UNIT 10 Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

On the year 2000 a Filipino named Onel De Guzman created a worm that sent messages
through email with an attachment: “LOVE-LETTER-FORYOU.txt.vbs”
When the attachment is opened, the file activates a code that sends an instruction to
forward the same email to all the contacts of the user
● The worm spread to e-mail accounts across the globe – including US and Europe –
overwhelming the email systems of private and government organizations causing them
to shut down resulting to estimated damages worth millions of USD
● This prompted the FBI to identify the source of the worm, which was then traced back to
the Philippines

A

The I LOVE YOU Worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Onel De Guzman was eventually arrested by the Philippine government at the request of
the FBI but was released shortly afterwards because there was NO pre-existing Philippine
laws that he violated

A

The I LOVE YOU Worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

AN ACT PROVIDING FOR THE
RECOGNITION AND USE OF ELECTRONIC TRANSACTIONS AND DOCUMENTS,
PENALTIES FOR UNLAWFUL USE THEREOF AND OTHER PURPOSES.
NOTE: was used to define certain illegal activities concerning the use of various
devices in an effort to provide a legal provision to deter future actions similar to what
Onel De Guzman did

A

Republic Act 8792: Philippine E-Commerce Act Of 2000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Section 6. LEGAL RECOGNITION OF DATA MESSAGES

Republic Act 8792: Philippine E-Commerce Act Of 2000

text messages, e-mails, or any other similar modes of
communication done through electronic means [including unaltered screenshots] has the
same legal validity as physical messages

A

ELECTRONIC DATA MESSAGES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Section 7. LEGAL RECOGNITION OF ELECTRONIC DOCUMENTS

Republic Act 8792: Philippine E-Commerce Act Of 2000

shall have the legal effect, validity or enforceability as any other
document or legal writing.
NOTE: This provision gives softcopy of authentic documents the same legal validity as physical
documents

A

ELECTRONIC DOCUMENTS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Section 8. LEGAL RECOGNITION OF ELECTRONIC SIGNATURES

Republic Act 8792: Philippine E-Commerce Act Of 2000

An _____ on the electronic document shall be equivalent to the signature
of a person on a written document

A

ELECTRONIC SIGNATURE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Section 33. PENALTIES
The following acts shall be penalized by fine and/or imprisonment:

Republic Act 8792: Philippine E-Commerce Act Of 2000

● Unauthorized access into a computer system/server or information and communication
system
● Any access with the intent to corrupt, alter, steal, or destroy using a computer or computer
system without the knowledge and consent of the owner of the system

A

HACKING/CRACKING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Section 33. PENALTIES

Republic Act 8792: Philippine E-Commerce Act Of 2000

● Unauthorized copying, reproduction, storage, uploading, downloading, communication, or
broadcasting of protected material [..] through the use of telecommunication networks,
e.g. the Internet, in a manner that infringes intellectual property

A

PIRACY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Section 33. PENALTIES

Violations against R.A. 7394: The Consumer Act Of The Philippines
● R.A. 7394 was enacted primarily to protect the consumers …
… against hazards to health and safety, and
… against deceptive, unfair and unconscionable sales acts and practices.

A

Republic Act 8792: Philippine E-Commerce Act Of 2000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

NOTE:
● Penalty for HACKING/CRACKING and PIRACY:
▪ Pay a fine amounting to a minimum of one hundred thousand pesos (PhP 100,000) and a
maximum that is commensurate to the damage incurred and …
▪ Mandatory imprisonment of 6 months to 3 years.
● Penalty for violations against R.A. 7394 will be the same penalties as provided by same law which
is to pay a fine of PhP 20,000 to PhP 2000,000 and/or imprisonment of 3 to 6 years

A

Republic Act 8792: Philippine E-Commerce Act Of 2000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Does connecting to an open WIFI network (e.g. WIFI with no password), without the consent
of the network owner, constitute a violation of RA 8792?

