MT6313 RA10173

Question 1

AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND COMMUNICATIONS SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER PURPOSES

Answer 1

RA 10173

Question 2

What is the title of RA 10173?

Answer 2

“Data Privacy Act of 2012′′.

Question 3

What is Section 2 of RA 10173?

Answer 3

Declaration of Policy

Question 4

What does the declaration of policy of RA 10173 state?

Answer 4

Protect the fundamental human right of privacy, of communication while ensuring free flow of information

Vital role of information and communications technology in nation- building

To ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.

Question 5

What is section 3 of RA 10173?

Answer 5

Definition of Terms

Question 6

What are the terms listed under section 3 of RA 10173?

Answer 6

a. Commission
b. Data subject
c. Personal data
d. Personal information
e. Personal information controller
f. Processing

Question 7

What does the term “commission” refer to? (RA 10173)

Answer 7

National Privacy Commission

Question 8

What does the term “data subject” refer to? (RA 10173)

Answer 8

Individual whose personal information is processed

Question 9

What does the term “personal information” refer to? (RA 10173)

Answer 9

Information on the identity of the individual in which it is apparent and can be ascertained by the entity holding the information, or when put together with other information would directly identify the individual

Question 10

What does the term “personal information controller” refer to? (RA 10173)

Answer 10

A person or organization who controls the collection, holding, processing or use of personal information, excluding people who have been instructed only to execute these functions and those who hold personal information in connection with the person’s family or household affairs

Question 11

What does the term “processing” refer to? (RA 10173)

Answer 11

Any operation performed upon personal information (collection, recording, organizing, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data)

Question 12

What is section 4 of RA 10173?

Answer 12

SCOPE

Question 13

What does RA 10173 NOT apply to?

Answer 13

Information about any individual who is or was an officer or employee of a government institution

Information about an individual who is or was performing service under contract for a government institution

Information relating to any discretionary benefit of a financial nature

Personal information processed for journalistic, artistic, literary or research purposes

Information necessary in order to carry out the functions of public authority

Information necessary for banks and other financial institutions

Personal information originally collected from residents of foreign jurisdictions

Question 14

What is section 5 of RA 10173?

Answer 14

Protection Afforded to Journalists and Their Sources.

Question 15

In section 5 of RA 10173, nothing in the act shall be construed as having amended what Republic act?

Answer 15

RA 53

Question 16

What is included in the information about any individual who is or was an officer or employee of a government institution?

Answer 16

Fact that s/he was/is an officer of the government institution

Title, business address and office telephone number

Classification, salary range and responsibilities of the position

The name of the individual on a document prepared

Question 17

In section 4(e) of RA 10173, nothing in the act should be construed as amending or repealing what republic acts?

Answer 17

RA 1405
RA 6426
RA 9510

Question 18

What is the Secrecy of Bank Deposits Act?

Answer 18

RA 1405

Question 19

What is the Foreign Currency Deposit Act?

Answer 19

RA 6426

Question 20

What is the Credit Information Systems Act?

Answer 20

RA 9510

Question 21

The information necessary for banks and other financial institutions is under the jurisdiction of?

Answer 21

Bangko Sentral ng Pilipinas or central monetary authority

Question 22

What RA does the exclusion of the information necessary for banks and other financial institutions comply with in section 4 of RA 10173?

Answer 22

RA 9160 Anti-Laundering Act and RA 9510

Question 23

Section 6 of RA 10173 is entitled?

Answer 23

Extraterritorial Application.

Question 24

Section 6 of RA 10173 states that the act applies to any action done in or out of the PH by an entity if the action, practice or processing relates to?

Answer 24

Personal information about a Philippine citizen or a resident

Question 25

Section 6 of RA 10173 states that the act applies to any action done in or out of the PH by an entity if the entity has?

Answer 25

Other links in the PH, or has links in the PH, where the entity is processing personal information in the Philippines or even if the processing is outside the Philippines as long as it is about Philippine citizens or residents

Question 26

What is section 7 of RA 10173 entitled?

