is the personal information controller responsible for personal information under its control or custody that have been transferred to a third person for processing?

A

Yes.

A personal information controller is responsible for personal information under its control or custody, including info that has been transferred to a third party for processing

33
Q

Individuals designated by the personal information controller who are accountable for the organization’s compliance with the Data Privacy Act

A

Data Protection Officer

34
Q

Penalties for UNAUTHORIZED PROCESSING.

Any person who processes personal information without the consent of the data subject or without being authorized

A

Personal information
Imprisonment: 1 to 3 years
Fine: 500K to 2M

Sensitive personal information
Imprisonment: 3 to 6 years
Fine: 500K to 4M

35
Q

Penalties for ACCESS

Any person who, due to negligence, provided access to personal info without being authorized

A

Personal information
Imprisonment: 1 to 3 years
Fine: 500K to 2M

Sensitive personal information
Imprisonment: 3 to 6 years
Fine: 500K to 4M

36
Q

Penalties for CONCEALMENT OF SECURITY BREACHES INVOLVING SENSITIVE PERSONAL INFO

Any person who after having knowledge of a security breach and of the obligation to notify the Commission, intentionally or by omission conceals the fact of such security breach

A

Imprisonment: 1.5 years to 5 years
Fine: 500K to 1M

37
Q

Penalties for MALICIOUS DISCLOSURE

Any personal information controller or personal information processor who with malice and bad faith discloses unwarranted or false information relative to any personal information or personal sensitive information obtained by him or her

A

Imprisonment: 1.5 years to 5 years
Fine: 500K to 1M

38
Q

Penalties for UNAUTHORIZED DISCLOSURE

Any personal information controller or personal information processor or any of its officials, employees, or agents, who discloses to a third party personal or sensitive personal information, not covered by Malicious Disclosure, without consent of the data subject

A

Personal information
Imprisonment: 1 to 3 years
Fine: 500K to 1M

Sensitive personal information
Imprisonment: 3 to 5 years
Fine: 500K to 2M

39
Q

What is the penalty for an offender who is a public official or employee who is found guilty of Improper Disposal of Personal Information and Sensitive Personal Information and Processing of Personal Information and Sensitive Personal Information for Unauthorized Persons?

A

In addition to the listed penalties, he will suffer perpetual or temporary absolute disqualification from office