A

NO! By merely accessing it, there is no clear intent to “corrupt, alter, steal or destroy”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

is an act that adopts sufficient powers to effectively prevent and combat cybercrime
offenses by facilitating their detection, investigation, and prosecution at both the domestic and
international levels

A

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

defines ____ as a crime committed with or through the use of information and
communication technologies such as radio, television, cellular phone, computer and network, and
other communication device or application

A

CYBERCRIME

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Section 4. CYBERCRIME OFFENSES
The following acts constitute the offense of cybercrime punishable under this Act
(a) OFFENSES against the CONFIDENTIALITY, INTEGRITY and AVAILABILITY (CIA) of
COMPUTER DATA and COMPUTER SYSTEMS;
(b) COMPUTER-RELATED OFFENSES; and
(c) CONTENT-RELATED OFFENSES

A

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SECTION 4 (a) OFFENSES against the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY (CIA) of
COMPUTER DATA and COMPUTER SYSTEMS

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

The access to the whole or any part of a computer system without right.
NOTE:
● “access” is the instruction, communication with, storing/retrieving data from or use of
any resources of a computer system of network
● “without right” means having no consent from the owner of the computer system

A

ILLEGAL ACCESS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Does connecting to an open WIFI network (e.g. WIFI with no password), without the
consent of the network owner, constitute a violation of RA 8792?

A

NO! By merely accessing it, there is no clear intent to “corrupt, alter, steal or
destroy”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Does connecting to an open WIFI network (e.g. WIFI with no password), without the
consent of the network owner, constitute a violation of RA 10175?

A

YES! Illegal access is to “make use of any resources” without right (consent)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

SECTION 4 (a) OFFENSES against the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY (CIA) of
COMPUTER DATA and COMPUTER SYSTEMS

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

The interception […] of computer data to, from, or within a computer system.
NOTE:
● Interception is listening to, recording, monitoring or surveillance of the content of
communications through the use of electronic eavesdropping or tapping devices at the same
time that the communication is occurring

A

ILLEGAL INTERCEPTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

SECTION 4 (a) OFFENSES against the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY (CIA) of
COMPUTER DATA and COMPUTER SYSTEMS

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

The intentional or reckless alteration, damaging, deletion or deterioration of computer
data, electronic document or electronic data message without right – including the
introduction or transmission of viruses

A

DATA INTERFERENCE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Consider the following situation:
 A friend sent you a file on a flash drive infected with a virus
 Both of you is not aware that the flash drive is infected
 After you insert the flash drive in your computer, your computer get infected
and you lost your documents
Is your friend liable for any violation on RA 10175?

A

YES! Data interference includes “the intentional or reckless alteration, damaging,
deletion
or deterioration of computer data” – even if your friend has no malicious intent it is
still considered as “recklessness” in his/her part causing you to lose your file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

SECTION 4 (a) OFFENSES against the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY (CIA) of
COMPUTER DATA and COMPUTER SYSTEMS

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

The intentional alteration or reckless hindering or interference with the functioning of a
computer or computer network by inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data or program, electronic document,
or electronic data message, without right or authority, including the introduction or
transmission of viruses

A

SYSTEM INTERFERENCE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Consider the same situation in the previous example:
 A friend sent you a file on a flash drive infected with a virus
 Both of you is not aware that the flash drive is infected
 After you insert the flash drive in your computer, your computer get infected
and you lost all your files and the whole computer system went into error
Is your friend liable for any violation on RA 10175?

A

YES! Although it may be unintentional, data interference and system interference
was committed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

SYSTEM INTERFERENCE EXAMPLE:

Refers to software programs and malware components developed to take over a
computer’s resources and use them for cryptocurrency mining without the user’s explicit
permission

A

CRYPTOJACKING or CRYPTOMINING MALWARE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

SYSTEM INTERFERENCE EXAMPLE:

When you download through torrent sites like “thepiratebay”, you basically give them the
authority to use your computer’s CPU to “mine” cryptocurrencies – the reason why
downloading a lot of torrent file can cause your computer to heat up

A

CRYPTOJACKING or CRYPTOMINING MALWARE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

SECTION 4 (a) OFFENSES against the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY (CIA) of
COMPUTER DATA and COMPUTER SYSTEMS

