⭐ RA 10173 (Part 1) Flashcards
RA 10173
Data Privacy Act of 2012
Data Privacy Act of 2012
RA 10173
An act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a national privacy commission, and for other purposes
RA 10173: Data Privacy Act of 2012
T/F:
Consent shall be evidenced by written, electronic or recorded means, but cannot be given on behalf of the data subject by an agent specifically authorized by the data subject to do so.
F;
may also be given on behalf…
T/F:
Personal information controller includes:
( 1) A person or organization who performs such functions as instructed by another person or organization; and
(2) An individual who collects, holds, processes or uses personal information in connection with the individual’s personal, family or household affairs
F;
excludes
T/F:
The act applies to information about any individual who is or was an officer or employee of a government institution.
F;
does not apply
T/F:
The act does not apply to information about an individual who is or was performing service under contract for a government institution.
T
T/F:
The act does not apply to information relating to any discretionary benefit of a financial nature.
T
T/F:
The act does not apply to personal information processed for journalistic, artistic, literary, or research purposes.
T
T/F:
The act applies to information necessary in order to carry out the functions of public authority.
F;
does not apply
T/F:
The act applies to information necessary for banks and other financial institutions.
F;
does not apply
T/F:
The act does not apply to personal information originally collected from residents of foreign jurisdictions.
T
RA No. ________:
Publishers, editors or duly accredited reporters of any newspaper, magazine or periodical of general circulation protection from being compelled to reveal the source of any news report or information appearing in said publication which was related in any confidence to such publisher, editor, or reporter.
RA No. 53
T/F:
The entity has a link with the Philippines, and the entity is processing personal information in the Philippines, but the processing should not be outside the Philippines.
F;
outside the Ph as long as it is about Philippine citizens or residents
responsible for administering and implementing the provisions of this act and to monitor and ensure compliance of the country with international standards set for data protection
National Privacy Commission
T/F:
The Commission cannot be given access to personal information that is subject of any complaint and to collect the information necessary to perform its functions.
F;
may be given
Ensure compliance of personal information controllers
National Privacy Commission
Receive complaints, institute investigations, facilitate or enable settlement of complaints, prepare reports on disposition of complaints and resolution of any investigation it initiates, and, in cases it deems appropriate, publicize any such report
National Privacy Commission
Issue cease and desist orders, compel or petition any entity, monitor the compliance, coordinate with other government agencies
National Privacy Commission
Publish a guide relating to data protection, publish a compilation of agency system, recommend to the DOJ the prosecution and imposition of penalties
National Privacy Commission
Review, approve, reject or require modification of privacy codes voluntarily adhered to by personal information controllers
National Privacy Commission
Ensure proper and effective coordination with data privacy regulators in other countries and private accountability agents, participate in international and regional initiatives for data privacy protection
National Privacy Commission
Provide assistance on matters relating to privacy or data protection
National Privacy Commission
Comment on the implication on data privacy of proposed national or local statutes, regulations or procedures, issue advisory opinions and interpret the provisions
National Privacy Commission
Propose legislation, amendments or modifications to Philippine laws
National Privacy Commission
Ensure proper and effective coordination with data privacy regulators in other countries and private accountability agents, participate in international and regional initiatives for data privacy protection
National Privacy Commission
Negotiate and contract with other data privacy authorities of other countries for cross-border application and implementation of respective privacy laws
National Privacy Commission
Assist Philippine companies doing business abroad to respond to foreign privacy or data protection laws and regulations
National Privacy Commission
Generally perform such acts as may be necessary to facilitate cross-border enforcement of data privacy protection.
National Privacy Commission
T/F:
The privacy codes shall adhere to the underlying data privacy principles.
T
T/F:
Privacy codes may include public dispute resolution mechanisms for complaints against any participating personal information controller.
F;
PRIVATE dispute resolution
T/F:
The Commission shall consult with relevant regulatory agencies in the formulation and administration of privacy codes applying the standards in this Act.
T
Organizational Structure of the
Commission
Attached to: DICT
Chairman: Privacy Commissioner
2 Deputy Privacy Commissioners
- Data Processing Systems
- Policies and Planning
The Commission shall be attached to what department?
Department of Information and Communications Technology (DICT)
Chairman of the Commission
Privacy Commissioner
2 Deputy Privacy Commissioners
Data Processing Systems
Policies and Planning
2 Deputy Privacy Commissioners appointed by?
For a term of?
the President of the Philippines
Term: 3 years (can be reappointed for another 3 years)
Privacy Commissioner qualifications
(1) must be at least 35 y/o
(2) good moral character, expert in IT and data privacy
(3) shall enjoy the benefits, privileges and emoluments equivalent to the rank of Secretary
recognized experts in the field of information and communications technology and data privacy
Deputy Privacy Commissioners
T/F:
General Data Privacy Principles:
Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law
T
T/F:
General Data Privacy Principles:
Kept in a form which permits identification of DATA SUBJECTS for no longer than is necessary for the purposes for which the data were collected and processed
T
T/F:
Criteria for Lawful Processing of Personal Information:
The data subject has given his or her consent.
