MT6313 RA10173 Flashcards
AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND COMMUNICATIONS SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER PURPOSES
RA 10173
What is the title of RA 10173?
“Data Privacy Act of 2012′′.
What is Section 2 of RA 10173?
Declaration of Policy
What does the declaration of policy of RA 10173 state?
Protect the fundamental human right of privacy, of communication while ensuring free flow of information
Vital role of information and communications technology in nation- building
To ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.
What is section 3 of RA 10173?
Definition of Terms
What are the terms listed under section 3 of RA 10173?
a. Commission
b. Data subject
c. Personal data
d. Personal information
e. Personal information controller
f. Processing
What does the term “commission” refer to? (RA 10173)
National Privacy Commission
What does the term “data subject” refer to? (RA 10173)
Individual whose personal information is processed
What does the term “personal information” refer to? (RA 10173)
Information on the identity of the individual in which it is apparent and can be ascertained by the entity holding the information, or when put together with other information would directly identify the individual
What does the term “personal information controller” refer to? (RA 10173)
A person or organization who controls the collection, holding, processing or use of personal information, excluding people who have been instructed only to execute these functions and those who hold personal information in connection with the person’s family or household affairs
What does the term “processing” refer to? (RA 10173)
Any operation performed upon personal information (collection, recording, organizing, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data)
What is section 4 of RA 10173?
SCOPE
What does RA 10173 NOT apply to?
Information about any individual who is or was an officer or employee of a government institution
Information about an individual who is or was performing service under contract for a government institution
Information relating to any discretionary benefit of a financial nature
Personal information processed for journalistic, artistic, literary or research purposes
Information necessary in order to carry out the functions of public authority
Information necessary for banks and other financial institutions
Personal information originally collected from residents of foreign jurisdictions
What is section 5 of RA 10173?
Protection Afforded to Journalists and Their Sources.
In section 5 of RA 10173, nothing in the act shall be construed as having amended what Republic act?
RA 53
What is included in the information about any individual who is or was an officer or employee of a government institution?
Fact that s/he was/is an officer of the government institution
Title, business address and office telephone number
Classification, salary range and responsibilities of the position
The name of the individual on a document prepared
In section 4(e) of RA 10173, nothing in the act should be construed as amending or repealing what republic acts?
RA 1405
RA 6426
RA 9510
What is the Secrecy of Bank Deposits Act?
RA 1405
What is the Foreign Currency Deposit Act?
RA 6426
What is the Credit Information Systems Act?
RA 9510
The information necessary for banks and other financial institutions is under the jurisdiction of?
Bangko Sentral ng Pilipinas or central monetary authority
What RA does the exclusion of the information necessary for banks and other financial institutions comply with in section 4 of RA 10173?
RA 9160 Anti-Laundering Act and RA 9510
Section 6 of RA 10173 is entitled?
Extraterritorial Application.
Section 6 of RA 10173 states that the act applies to any action done in or out of the PH by an entity if the action, practice or processing relates to?
Personal information about a Philippine citizen or a resident
Section 6 of RA 10173 states that the act applies to any action done in or out of the PH by an entity if the entity has?
Other links in the PH, or has links in the PH, where the entity is processing personal information in the Philippines or even if the processing is outside the Philippines as long as it is about Philippine citizens or residents
What is section 7 of RA 10173 entitled?
Functions of the National Privacy Commission
The National Privacy Commission should review, approve, reject or require modification of privacy codes voluntarily adhered to by personal information controllers, provided that? (3)
- That the privacy codes shall adhere to the underlying data privacy principles
- Privacy codes may include private dispute resolution mechanisms for complaints against any participating personal information controller
- The Commission shall consult with relevant regulatory agencies in the formulation and administration of privacy codes applying the standards in this Act
Can the commission propose legislation, amendments or modifications to Philippine laws?
Yes
What section of RA 10173 is Confidentiality?
8
What section is the Organizational Structure of the Commission?
9
The commission (RA 10173) shall be attached to?
Department of Information and Communications Technology (DICT)
Who is the chairman of the National Privacy Commission?
Privacy Commissioner
The chairman of the commission (RA 10173) shall be aided by?
Two Deputy Privacy Commissioners, 1 for Data Processing Systems and the other for Policies and Planning.
Who appoints the chairman and the 2 deputy officers?
President of the Philippines
How long is the term of the chairman and deputy officers?
3 yrs and then can extend to 3 more if appointed again
Requirements for the privacy commissioner?
must be at least thirty-five y/o
good moral character, unquestionable integrity and known probity, and a recognized expert in the field of information technology and data privacy
shall enjoy the benefits, privileges and emoluments equivalent to the rank of Secretary
Who is the present Privacy Commissioner or Chairman of the Commission?
