RA 10173 - DATA PRIVACY ACT OF 2012 Flashcards
An act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a national privacy commission, and for other purposes.
RA 10173 - Data Privacy Act of 2012
This Act does not apply to the following:
- individual who is or was an o fficer or employee of a government
institution. - individual who is or was performing service under contract for a government institution.
- Information relating to any discretionary benefit of a financial nature.
- Personal information processed for journalistic, artistic, literary or research purposes.
- Information necessary in order to carry out the functions of public authority.
- Information necessary for banks and other financial institutions.
- Personal information originally collected from
residents of foreign jurisdictions.
RA where publishers, editors or duly accredited reporters
of any newspaper, magazine or periodical of general circulation protection from being compelled to reveal the source of any news report or information appearing in said publication which was related in any confidence to such publisher, editor, or reporter.
Republic Act No. 53
It refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her.
Consent of the Data Subject
refers to an individual whose personal information is processed.
Data Subject
refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
Personal Information
refers to communication by whatever means of any advertising or marketing material which is directed to particular individuals.
Direct Marketing
refers to any act of information relating to natural or juridical person in such a way that specific information relating to a particular person is readily accessible.
Filing system
refers to a system for generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents
Information and Communications System
refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.
Personal Information Controller
refers to any natural or juridical person qualified to act as such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.
Personal information processor
refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data
Processing
refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.
Privileged Information
Which entity has central management and control in the country?
Juridicial Entity
This ensure compliance of personal information controllers
National Privacy Commission
shall ensure at all times the confidentiality of any personal information that comes to its knowledge and possession.
The commission
Two Deputy Privacy Commissioners:
- Data Processing Systems
- Policies and Planning
What are the components of the organizational structure of the Commission?
β Department of Information and Communications Technology
β Privacy Commissioner/Chairman of the Commission.
β Two Deputy Privacy Commissioners
Who appoints the Organizational Structure of the Commission?
President of the Philippines
A privacy commissioner must be how old?
At least 35 years of age
The Privacy Commissioner shall enjoy the benefits, privileges and emoluments equivalent to the rank of __________
Secretary
Who is the Privacy Commissioner and Chairman
Raymund Enriquez Liboro
recognized experts in the field of information and communications technology and data privacy.
Deputy Privacy Commissioner
Deputy Private Commissioners shall enjoy the benefits, privileges and emoluments equivalent to the rank of _________
Undersecretary
Who are the Deputy Privacy Commissioners?
Leandro Angelo Y. Aguirre and John Henry Du Naga
Majority of the members of the Secretariat must have served for at least how many years in any agency of the government that is involved in the processing of personal information?
5 years
Who may subcontract the processing of personal information?
Personal information controller
may invoke the principle of privileged communication over privileged information that they lawfully control or process.
Personal information controllers
May invoke the rights of the data subject for, which he or she is an heir or assignee at any time after the death of the data subject or when the data subject is incapacitated or incapable of exercising the rights as enumerated in the immediately preceding section
Lawful heirs and assigns of the data subject
Who shall the personal information controller notify when sensitive personal information or other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person?
The Commission and affected data subjects
T/F: No employee of the government shall have access to sensitive personal information on government property or through online facilities
T
What is the limitation of records for off-site access to sensitive information?
1,000 Records
Penalty for Unauthorized Processing of Personal Information and Sensitive
Personal Information
Imprisonment ranging from 1 year to 3 years and a fine of not less than Php 500,000 but not more than Php 2,000,000.
Penalty for Accessing Information Sensitive Information Negligence.
Imprisonment ranging from 3 years to 6 years and a fine of not less than Php500,000 but not more than Php4,000,000
Penalty for Improper Disposal of Personal Information
imprisonment ranging from 6 months to 2 years and a fine of not less than Php 100,000 but not more than Php500,000.
Penalty for Processing of Personal Information for Unauthorized Purposes.
Imprisonment ranging from 1 year and 6 months to 5 years and a fine of not less than Php500,000 but not more than Php1,000,000.
Penalty for Unauthorized Access or Intentional Breach.
imprisonment ranging from 1 year to 3 years and a fine of not less than Php500,000 but not more than Php2,000,000.
Penalty for Concealment of Security Breaches Involving Sensitive Personal Information.
imprisonment of one 1 year and 6 months to 5 years and a fine of not less than Php500,000 but not more than Php 1,000,000.
Penalty for Malicious Disclosure
imprisonment ranging from 1 year and 6 months to 5 years and a fine of not less than Php500,000 but not more than Php 1,000,000.
Penalty for Unauthorized Disclosure of Personal Information
imprisonment ranging from 1 year to 3 years and a fine of not less than Php500,000 but not more than Php 1,000,000
Penalty for Combination or Series of Acts
imprisonment ranging from 3 years to 6 years and a fine of not less than Php1,000,000 but not more than Php5,000,000.
If the offender is a corporation, partnership or any juridicial the penalty shall be imposed upon who?
responsible officers, as the case may be, who participated in, or by their gross negligence, allowed the commission of the crime.
What is meant by βlarge-scaleβ in this law?
At least one hundred (100) persons are harmed, affected or involved
What is the accessory penalty for offense committed by public officer?
disqualification to occupy public office for a term double the term of criminal penalty imposed shall be applied.
Restitution for any aggrieved party shall be governed by the provisions of what?
New Civil Code
Who shall undertake whatever efforts it may determine to be necessary or appropriate to inform and educate the public of data privacy, data protection and fair information rights and responsibilities?
The Commission
Who shall The Commission report to in carrying out the provisions of this Act?
President and Congress
The Commission shall be provided with an initial appropriation of how much?
20 million pesos
How much shall the commission receive per 5 years of implementation of this act?
10 million pesos
How many years of transitory period do existing industries, businesses and offices affected by the implementation of this Act be given to comply to the requirements?
1 year
Who is the president of the Philippines that signed into this law?
Benigno S. Aquino III
Who is the president of the senate during the implementation of this law?
Juan Ponce Enrile
What is the penalty for improper disposal of sensitive personal information
imprisonment ranging from one (1) year to three (3) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but not more than One million pesos (Php1,000,000.00)
What is the penalty for sensitive personal information for unauthorized purposes
imprisonment ranging from two (2) years to seven (7) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00)
What is the penalty for unauthorized disclosure of Sensitive Personal Information
Imprisonment ranging from 3 years to 5 years and a fine of not less than Php 500,000 but not more than Php 2,000,000
If the offender is a juridicial person, who may suspend or revoke any of its rights under this act?
The court
What is the penalty if the offender is an alien?
He/She shall be deported without further proceedings after serving the penalties prescribed.
What is the penalty if the offended is a public official or employee
perpetual or temporary absolute disqualification from office
Who is in charge of administering and implementing RA 10173?
National Privacy Commission (NPC)
Date of Approval of RA 10173
August 15, 2012