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

The unauthorized use, production, sale, procurement, distribution or otherwise making
available of:
i. A device designed for committing any offenses under this Act
ii. A computer password, access code, or similar data by which […] a computer
system is […] accessed with the intent of committing any offenses under this act

A

MISUSE OF DEVICE (SKIMMING DEVICES and KEYLOGGERS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

SECTION 4 (a) OFFENSES against the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY (CIA) of
COMPUTER DATA and COMPUTER SYSTEMS

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

The acquisition of a domain name on the internet in bad faith to profit, mislead, destroy
reputation, and deprive others from registering the same

A

CYBER-SQUATTING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

SECTION 4 (a) OFFENSES against the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY (CIA) of
COMPUTER DATA and COMPUTER SYSTEMS

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

the domain name that was acquired is:
i. Similar, identical or confusingly similar to an existing government-registered
trademark;
ii. In case of a personal name, identical or in any way similar with the name of a
person other than the registrant; and
iii. Acquired without right or with intellectual property interests in it

A

CYBER-SQUATTING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

SECTION 4 (a) OFFENSES against the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY (CIA) of
COMPUTER DATA and COMPUTER SYSTEMS

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

 In January 2004, Mike Rowe was a grade 12 student who operated a profitable web
design business as a part time job.
 He registered the website with the domain name MikeRoweSoft.com
 Lawyers from Microsoft asked him to stop using the website and Mike Rowe complied
after an undisclosed settlement with the company

A

CYBER-SQUATTING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

SECTION 4 (b) COMPUTER-RELATED OFFENSES

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

The input, alteration, or deletion of any computer data without right resulting in
inauthentic data with the intent that it be considered or acted upon for legal
purposes as if it were authentic

A

Computer-related FORGERY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

SECTION 4 (b) COMPUTER-RELATED OFFENSES

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

The act of knowingly using computer data which is the product of computer-related
forgery for the purpose of perpetuating a fraudulent or dishonest design

A

Computer-related FORGERY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

SECTION 4 (b) COMPUTER-RELATED OFFENSES

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

Hacking into the SLU Student Portal to change your grade from 65 to 95
Since NO MONETARY VALUE is involved, this is considered as “—” and not “fraud”

A

COMPUTER-RELATED FORGERY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

SECTION 4 (b) COMPUTER-RELATED OFFENSES

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

The unauthorized input, alteration, or deletion of computer data or program or
interference in the functioning of a computer system, causing damage thereby with
fraudulent intent

A

Computer-related FRAUD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

SECTION 4 (b) COMPUTER-RELATED OFFENSES

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

The ONLY difference between forgery and fraud is if the damage incurred has a ____

A

monetary value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

SECTION 4 (b) COMPUTER-RELATED OFFENSES

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

Hacking into a bank’s database and changing your account balance from PhP 500 to PhP
5,000
 Asking people to send you a “prepaid load” by pretending to be a “relative from abroad”

A

Computer-related FRAUD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

SECTION 4 (b) COMPUTER-RELATED OFFENSES

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

The intentional acquisition, use, misuse, transfer, possession, alteration or deletion of
identifying information belonging to another [person] without right

A

Computer-related IDENTITY THEFT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

SECTION 4 (b) COMPUTER-RELATED OFFENSES

REPUBLIC ACT 10175: CYBERCRIME PREVENTION ACT OF 2012

Those fake social media accounts that has a user profile that contains “identifying
information” – like picture or name – belonging to another person with the intention of using
it for malicious purposes, such as pretending to be the actual person even if it is not

A

Computer-related IDENTITY THEFT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Assume that two individuals, who happen to be real-life partners, gave their consent to
each other to record their sexual act.
Is this a case of cybersex?