T
T/F:
Criteria for Lawful Processing of Personal Information:
Personal information is necessary and is related to the fulfillment of a contract.
T
T/F:
Criteria for Lawful Processing of Personal Information:
For compliance with a personal obligation
F;
legal obligation
T/F:
Criteria for Lawful Processing of Personal Information:
Necessary to protect vitally important interests
T
T/F:
Criteria for Lawful Processing of Personal Information:
To respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority
T
T/F:
Criteria for Lawful Processing of Personal Information:
For the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed
T
T/F:
Processing of sensitive personal information and privileged information is allowed when:
The data subject has given his or her consent, specific to the purpose prior to the processing, or in the case of privileged information, all parties to the exchange have given their consent prior to processing.
T
T/F:
Processing of sensitive personal information and privileged information is allowed when:
Consent of the data subjects are required by law or regulation permitting the processing of the sensitive personal information or the privileged information.
F;
not required
T/F:
Processing of sensitive personal information and privileged information is allowed when:
The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing.
T
T/F:
Processing of sensitive personal information and privileged information is allowed when:
The processing is necessary to achieve the lawful and commercial objectives of public organizations and their associations.
F;
noncommercial
T/F:
Processing of sensitive personal information and privileged information is allowed when:
In achieving noncommercial objectives of public organizations and their associations, it should be confined and related to the bona fide members of these organizations or their associations.
T
T/F:
Processing of sensitive personal information and privileged information is allowed when:
In achieving noncommercial objectives of public organizations and their associations, it should be transferred to third parties.
F;
should not be transferred to third parties
T/F:
Processing of sensitive personal information and privileged information is allowed when:
In achieving noncommercial objectives of public organizations and their associations, the consent of data subject should be obtained prior to processing.
T
T/F:
Processing of sensitive personal information and privileged information is allowed when:
The processing is necessary for purposes of medical treatment.
T
T/F:
Processing of sensitive personal information and privileged information is allowed when:
The processing concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority.
T
T/F:
A personal information controller may subcontract the processing of personal information:
Provided, that he/she shall be responsible for ensuring that proper safeguards are in place to ensure the confidentiality of the personal information processed, prevent its use for unauthorized purposes, and generally, comply with the requirements of this Act and other laws for processing of personal information.
T
T/F:
Personal information controllers may invoke the principle of privileged information over privileged communication that they lawfully control or process.
F;
privileged communication over privileged information
T/F:
Subject to existing laws and regulations, any evidence gathered on privileged information is admissible.
F;
inadmissible
T/F:
It is the right of the data subject to be informed whether personal information pertaining to him or her shall be, are being or have been processed.
T
T/F:
It is the right of the data subject to be furnished the information indicated hereunder before the entry of his or her personal information into the processing system of the personal information controller, or at the next practical opportunity.
T
T/F:
It is the right of the data subject to have reasonable access to his/her information upon demand.
T
T/F:
It is the right of the data subject to dispute the inaccuracy or error in the personal information and have the personal information controller correct it immediately and accordingly even if the request is vexatious or otherwise unreasonable.
F;
it is his/her right to dispute unless the request is vexatious or otherwise unreasonable.
It is the right of the data subject to suspend, withdraw, or order the blocking, removal or destruction of his or her personal information from the personal information controller’s ________ ________.
filing system
T/F:
It is the right of the data subject to be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.
T;
indemnified: be compensated for the damages
Who may invoke the rights of the data subject for, which he or she is an heir or assignee at any time after the death of the data subject or when the data subject is incapacitated or incapable of exercising the rights as enumerated in the immediately preceding section?
- lawful heirs
- assigns of the data subject
T/F:
The data subject shall have the right, where personal information is processed by electronic means and in a structured and commonly used format, to obtain from the personal information controller a copy of data undergoing processing in an electronic or structured format, which is commonly used and allows for further use by the data subject.
T
T/F:
The immediately preceding sections are applicable if the processed personal information are used only for the needs of scientific and statistical research and, on the basis of such, no activities are carried out and no decisions are taken regarding the data subject.
F;
not applicable
T/F:
The immediately preceding sections are applicable to processing of personal information gathered for the purpose of investigations in relation to any criminal, administrative or tax liabilities of a data subject.
F;
not applicable
