L5.1: RA 10173 - Data Privacy Act of 2012 Flashcards
This law aims to protect the fundamental human right of _______, of communication while ensuring free flow of ________ to promote innovation and growth
- Privacy
- Information
RA 10173 aims to “protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth” is based off of what law (include the specific chapter and section)
RA 10173, Chapter 1, Section 2
RA 10173 also established this entity which enforces and oversees data protection
National Privacy Commission
T or F: The National Privacy Commission is endowed with judiciary power
False (rule-making power)
When did the final IRRs of RA 10173 come into force?
Sept. 9, 2016
RA 10173 is a law that addresses what kind of crimes and concerns (clue: it’s not privacy-related crimes and concerns, think more broadly)
Contemporary
IRRs that added specificity to the act:
(1) It protects the ________ of individuals while ensuring the free flow of information to promote innovation and growth
Privacy
IRRs that added specificity to the act:
(2) It ________ the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of ________ data
- Regulates
- Personal
IRRs that added specificity to the act:
(3) It ensures that the country complies with ______ standards set for data protection through the National Privacy Commission (NPC)
International
People whose personal information is collected, stored, and processed are called as what?
Data Subjects
Organizations that deal with your personal details, whereabouts, and preferences are ________ to observe and respect your data privacy rights
Duty-bound
If you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, the data subject has a right to file a ________
Complaint
The law has ________ application, applying not only to businesses with offices in the PH, but when equipment based in the PH is used for processing
Extraterritorial
T or F: The act applies to the processing of personal information of PH citizens regardless of where they reside
True (they have extraterritorial applications)
T or F: The law applies to the processing of personal information in the PH which was lawfully collected from residents of foreign jurisdictions
False
The exception of not processing the information of residents of foreign jurisdictions is helpful for PH companies that offer what kind of services?
Cloud Services
The PH law takes the approach that the processing of personal data shall be allowed subject to adherence to the principles of what 3 concepts?
- Transparency
- Legitimate purpose
- Proportionality
The collection of personal data must be a ________, _________, and _________ purpose
- Declared
- Specified
- Legitimate
________ is required prior to the collection of personal data
Consent
When obtaining consent, the data subject should be informed about _____ and _______ of processing
Extent and Purpose
The ________ processing of their personal data for profiling or for direct marketing and data sharing requires consent
Automated
T or F: Consent is not as strictly implemented anymore when data is shared between affiliates and mother companies
False (still required)
Consent is not required for processing where the data subject is a party to a _________ for the purposes of fulfilling it
Contractual Agreement
Exceptions to ______ with a legal obligation upon the data controller, protection of the data subject’s vital interests, and response to national emergencies are also available
Compliance
Exceptions to ________ is allowed where processing is necessary to pursue the legitimate interests of the data controller
Consent
Exceptions to consent are not applicable when overridden by the fundamental ______ and ______ of the data subject
Rights and Freedoms
The law requires that when sharing data, it must be covered by an agreement that provides adequate ______ for the rights of the data subjects
Safeguards
Agreements by the data controllers and data subjects are subject to _______ by the National Privacy Commission
Review
What type of information is being described?
Race, ethnic origin, marital status, age, color, religion, health, education, genetic/sexual life, SSS numbers, and those marked as “classified” by EOs or an act of Congress
Sensitive Personal and Privileged Information
State whether the processing of sensitive information is prohibited or allowed:
When there is consent of the data controller
Prohibited (must be consent of data subject)
State whether the processing of sensitive information is prohibited or allowed:
Pursuant to a law that does not require consent to proceed
Allowed
State whether the processing of sensitive information is prohibited or allowed:
There is a necessity to protect the life and health of a person
Allowed
State whether the processing of sensitive information is prohibited or allowed:
For medical treatment
Allowed
State whether the processing of sensitive information is prohibited or allowed:
There is a necessity to override the lawful rights of data subjects in court/legal proceedings, or regulation
Prohibited (the necessity to PROTECT the lawful rights)