A

NO! Since both parties consented and even if these acts are publicly denounced, they
do NOT constitute to cybersex since the act is NOT done for “any favour or
consideration” and without the element of “engagement in business”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

SECTION 4 (c) CONTENT-RELATED OFFENSES

● The unlawful or prohibited acts defined and punishable by R.A. 9775: The Anti-Child
Pornography Act of 2009 committed through a computer system
● This includes any representation – whether visual or audio – by electronic or any other
means of a child engaged or involved in real or simulated explicit sexual activities

A

CHILD PORNOGRAPHY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

SECTION 4 (c) CONTENT-RELATED OFFENSES

Are “hentai” clips – sexually explicit Japanese comics or anime – considered as a
violation of this law?

A

NO … unless the hentai clip itself contains a character which is explicit identified as a
minor. If so, the said material is prohibited and the creator/distributor of the said
material are liable for violation of this law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

SECTION 4 (c) CONTENT-RELATED OFFENSES

is the public and malicious imputation of a crime – real or imaginary – or any act,
omission, condition, status or circumstance tending to cause the dishonor, discredit, or
contempt of a […] person, or to blacken the memory of the dead

A

(ONLINE) LIBEL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

SECTION 4 (c) CONTENT-RELATED OFFENSES

FOUR ELEMENTS OF LIBEL

a discreditable act or condition concerning another;

A

Allegations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

SECTION 4 (c) CONTENT-RELATED OFFENSES

FOUR ELEMENTS OF LIBEL

___ of the charge

A

Publication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

SECTION 4 (c) CONTENT-RELATED OFFENSES

FOUR ELEMENTS OF LIBEL

The person being ___ is clearly identified; and

A

defamed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

SECTION 4 (c) CONTENT-RELATED OFFENSES

FOUR ELEMENTS OF LIBEL

Existence of

A

Malice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Assume that someone posted this unfounded claim on social media:
“HOY! MARIA DAVID! MAGNANAKAW KA! KAYONG DALAWANG
“NANAY MO! MGA MAGNANAKAW! IBALIK NIYO YUNG MILYUN-
“MILYONG PERA NA NINAKAW NIYO!”
Did the person who posted commit online libel?

A

YES! All the FOUR ELEMENTS OF LIBEL is present!
a. FALSE ALLEGATION: MAGNANAKAW KA! KAYONG DALAWA NG NANAY MO!
b. PUBLICATION: Allegation was posted on social media
c. PERSON DEFAMED is IDENTIFIED: Maria David and her mother
d. EXISTENCE OF MALICE: Even though unfounded, the post was published
nonetheless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

“HOY! MARIA DAVID! MAGNANAKAW KA! KAYONG DALAWANG
“NANAY MO! MGA MAGNANAKAW! IBALIK NIYO YUNG MILYUN-
“MILYONG PERA NA NINAKAW NIYO!”

If you LIKED/REACTED to the post above, are you liable?

A

NO! LIKING or REACTING may be a sign of approval to the said post but NO
STATEMENT was mentioned – none of the FOUR ELEMENTS OF LIBEL is present!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

“HOY! MARIA DAVID! MAGNANAKAW KA! KAYONG DALAWANG
“NANAY MO! MGA MAGNANAKAW! IBALIK NIYO YUNG MILYUN-
“MILYONG PERA NA NINAKAW NIYO!”

If you SHARED the said post, are you liable?

A

NO! The libelous statement was NOT made by the person who SHARED it!

48
Q

“HOY! MARIA DAVID! MAGNANAKAW KA! KAYONG DALAWANG
“NANAY MO! MGA MAGNANAKAW! IBALIK NIYO YUNG MILYUN-
“MILYONG PERA NA NINAKAW NIYO!”

If you COMMENTED on the said post with “OO NGA!”, are you liable?

A

NO! Similar to LIKING or REACTING, commenting “OO NGA!” does not discredit or
allege Maria David – none of the FOUR ELEMENTS OF LIBEL is present

49
Q

“HOY! MARIA DAVID! MAGNANAKAW KA! KAYONG DALAWANG
“NANAY MO! MGA MAGNANAKAW! IBALIK NIYO YUNG MILYUN-
“MILYONG PERA NA NINAKAW NIYO!”

If you COMMENTED on the said post with “OO NGA! MAGNANAKAW KAYONG MAG-
INA”, are you liable?