Answer 26

Functions of the National Privacy Commission

Question 27

The National Privacy Commission should review, approve, reject or require modification of privacy codes voluntarily adhered to by personal information controllers, provided that? (3)

Answer 27

• That the privacy codes shall adhere to the underlying data privacy principles
• Privacy codes may include private dispute resolution mechanisms for complaints against any participating personal information controller
• The Commission shall consult with relevant regulatory agencies in the formulation and administration of privacy codes applying the standards in this Act

Question 28

Can the commission propose legislation, amendments or modifications to Philippine laws?

Answer 28

Yes

Question 29

What section of RA 10173 is Confidentiality?

Answer 29

8

Question 30

What section is the Organizational Structure of the Commission?

Answer 30

9

Question 31

The commission (RA 10173) shall be attached to?

Answer 31

Department of Information and Communications Technology (DICT)

Question 32

Who is the chairman of the National Privacy Commission?

Answer 32

Privacy Commissioner

Question 33

The chairman of the commission (RA 10173) shall be aided by?

Answer 33

Two Deputy Privacy Commissioners, 1 for Data Processing Systems and the other for Policies and Planning.

Question 34

Who appoints the chairman and the 2 deputy officers?

Answer 34

President of the Philippines

Question 35

How long is the term of the chairman and deputy officers?

Answer 35

3 yrs and then can extend to 3 more if appointed again

Question 36

Requirements for the privacy commissioner?

Answer 36

must be at least thirty-five y/o

good moral character, unquestionable integrity and known probity, and a recognized expert in the field of information technology and data privacy

shall enjoy the benefits, privileges and emoluments equivalent to the rank of Secretary

Question 37

Who is the present Privacy Commissioner or Chairman of the Commission?

Answer 37

Raymund Enriquez Liboro

Question 38

What are the requirements for the Dept. Privacy Commissioners?

Answer 38

recognized experts in the field of information and communications technology and data privacy.

shall enjoy the benefits, privileges and emoluments equivalent to the rank of Undersecretary.

Question 39

Who are the current Dept. Privacy Commissioners?

Answer 39

Leandro Angelo Aguirre
John Henry Du Naga

Question 40

What is section 10 of RA10173 entitled?

Answer 40

The Secretariat.

Question 41

Major members of the Secretariat must serve for how many years in what government agencies?

Answer 41

5 yrs in any of the following:

SSS
GSIS
LTO
BIR
PHILHEALTH
COMELEC
DFA
DOJ
PHILPOST

Question 42

What section is the General Data Privacy Principles?

Answer 42

11

Question 43

What section states that:

“The processing of personal information shall be allowed, subject to compliance with the requirements of this Act and other laws allowing disclosure of information to the public and adherence to the principles of transparency, legitimate purpose and proportionality.”

Answer 43

11

Question 44

In section 11 of RA 10173, personal information must be?

Answer 44

1. Collected for specified and legitimate purposes
2. Processed fairly and lawfully
3. Accurate, relevant and kept up to date for processing personal information
4. Adequate and not excessive in relation to the purposes for which they are collected and processed
5. Retained only for as long as necessary
6. Kept in a form which permits identification of data subjects for no longer than is necessary

Question 45

Section 12 is entitled?

Answer 45

Criteria for Lawful Processing of Personal Information

Question 46

Lawful processing of information is permissible under what conditions?

Answer 46

1. Data subject has given consent
2. Personal information is necessary and is related to the fulfillment of a contract
3. For compliance with a legal obligation
4. To protect vitally important interests
5. To respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority
6. Legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed

Question 47

What section is entitled, “Sensitive Personal Information and Privileged Information”?

Answer 47

13

Question 48

What is Section 14 and 15 entitled in RA 10173?

Answer 48

Sec 14 - Subcontract of Personal Information
Sec 15 - Extension of Privileged Communication

Question 49

According to Section 15, subject to existing laws and regulations, any evidence gathered on privileged information is inadmissible or admissible?

Answer 49

Inadmissible

Question 50

What is the title of Section 16?

Answer 50

Rights of the Data Subject

Question 51

The data subject should be furnished on what information before encoding their personal information into a processing system?

Answer 51

1. Description
2. Purpose
3. Scope and method
4. Recipients
5. Methods utilized for automated access
6. Identity and contact details of controller
7. Period of storage
8. Existence of their rights

Question 52

The data subject also has reasonable access to?

