L5.1: RA 10173 - Data Privacy Act of 2012

Question 1

This law aims to protect the fundamental human right of _______, of communication while ensuring free flow of ________ to promote innovation and growth

Answer 1

1. Privacy
2. Information

Question 2

RA 10173 aims to “protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth” is based off of what law (include the specific chapter and section)

Answer 2

RA 10173, Chapter 1, Section 2

Question 3

RA 10173 also established this entity which enforces and oversees data protection

Answer 3

National Privacy Commission

Question 4

T or F: The National Privacy Commission is endowed with judiciary power

Answer 4

False (rule-making power)

Question 5

When did the final IRRs of RA 10173 come into force?

Answer 5

Sept. 9, 2016

Question 6

RA 10173 is a law that addresses what kind of crimes and concerns (clue: it’s not privacy-related crimes and concerns, think more broadly)

Answer 6

Contemporary

Question 7

IRRs that added specificity to the act:

(1) It protects the ________ of individuals while ensuring the free flow of information to promote innovation and growth

Answer 7

Privacy

Question 8

IRRs that added specificity to the act:

(2) It ________ the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of ________ data

Answer 8

1. Regulates
2. Personal

Question 9

IRRs that added specificity to the act:

(3) It ensures that the country complies with ______ standards set for data protection through the National Privacy Commission (NPC)

Answer 9

International

Question 10

People whose personal information is collected, stored, and processed are called as what?

Answer 10

Data Subjects

Question 11

Organizations that deal with your personal details, whereabouts, and preferences are ________ to observe and respect your data privacy rights

Answer 11

Duty-bound

Question 12

If you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, the data subject has a right to file a ________

Answer 12

Complaint

Question 13

The law has ________ application, applying not only to businesses with offices in the PH, but when equipment based in the PH is used for processing

Answer 13

Extraterritorial

Question 14

T or F: The act applies to the processing of personal information of PH citizens regardless of where they reside

Answer 14

True (they have extraterritorial applications)

Question 15

T or F: The law applies to the processing of personal information in the PH which was lawfully collected from residents of foreign jurisdictions

Answer 15

False

Question 16

The exception of not processing the information of residents of foreign jurisdictions is helpful for PH companies that offer what kind of services?

Answer 16

Cloud Services

Question 17

The PH law takes the approach that the processing of personal data shall be allowed subject to adherence to the principles of what 3 concepts?

Answer 17

1. Transparency
2. Legitimate purpose
3. Proportionality

Question 18

The collection of personal data must be a ________, _________, and _________ purpose

Answer 18

1. Declared
2. Specified
3. Legitimate

Question 19

________ is required prior to the collection of personal data

Answer 19

Consent

Question 20

When obtaining consent, the data subject should be informed about _____ and _______ of processing

Answer 20

Extent and Purpose

Question 21

The ________ processing of their personal data for profiling or for direct marketing and data sharing requires consent

Answer 21

Automated

Question 22

T or F: Consent is not as strictly implemented anymore when data is shared between affiliates and mother companies

Answer 22

False (still required)

Question 23

Consent is not required for processing where the data subject is a party to a _________ for the purposes of fulfilling it

Answer 23

Contractual Agreement

Question 24

Exceptions to ______ with a legal obligation upon the data controller, protection of the data subject’s vital interests, and response to national emergencies are also available

Answer 24

Compliance

Question 25

Exceptions to ________ is allowed where processing is necessary to pursue the legitimate interests of the data controller

Answer 25

Consent

Question 26

Exceptions to consent are not applicable when overridden by the fundamental ______ and ______ of the data subject

Answer 26

Rights and Freedoms

Question 27

The law requires that when sharing data, it must be covered by an agreement that provides adequate ______ for the rights of the data subjects

Answer 27

Safeguards

Question 28

Agreements by the data controllers and data subjects are subject to _______ by the National Privacy Commission

Answer 28

Review

Question 29

What type of information is being described?

Race, ethnic origin, marital status, age, color, religion, health, education, genetic/sexual life, SSS numbers, and those marked as “classified” by EOs or an act of Congress

Answer 29

Sensitive Personal and Privileged Information

Question 30

State whether the processing of sensitive information is prohibited or allowed:

When there is consent of the data controller

Answer 30

Prohibited (must be consent of data subject)

Question 31

State whether the processing of sensitive information is prohibited or allowed:

Pursuant to a law that does not require consent to proceed

Answer 31

Allowed

Question 32

State whether the processing of sensitive information is prohibited or allowed:

There is a necessity to protect the life and health of a person

Answer 32

Allowed

Question 33

State whether the processing of sensitive information is prohibited or allowed:

For medical treatment

Answer 33

Allowed

Question 34

State whether the processing of sensitive information is prohibited or allowed:

There is a necessity to override the lawful rights of data subjects in court/legal proceedings, or regulation

Answer 34

Prohibited (the necessity to PROTECT the lawful rights)