RA 10173 - DATA PRIVACY ACT OF 2012

Question 1

An act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a national privacy commission, and for other purposes.

Answer 1

RA 10173 - Data Privacy Act of 2012

Question 2

This Act does not apply to the following:

Answer 2

• individual who is or was an o fficer or employee of a government
  institution.
• individual who is or was performing service under contract for a government institution.
• Information relating to any discretionary benefit of a financial nature.
• Personal information processed for journalistic, artistic, literary or research purposes.
• Information necessary in order to carry out the functions of public authority.
• Information necessary for banks and other financial institutions.
• Personal information originally collected from
  residents of foreign jurisdictions.

Question 3

RA where publishers, editors or duly accredited reporters
of any newspaper, magazine or periodical of general circulation protection from being compelled to reveal the source of any news report or information appearing in said publication which was related in any confidence to such publisher, editor, or reporter.

Answer 3

Republic Act No. 53

Question 4

It refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her.

Answer 4

Consent of the Data Subject

Question 5

refers to an individual whose personal information is processed.

Answer 5

Data Subject

Question 6

refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

Answer 6

Personal Information

Question 7

refers to communication by whatever means of any advertising or marketing material which is directed to particular individuals.

Answer 7

Direct Marketing

Question 8

refers to any act of information relating to natural or juridical person in such a way that specific information relating to a particular person is readily accessible.

Answer 8

Filing system

Question 9

refers to a system for generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents

Answer 9

Information and Communications System

Question 10

refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.

Answer 10

Personal Information Controller

Question 11

refers to any natural or juridical person qualified to act as such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.

Answer 11

Personal information processor

Question 12

refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data

Answer 12

Processing

Question 13

refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.

Answer 13

Privileged Information

Question 14

Which entity has central management and control in the country?

Answer 14

Juridicial Entity

Question 15

This ensure compliance of personal information controllers

Answer 15

National Privacy Commission

Question 16

shall ensure at all times the confidentiality of any personal information that comes to its knowledge and possession.

Answer 16

The commission

Question 17

Two Deputy Privacy Commissioners:

Answer 17

• Data Processing Systems
• Policies and Planning

Question 18

What are the components of the organizational structure of the Commission?

Answer 18

● Department of Information and Communications Technology
● Privacy Commissioner/Chairman of the Commission.
● Two Deputy Privacy Commissioners

Question 19

Who appoints the Organizational Structure of the Commission?

Answer 19

President of the Philippines

Question 20

A privacy commissioner must be how old?

Answer 20

At least 35 years of age

Question 21

The Privacy Commissioner shall enjoy the benefits, privileges and emoluments equivalent to the rank of __________

Answer 21

Secretary

Question 22

Who is the Privacy Commissioner and Chairman

Answer 22

Raymund Enriquez Liboro

Question 23

recognized experts in the field of information and communications technology and data privacy.

Answer 23

Deputy Privacy Commissioner

Question 24

Deputy Private Commissioners shall enjoy the benefits, privileges and emoluments equivalent to the rank of _________

Answer 24

Undersecretary

Question 25

Who are the Deputy Privacy Commissioners?

Answer 25

Leandro Angelo Y. Aguirre and John Henry Du Naga

Question 26

Majority of the members of the Secretariat must have served for at least how many years in any agency of the government that is involved in the processing of personal information?

Answer 26

5 years

Question 27

Who may subcontract the processing of personal information?

Answer 27

Personal information controller

Question 28

may invoke the principle of privileged communication over privileged information that they lawfully control or process.

Answer 28

Personal information controllers

Question 29

May invoke the rights of the data subject for, which he or she is an heir or assignee at any time after the death of the data subject or when the data subject is incapacitated or incapable of exercising the rights as enumerated in the immediately preceding section

Answer 29

Lawful heirs and assigns of the data subject

Question 30

Who shall the personal information controller notify when sensitive personal information or other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person?

Answer 30

The Commission and affected data subjects

Question 31

T/F: No employee of the government shall have access to sensitive personal information on government property or through online facilities

Answer 31

T

Question 32

What is the limitation of records for off-site access to sensitive information?

Answer 32

1,000 Records

Question 33

Penalty for Unauthorized Processing of Personal Information and Sensitive
Personal Information

Answer 33

Imprisonment ranging from 1 year to 3 years and a fine of not less than Php 500,000 but not more than Php 2,000,000.