Answer 52

1. Contents of own personal information
2. Sources from where it was obtained
3. Names and addresses or recipients
4. Manner by which it was processed
5. Reasons for disclosure
6. Information on automated processes
7. Date of access and modification
8. Designation, name, identity of controller

Question 53

What is section 17 entitled?

Answer 53

Transmissibility of the Rights of the Data Subject

Question 54

Who can the rights of the data subject be transmitted to?

Answer 54

Lawful heirs

Question 55

What is section 18 entitled?

Answer 55

Right to Data Portability

Question 56

How is data portable?

Answer 56

Electronic means in structured and commonly used format

Question 57

What is section 19 entitled?

Answer 57

Non-applicability

Question 58

What section is the Security of Personal Information?

Answer 58

20

Question 59

In section 20, it states that the personal information controller must implement _____ and ______ ______,______ and _______ measures intended for the protection of personal information

Answer 59

reasonable and appropriate
organizational, physical and technical

Question 60

In section 20, it states that the personal information controller shall implement reasonable and appropriate measures to protect personal information against?

Answer 60

natural dangers

Question 61

In section 20, the determination of the appropriate level of security under this section must take into account the _____ of the personal information to be protected, the ______ represented by the processing, the ____ of the organization and _____ of its operations, current data privacy best practices and the cost of security implementation.

Answer 61

nature
risks
size
complexity

Question 62

The _____________ of a personal information controller who are involved in the processing of personal information shall operate and hold personal information ________ if the personal information are not intended for public disclosure. This obligation shall continue even after leaving the public service, transfer to another position or upon termination of employment or contractual relations.

Answer 62

employees, agents or representatives
under strict confidentiality

Question 63

The personal information controller shall promptly notify the Commission and affected data subjects when?

Answer 63

information or other information are reasonably believed to have been acquired by an unauthorized person

Question 64

Section 21 is entitled?

Answer 64

Principle of Accountability.

Question 65

Each personal information controller is responsible for?

Answer 65

personal information under its control or custody, including information that have been transferred to a third party for processing, whether domestically or internationally, subject to cross-border arrangement and cooperation.

Question 66

What section is Responsibility of Heads of Agencies?

Answer 66

22

Question 67

All sensitive personal information maintained by the government, its agencies and instrumentalities shall be?

Answer 67

secured

Question 68

Who shall be responsible for complying with the security requirements?

Answer 68

The head of each government agency or instrumentality

Question 69

What is Section 23 entitled?

Answer 69

Requirements Relating to Access by Agency Personnel to Sensitive Personal Information.

Question 70

No employee of the government shall have access to sensitive personal information on government property or through what type of facilities?

Answer 70

Online

Question 71

What kind of access is violated by sensitive personal information is being transported or accessed from a location off government property?

Answer 71

Off-site access

Question 72

In the deadline of approval or disapproval,

In the case of any request submitted to the head of an agency, such head of the agency shall approve or disapprove the request within ______ after the date of submission of the request.

Answer 72

two (2) business days

Question 73

When do you know if the request sent to the agency is disapproved?

Answer 73

If there is no action by the head of the agency

Question 74

If a request is approved, the head of the agency shall limit the access to not more than _______ at a time.

Answer 74

one thousand (1,000) records

Question 75

What is referred to as technology used to store, transport or access sensitive personal information for purposes of off-site access?

Answer 75

Encryption

Question 76

What is the title of Section 24?

Answer 76

Applicability to Government Contractors

Question 77

In entering into any contract that may involve accessing or requiring sensitive personal information from _______ individuals, an agency shall require a contractor and its employees to __________

Answer 77

one thousand (1,000) or more
register their personal information processing system

Question 78

What is Section 25 entitled?

Answer 78

Unauthorized Processing of Personal Information and Sensitive Personal Information

Question 79

What is Section 26 entitled?

Answer 79

Accessing Personal Information and Sensitive Personal Information Due to Negligence.

Question 80

What is Section 27 entitled?

Answer 80

Improper Disposal of Personal Information and Sensitive Personal Information.

Question 81

What is Section 28 entitled?

Answer 81

Processing of Personal Information and Sensitive Personal Information for Unauthorized Purposes.

Question 82

What is Section 29 entitled?

Answer 82

Unauthorized Access or Intentional Breach.

Question 83

What is Section 30 entitled?

Answer 83

Concealment of Security Breaches Involving Sensitive Personal Information.