Raymund Enriquez Liboro
What are the requirements for the Dept. Privacy Commissioners?
recognized experts in the field of information and communications technology and data privacy.
shall enjoy the benefits, privileges and emoluments equivalent to the rank of Undersecretary.
Who are the current Dept. Privacy Commissioners?
Leandro Angelo Aguirre
John Henry Du Naga
What is section 10 of RA10173 entitled?
The Secretariat.
Major members of the Secretariat must serve for how many years in what government agencies?
5 yrs in any of the following:
SSS
GSIS
LTO
BIR
PHILHEALTH
COMELEC
DFA
DOJ
PHILPOST
What section is the General Data Privacy Principles?
11
What section states that:
“The processing of personal information shall be allowed, subject to compliance with the requirements of this Act and other laws allowing disclosure of information to the public and adherence to the principles of transparency, legitimate purpose and proportionality.”
11
In section 11 of RA 10173, personal information must be?
- Collected for specified and legitimate purposes
- Processed fairly and lawfully
- Accurate, relevant and kept up to date for processing personal information
- Adequate and not excessive in relation to the purposes for which they are collected and processed
- Retained only for as long as necessary
- Kept in a form which permits identification of data subjects for no longer than is necessary
Section 12 is entitled?
Criteria for Lawful Processing of Personal Information
Lawful processing of information is permissible under what conditions?
- Data subject has given consent
- Personal information is necessary and is related to the fulfillment of a contract
- For compliance with a legal obligation
- To protect vitally important interests
- To respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority
- Legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed
What section is entitled, “Sensitive Personal Information and Privileged Information”?
13
What is Section 14 and 15 entitled in RA 10173?
Sec 14 - Subcontract of Personal Information
Sec 15 - Extension of Privileged Communication
According to Section 15, subject to existing laws and regulations, any evidence gathered on privileged information is inadmissible or admissible?
Inadmissible
What is the title of Section 16?
Rights of the Data Subject
The data subject should be furnished on what information before encoding their personal information into a processing system?
- Description
- Purpose
- Scope and method
- Recipients
- Methods utilized for automated access
- Identity and contact details of controller
- Period of storage
- Existence of their rights
The data subject also has reasonable access to?
- Contents of own personal information
- Sources from where it was obtained
- Names and addresses or recipients
- Manner by which it was processed
- Reasons for disclosure
- Information on automated processes
- Date of access and modification
- Designation, name, identity of controller
What is section 17 entitled?
Transmissibility of the Rights of the Data Subject
Who can the rights of the data subject be transmitted to?
Lawful heirs
What is section 18 entitled?
Right to Data Portability
How is data portable?
Electronic means in structured and commonly used format
What is section 19 entitled?
Non-applicability
What section is the Security of Personal Information?
20
In section 20, it states that the personal information controller must implement _____ and ______ ______,______ and _______ measures intended for the protection of personal information
reasonable and appropriate
organizational, physical and technical
In section 20, it states that the personal information controller shall implement reasonable and appropriate measures to protect personal information against?
natural dangers
In section 20, the determination of the appropriate level of security under this section must take into account the _____ of the personal information to be protected, the ______ represented by the processing, the ____ of the organization and _____ of its operations, current data privacy best practices and the cost of security implementation.
nature
risks
size
complexity
The _____________ of a personal information controller who are involved in the processing of personal information shall operate and hold personal information ________ if the personal information are not intended for public disclosure. This obligation shall continue even after leaving the public service, transfer to another position or upon termination of employment or contractual relations.
employees, agents or representatives
under strict confidentiality
The personal information controller shall promptly notify the Commission and affected data subjects when?
information or other information are reasonably believed to have been acquired by an unauthorized person
Section 21 is entitled?
Principle of Accountability.
Each personal information controller is responsible for?
personal information under its control or custody, including information that have been transferred to a third party for processing, whether domestically or internationally, subject to cross-border arrangement and cooperation.
What section is Responsibility of Heads of Agencies?
22
All sensitive personal information maintained by the government, its agencies and instrumentalities shall be?
secured
Who shall be responsible for complying with the security requirements?
The head of each government agency or instrumentality
What is Section 23 entitled?
Requirements Relating to Access by Agency Personnel to Sensitive Personal Information.
No employee of the government shall have access to sensitive personal information on government property or through what type of facilities?
Online
What kind of access is violated by sensitive personal information is being transported or accessed from a location off government property?