Question 34

Penalty for Accessing Information Sensitive Information Negligence.

Answer 34

Imprisonment ranging from 3 years to 6 years and a fine of not less than Php500,000 but not more than Php4,000,000

Question 35

Penalty for Improper Disposal of Personal Information

Answer 35

imprisonment ranging from 6 months to 2 years and a fine of not less than Php 100,000 but not more than Php500,000.

Question 36

Penalty for Processing of Personal Information for Unauthorized Purposes.

Answer 36

Imprisonment ranging from 1 year and 6 months to 5 years and a fine of not less than Php500,000 but not more than Php1,000,000.

Question 37

Penalty for Unauthorized Access or Intentional Breach.

Answer 37

imprisonment ranging from 1 year to 3 years and a fine of not less than Php500,000 but not more than Php2,000,000.

Question 38

Penalty for Concealment of Security Breaches Involving Sensitive Personal Information.

Answer 38

imprisonment of one 1 year and 6 months to 5 years and a fine of not less than Php500,000 but not more than Php 1,000,000.

Question 39

Penalty for Malicious Disclosure

Answer 39

imprisonment ranging from 1 year and 6 months to 5 years and a fine of not less than Php500,000 but not more than Php 1,000,000.

Question 40

Penalty for Unauthorized Disclosure of Personal Information

Answer 40

imprisonment ranging from 1 year to 3 years and a fine of not less than Php500,000 but not more than Php 1,000,000

Question 41

Penalty for Combination or Series of Acts

Answer 41

imprisonment ranging from 3 years to 6 years and a fine of not less than Php1,000,000 but not more than Php5,000,000.

Question 42

If the offender is a corporation, partnership or any juridicial the penalty shall be imposed upon who?

Answer 42

responsible officers, as the case may be, who participated in, or by their gross negligence, allowed the commission of the crime.

Question 43

What is meant by “large-scale” in this law?

Answer 43

At least one hundred (100) persons are harmed, affected or involved

Question 44

What is the accessory penalty for offense committed by public officer?

Answer 44

disqualification to occupy public office for a term double the term of criminal penalty imposed shall be applied.

Question 45

Restitution for any aggrieved party shall be governed by the provisions of what?

Answer 45

New Civil Code

Question 46

Who shall undertake whatever efforts it may determine to be necessary or appropriate to inform and educate the public of data privacy, data protection and fair information rights and responsibilities?

Answer 46

The Commission

Question 47

Who shall The Commission report to in carrying out the provisions of this Act?

Answer 47

President and Congress

Question 48

The Commission shall be provided with an initial appropriation of how much?

Answer 48

20 million pesos

Question 49

How much shall the commission receive per 5 years of implementation of this act?

Answer 49

10 million pesos

Question 50

How many years of transitory period do existing industries, businesses and offices affected by the implementation of this Act be given to comply to the requirements?

Answer 50

1 year

Question 51

Who is the president of the Philippines that signed into this law?

Answer 51

Benigno S. Aquino III

Question 52

Who is the president of the senate during the implementation of this law?

Answer 52

Juan Ponce Enrile

Question 53

What is the penalty for improper disposal of sensitive personal information

Answer 53

imprisonment ranging from one (1) year to three (3) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but not more than One million pesos (Php1,000,000.00)

Question 54

What is the penalty for sensitive personal information for unauthorized purposes

Answer 54

imprisonment ranging from two (2) years to seven (7) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00)

Question 55

What is the penalty for unauthorized disclosure of Sensitive Personal Information

Answer 55

Imprisonment ranging from 3 years to 5 years and a fine of not less than Php 500,000 but not more than Php 2,000,000

Question 56

If the offender is a juridicial person, who may suspend or revoke any of its rights under this act?

Answer 56

The court

Question 57

What is the penalty if the offender is an alien?

Answer 57

He/She shall be deported without further proceedings after serving the penalties prescribed.

Question 58

What is the penalty if the offended is a public official or employee

Answer 58

perpetual or temporary absolute disqualification from office

Question 59

Who is in charge of administering and implementing RA 10173?

Answer 59

National Privacy Commission (NPC)

Question 60

Date of Approval of RA 10173

Answer 60

August 15, 2012