A

YES! This statement is not merely an approval but also states an allegation towards
Maria David and her mother.
This makes the person liable for libel since the comment can be seen publicly as well.

50
Q

This is the right of an individual “to be free from unwarranted publicity, or to live without
unwarranted interference by the public in matters in which the public is not necessarily
concerned.”

A

THE RIGHT TO PRIVACY

51
Q

Does the state (i.e. the government) have the right to disturb private individuals in their
homes?

A

NO! The State recognizes the right of the people to be secure in their houses. No one, not
even the State, except “in case of overriding […] and only under the stringent procedural
safeguards,” can disturb them in the privacy of their homes.

52
Q

THE RIGHT TO PRIVACY
Article 26: Every person shall respect the dignity, personality, privacy and peace of mind of his
neighbors and other persons.

A

REPUBLIC ACT 386: CIVIL CODE OF THE PHILIPPINES (1950)

53
Q

The following and similar acts, though they may not constitute a criminal offense, shall produce a
cause of action for damages, prevention and other relief:

__ into the privacy of another’s residence

A

Prying

54
Q

The following and similar acts, though they may not constitute a criminal offense, shall produce a
cause of action for damages, prevention and other relief:

— with or disturbing the private life or family relations of another;

A

Meddling

55
Q

The following and similar acts, though they may not constitute a criminal offense, shall produce a
cause of action for damages, prevention and other relief:

— to cause another to be alienated from his friends;

A

Intriguing

56
Q

The following and similar acts, though they may not constitute a criminal offense, shall produce a
cause of action for damages, prevention and other relief:

__ or humiliating another on account of his religious beliefs, lowly station in life,
place of birth, physical defect, or other personal condition.

A

Vexing

57
Q

May an individual installs surveillance cameras on his own property facing the property of
another? (Hing vs. Choachuy 2013)

A

NO! A man’s house is his castle, where his right to privacy cannot be denied or even
restricted by others.
It includes any act of intrusion into, peeping or peering inquisitively into the residence of
another without the consent of the latter.

58
Q

The installation of surveillance cameras, should NOT cover places where there is reasonable
expectation of privacy, unless the consent of the individual – whose right to privacy would be
affected – was obtained.

A

NOTE on the INSTALLATION of CAMERAS

59
Q

Sample Case: (Zulueta vs C.A., 1996)
Situation:
• Cecilia entered the clinic of Dr. Martin – her husband – and in the presence of
witnesses, forcibly opened the drawers and cabinet and took 157 documents and
papers consisting of greetings cards, cancelled checks, diaries, and photographs
between Dr. Martin and his alleged paramours.
• The said documents were used as evidence in legal separation case.
Was the right to privacy of Dr. Martin violated?

A

YES! In the decision of the court: “A person, by contracting marriage, does not shed his/her
integrity or his right to privacy as an individual and the constitutional protection is ever
available to him or to her.”
The documents and papers are inadmissible as evidence since the way they were gathered
violated the right to privacy of Dr. Martin

60
Q

Also known as the “right to be left alone”, refers to the right of a person to “expect privacy” in
places and/or situations that the community generally accepts as “quite reasonable”
For instance, there are certain instances that a person assumes that there is _____ such that at that particular moment nobody can see or hear him/her.

A

reasonable expectation of privacy

61
Q

Does an employee have a reasonable expectation of privacy in the workplace?

A

According to a court decision, an employee have LESS or NO expectations of privacy in the
workplace.
For instance, CCTV cameras may be watching an employee’s every move while inside the
company grounds. The only place where there is reasonable expectation of privacy is inside
the toilet facilities of the company

62
Q

REPUBLIC ACT 9995: ANTI-PHOTO AND VIDEO VOYEURISM ACT OF 2009

Included under the ___ is that any person believes that:
● He/she could disrobe in privacy, without being concerned that an image or a private area
of the person was being captured;
● The private area of the person would not be visible to the public, regardless of whether
that person is in a public or private place.

A

REASONABLE EXPECTATION OF PRIVACY

63
Q

What does “PRIVATE AREA OF A PERSON” include?