Off-site access
In the deadline of approval or disapproval,
In the case of any request submitted to the head of an agency, such head of the agency shall approve or disapprove the request within ______ after the date of submission of the request.
two (2) business days
When do you know if the request sent to the agency is disapproved?
If there is no action by the head of the agency
If a request is approved, the head of the agency shall limit the access to not more than _______ at a time.
one thousand (1,000) records
What is referred to as technology used to store, transport or access sensitive personal information for purposes of off-site access?
Encryption
What is the title of Section 24?
Applicability to Government Contractors
In entering into any contract that may involve accessing or requiring sensitive personal information from _______ individuals, an agency shall require a contractor and its employees to __________
one thousand (1,000) or more
register their personal information processing system
What is Section 25 entitled?
Unauthorized Processing of Personal Information and Sensitive Personal Information
What is Section 26 entitled?
Accessing Personal Information and Sensitive Personal Information Due to Negligence.
What is Section 27 entitled?
Improper Disposal of Personal Information and Sensitive Personal Information.
What is Section 28 entitled?
Processing of Personal Information and Sensitive Personal Information for Unauthorized Purposes.
What is Section 29 entitled?
Unauthorized Access or Intentional Breach.
What is Section 30 entitled?
Concealment of Security Breaches Involving Sensitive Personal Information.
What is Section 31 entitled?
Malicious Disclosure
What is Section 32 entitled?
Unauthorized Disclosure
What is Section 33 entitled?
Combination or Series of Acts.
What is the penalty for Sec 25?
1 year to 3 years AND
500,000 to Php2,000,000
OR
3-6yrs AND
500,000 - 4,000,000
What is the penalty for Sec 26?
1 year to 3 years AND
Php500,000 to Php2,000,000
OR
3-6yrs AND
500,000 - 4,000,000
What is the penalty for Sec 27?
6mos to 2yrs AND
100,000 to 500,000
OR
1yr-3yrs AND
100,000 to 1,000,000
What is the penalty for Sec 28?
1yr and 6mos - 5yrs AND
500,000 to 1,000,000
OR
2yrs-7yrs
500,000 to 2,000,000
What is the penalty for Sec 29?
1yr - 3yrs AND
500,000 to 2,000,000
What is the penalty for Sec 30?
1yr and 6mos to 5yrs AND
500,000 to 1,000,000
What is the penalty for Sec 31?
1yr and 6mos - 5yrs
500,000 - 1,000,000
What is the penalty for Sec 32?
1yr - 3yrs
500,000 - 1,000,000
OR
3yrs-5yrs
500,000-2,000,000
What is the penalty for Sec 33?
3yrs - 6yrs
1,000,000 - 5,000,000
What is section 34?
The extent of liability
What is contained in the extent of liability?
If the offender is a corporation, partnership or any juridical person
If the offender is a juridical person
If the offender is an alien
If the offender is a public official or employee (Sections 27 and 28)
What section is entitled Large-scale?
35
How is the act considered large-scale?
at least one hundred (100) persons is harmed, affected or involved
What is section 36?
Offense Committed by Public Officer.
What is section 37?
Restitution
What section is entitled Interpretation?
38
What section is Implementing Rules and Regulations (IRR)?
39
When should the rules and regulations be implemented?
90 days from the effectivity of this Act
What is section 40?
Reports and Information.
Who shall receive reports of this act?
President and Congress
What is the appropriation clause?
Sec 41
The Commission shall be provided with an initial appropriation of?
20M drawn from the national government
The Commission shall likewise receive ____ per year for ____ years upon implementation of this Act drawn from the national government.
Ten million pesos (Php10,000,000.00)
five (5)
What is Section 42 of this act?
Transitory Provision
Existing industries, businesses and offices affected by the implementation of this Act shall be given ______ transitory period from the effectivity of the IRR or such other period as may be determined by the Commission, to comply with the requirements of this Act.
one (1) year
In case that the DICT has not yet been created by the time the law takes full force and effect, the National Privacy Commission shall be attached to the?
the Office of the President.
What are the sections for the separability clause, repealing clause and effectivity clause?
Sep - 43
Rep - 44
Eff - 45
The provision of _________, otherwise known as the _________, is hereby amended.
Section 7 of Republic Act No. 9372
“Human Security Act of 2007”
Signatories of 10173?
President of the Senate : JUAN PONCE ENRILE
Speaker of the House of Representatives: FELICIANO BELMONTE JR.
Secretary of Senate: EMMA LIRIO-REYES
Secretary General (House of Representatives): MARILYN B. BARUA-YAP
(Sgd.) BENIGNO S. AQUINO III
President of the Philippines