Question 84

What is Section 31 entitled?

Answer 84

Malicious Disclosure

Question 85

What is Section 32 entitled?

Answer 85

Unauthorized Disclosure

Question 86

What is Section 33 entitled?

Answer 86

Combination or Series of Acts.

Question 87

What is the penalty for Sec 25?

Answer 87

1 year to 3 years AND
500,000 to Php2,000,000
OR
3-6yrs AND
500,000 - 4,000,000

Question 88

What is the penalty for Sec 26?

Answer 88

1 year to 3 years AND
Php500,000 to Php2,000,000
OR
3-6yrs AND
500,000 - 4,000,000

Question 89

What is the penalty for Sec 27?

Answer 89

6mos to 2yrs AND
100,000 to 500,000
OR
1yr-3yrs AND
100,000 to 1,000,000

Question 90

What is the penalty for Sec 28?

Answer 90

1yr and 6mos - 5yrs AND
500,000 to 1,000,000
OR
2yrs-7yrs
500,000 to 2,000,000

Question 91

What is the penalty for Sec 29?

Answer 91

1yr - 3yrs AND
500,000 to 2,000,000

Question 92

What is the penalty for Sec 30?

Answer 92

1yr and 6mos to 5yrs AND
500,000 to 1,000,000

Question 93

What is the penalty for Sec 31?

Answer 93

1yr and 6mos - 5yrs
500,000 - 1,000,000

Question 94

What is the penalty for Sec 32?

Answer 94

1yr - 3yrs
500,000 - 1,000,000
OR
3yrs-5yrs
500,000-2,000,000

Question 95

What is the penalty for Sec 33?

Answer 95

3yrs - 6yrs
1,000,000 - 5,000,000

Question 96

What is section 34?

Answer 96

The extent of liability

Question 97

What is contained in the extent of liability?

Answer 97

If the offender is a corporation, partnership or any juridical person
If the offender is a juridical person
If the offender is an alien
If the offender is a public official or employee (Sections 27 and 28)

Question 98

What section is entitled Large-scale?

Answer 98

35

Question 99

How is the act considered large-scale?

Answer 99

at least one hundred (100) persons is harmed, affected or involved

Question 100

What is section 36?

Answer 100

Offense Committed by Public Officer.

Question 101

What is section 37?

Answer 101

Restitution

Question 102

What section is entitled Interpretation?

Answer 102

38

Question 103

What section is Implementing Rules and Regulations (IRR)?

Answer 103

39

Question 104

When should the rules and regulations be implemented?

Answer 104

90 days from the effectivity of this Act

Question 105

What is section 40?

Answer 105

Reports and Information.

Question 106

Who shall receive reports of this act?

Answer 106

President and Congress

Question 107

What is the appropriation clause?

Answer 107

Sec 41

Question 108

The Commission shall be provided with an initial appropriation of?

Answer 108

20M drawn from the national government

Question 109

The Commission shall likewise receive ____ per year for ____ years upon implementation of this Act drawn from the national government.

Answer 109

Ten million pesos (Php10,000,000.00)
five (5)

Question 110

What is Section 42 of this act?

Answer 110

Transitory Provision

Question 111

Existing industries, businesses and offices affected by the implementation of this Act shall be given ______ transitory period from the effectivity of the IRR or such other period as may be determined by the Commission, to comply with the requirements of this Act.

Answer 111

one (1) year

Question 112

In case that the DICT has not yet been created by the time the law takes full force and effect, the National Privacy Commission shall be attached to the?

Answer 112

the Office of the President.

Question 113

What are the sections for the separability clause, repealing clause and effectivity clause?

Answer 113

Sep - 43
Rep - 44
Eff - 45

Question 114

The provision of _________, otherwise known as the _________, is hereby amended.

Answer 114

Section 7 of Republic Act No. 9372
“Human Security Act of 2007”

Question 115

Signatories of 10173?

Answer 115

President of the Senate : JUAN PONCE ENRILE
Speaker of the House of Representatives: FELICIANO BELMONTE JR.
Secretary of Senate: EMMA LIRIO-REYES
Secretary General (House of Representatives): MARILYN B. BARUA-YAP

(Sgd.) BENIGNO S. AQUINO III
President of the Philippines