A

The “private area of a person” includes naked or undergarment-clad genitals, pubic area,
buttocks, or the female breast of an individual

64
Q

Section 4: PROHIBITED ACTS.

To __ photo or video coverage of a person or group of persons performing sexual act
or any similar activity or to capture an image of the private area of a person without the
consent of the person involved and under circumstances in which the person/s has/have
a reasonable expectation of privacy;

A

TAKE

65
Q

Section 4: PROHIBITED ACTS.

To ___ or REPRODUCE […] such photo or video or recording of (a);

A

COPY

66
Q

Section 4: PROHIBITED ACTS.

To ___ or DISTRIBUTE […] such photo or video or recording of (a); or

A

SELL

67
Q

Section 4: PROHIBITED ACTS.

To ___ or BROADCAST […] of (a) through VCD/DVD, Internet, cellular phones and
other similar means or device.

A

PUBLISH

68
Q

Will one be liable for the non-commercial copying or reproduction of said photo or video –
e.g. copy or reproduce for free without asking for money?

A

YES! The mere copying or reproduction of said material will make one liable under the law
regardless of the reason or whether one profits or not from such act.

69
Q

If the persons in the photo knew and consented to the video recording or taking of the
photo, can anyone reproduce, distribute, or broadcast it

A

NO! The person merely consented to the taking of the photo or the video recording and did
not give written consent for its reproduction, distribution, and broadcasting.

70
Q

Section 4: PENALTIES.
The penalty for the commission of any of the prohibited acts above are as follows:
● Imprisonment of 3 years to 7 years imprisonment; and
● Fine of Php 100,000.00 to Php 500,000.00

A

Section 4: PENALTIES.

71
Q

PURPOSE
1. PROTECTS THE PRIVACY OF INDIVIDUALS while ensuring free flow of information to
promote innovation and growth.
2. REGULATES the collection, recording, organization, storage, updating or modification,
retrieval, consultation, use, consolidation, blocking, erasure or destruction of PERSONAL
DATA.
3. Ensures that the Philippines COMPLIES WITH INTERNATIONAL STANDARDS set for data
protection.

A

REPUBLIC ACT 10173: DATA PRIVACY ACT OF 2012

72
Q

DEFINITION OF TERMS

The individual, corporation, or body who decides what to do with data.

A

PERSONAL INFORMATION CONTROLLER (PIC)

73
Q

DEFINITION OF TERMS

One who processes data for a PIC. The PIP does not process information for the PIP’s own
purpose.

A

PERSONAL INFORMATION PROCESSOR (PIP)

74
Q

DEFINITION OF TERMS

Any freely given, specific, informed indication of will, whereby the data subject agrees to
the collection and processing of personal information about and/or relating to him or her.

A

CONSENT OF DATA SUBJECT

75
Q

DEFINITION OF TERMS

A security incident that:
a. Leads to unlawful or unauthorized processing of personal, sensitive, or privileged
information;
b. Compromises the availability, integrity, or confidentiality of personal data.

A

BREACH

76
Q

Any personal information about a particular
individual that can be used in identifying a
person.
This includes, but not limited to:
▪ Name
▪ Address
▪ Phone number
▪ E-mail address

A

PERSONAL INFORMATION

77
Q

Any information or opinion about a particular
individual that may be used to harm or
discriminate a person.
This includes, but not limited to:
▪ Race or ethnic origin
▪ Religious affiliations
▪ Criminal record
▪ Medical record

A

SENSITIVE PERSONAL INFORMATION

78
Q

PROCESSING OF PERSONAL INFORMATION

● The data subject must know:
a. What personal data will be collected
b. How the personal data will be collected
c. Why personal data will be collected
● The data processing policies of the PIC must be known to the data subject.
● The information to be provided to the data subject must be in clear and plain
language.

A

PRINCIPLES OF TRANSPARENCY

79
Q

DEFINITION OF TERMS

● Data collected must be always be collected only for the specific, explicit, and
legitimate purposes of the PIC.
● Data that is not compatible with the purpose [of the data collection] shall not be
processed.

A

LEGITIMATE PURPOSE PRINCIPLE

80
Q

DEFINITION OF TERMS

● The amount of data collected for processing should be adequate, relevant, and not
excessive in proportion to the purpose of the data processing.
● Efforts should be made to limit the processed data to the minimum necessary.

A

PRINCIPLE OF PROPORTIONALITY

81
Q
  1. The consent of data subject has to be given;
  2. The processing is necessary and is related to the fulfillment of a contract with the data
    subject or in order to take steps at the request of the data subject prior to entering into a
    contract;
  3. The processing is necessary for compliance with a legal obligation to which the PIC is
    subject;
  4. The processing is necessary to protect vitally important interests of the data subject,
    including life and health;
  5. The processing is necessary in order to respond to national emergency, to comply with
    the requirements of public order and safety, or to fulfill functions of public authority […];
    or
  6. The processing is necessary for the purposes of the legitimate interests pursued by the PIC
    […], except where such interests are overridden by fundamental rights and freedoms of
    the data subject […]
A

PROCESSING OF SENSITIVE PERSONAL INFORMATION

82
Q

RIGHTS OF THE DATA SUBJECT

● This is the right to be informed that your personal data shall be, are being, or have
been processed.
● The disclosure must be made before the entry of the data into the processing
system or at the next practical opportunity

A

Right to be INFORMED

83
Q

DEFINITION OF TERMS

● The right to refuse to the processing of personal data.
● This includes the right to be given an opportunity to withhold consent to the
processing in case of any changes or any amendment to the information supplied
or declared.

A

Right to OBJECT

84
Q

RIGHTS OF THE DATA SUBJECT

The right to find out whether a PIC holds any personal data about you.

A

Right to ACCESS

85
Q

RIGHTS OF THE DATA SUBJECT

● This involves the right to dispute the inaccuracy or error in the personal data and
have the PIC correct it immediately.
● It also includes access to new and retracted information, and simultaneous receipt
thereof.
● Recipients previously given erroneous data must be informed of inaccuracy and
rectification upon reasonable request of the data subject.

A

Right to RECTIFICATION

86
Q

RIGHTS OF THE DATA SUBJECT

● This is the right to suspend, withdraw, or order the blocking, removal, or
destruction of his/her personal information from the PIC’s filing system
● The right to erase or block can be invoked in the following circumstances:
◼ There are data which are incomplete, outdated, false, or unlawfully
obtained.
◼ The data was used for unauthorized purposes.
◼ The data is no longer necessary for purposes of collection.
◼ The processing of data was found to be unlawful.
◼ The PIC or PIP violated the rights of the data subject.

A

Right to ERASURE or BLOCKING

87
Q

RIGHTS OF THE DATA SUBJECT

● This is the right to be receive compensation for any damages sustained due to
inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use
of personal data.
● If there are circumstances where you discovered that your personal data was
mishandled, you have the right to ask for compensation for the damage it has
caused you.

A

Right to DAMAGES

88
Q

RIGHTS OF THE DATA SUBJECT

● The right to obtain a copy of data undergoing processing in [a commonly used]
electronic or structured format that allows for further use by the data subject.
● Takes into account the right to have control over personal data being processed
based on consent, contract, for commercial purposes, or through automated
means.

A

Right to DATA PORTABILITY

89
Q

RIGHTS OF THE DATA SUBJECT

The right to file a complaint in circumstances wherein the PIC or the PIP has
breached the privacy of the data subject

A

Right to FILE A COMPLAINT

90
Q

May a teacher/professor search the contents of a student’s cellular phone?

A

NO! Any search through a student’s cellular phone without justification under a law or
regulation is UNLAWFUL, and may be considered as “unauthorized processing of data”
However, there are exceptions:
• If it was done with student’s consent [except if the student is a minor]
• If it is required by the student’s life and health, or by national emergency.

91
Q

Is an implied (indirect) form of consent valid?
Example:
“By continuing to avail of xxx products and services:, you explicitly
“authorize xxx, its employees, duly authorized representatives,
“related companies and third-party service providers, to use, process
“and share personal data needed in the administration of your xxx”

A

NO! Consent under the Data Privacy Act has three requirements, none of which are seen in
an implied consent:
• Consent must be freely given;
• Details about what consent is being asked must be specific; and
• There must be an informed indication of will.

92
Q

Are handwritten signatures considered sensitive personal information?

A

NO! It is possible that one may share a similar signature as another person. Moreover,
some signatures do not, in any way, show signs of identity of a person.
However, these may be considered personal information when used to identify an
individual such as a signature affixed on the name of a person.

93
Q

Are usernames, password, IP and MAC address, location cookies and birthday (month and
day only) are considered personal information?

A

YES!*
* Only when they are combined with other pieces of information that may allow an
individual to be distinguished from others.

94
Q

PROHIBITED ACTS OF R.A. 10173

Process (sensitive) personal information without the consent of the data subject or
without being authorized under the Data Privacy Act or any other law.

A

Unauthorized processing of personal information and sensitive personal information

95
Q

PROHIBITED ACTS OF R.A. 10173

Provided access to (sensitive) personal information due to negligence or was
unauthorized under the Data Privacy Act or any existing law.

A

Accessing personal information and sensitive personal information due to negligence

96
Q

PROHIBITED ACTS OF R.A. 10173

Negligently dispose, discard or abandon the (sensitive) personal information of an
individual in an area accessible to the public or placed the (sensitive) personal
information of an individual in a container for trash collection.

A

Improper disposal of (sensitive) personal information

97
Q

PROHIBITED ACTS OF R.A. 10173

Process personal information for purposes not authorized by the data subject or not
otherwise authorized by the Data Privacy Act or under existing laws.

A

Processing of personal information and sensitive personal information for unauthorized
purposes

98
Q

PROHIBITED ACTS OF R.A. 10173

Knowingly and unlawfully violate data confidentiality and security data systems where
personal and sensitive personal information is stored.

A

Unauthorized access or intentional breach

99
Q

PROHIBITED ACTS OF R.A. 10173

Discloses to a third party unwarranted or false information with malice or in bad faith
relative to any (sensitive) personal information obtained by such PIC or PIP.

A

Malicious Disclosure

100
Q

set of procedures and technological measures to ensure secure and
efficient operation of information within an organization, both general and application controls
for safeguarding information. These control activities are applied throughout an organization. The
most important general controls are the measures that control access to computer systems and
the information stored or transmitted over telecommunication networks. General controls include
administrative measures that restrict employee access to only those processes directly relevant to
their duties, thereby limiting the damage an employee can do.

A

Security controls

101
Q

is about protecting things that are of value to an organization. Security controls exist to
reduce or mitigate the risk to those assets. They include any type of policy, procedure, technique,
method, solution, plan, action, or device designed to help accomplish that goal. Recognizable
examples include firewalls, surveillance systems, and antivirus software.

A

IT security

102
Q

Control Types

Describes anything tangible that’s used to prevent or detect
unauthorized access to physical areas, systems, or assets. This includes gates, access cards,
CCTVs, and motion sensors

A

Physical controls

103
Q

Control Types

(also known as logical controls) Includes hardware or software
mechanisms used to protect assets. Common examples are authentication solutions,
firewalls, and antivirus software.

A

Technical controls

104
Q

Control Types

Refers to policies, procedures, or guidelines that define
personnel or business practices in accordance with the organization’s security goals. These
can apply to the hiring and termination of employees, equipment and Internet usage,
separation of duties, and auditing.

A

Administrative controls

105
Q

Control Functions

These is any security measure that is designed to prevent or stop any
malicious activity from happening. These can be fences, alarms, and antivirus software.

A

Preventive Controls

106
Q

Control Functions

These is any security measure taken or implemented to detect and
alert to unwanted or unauthorized activity in progress or after it has occurred. It can be
alerting guards or notifications from a motion sensor.

A

Detective controls

107
Q

Control Functions

Any measures taken to repair damage or restore resources and
capabilities following an unauthorized or unwanted activity. This may include rebooting
the system, or terminating a process, or quarantining a virus.

A

Corrective controls

108
Q

Fences, gates, locks

A

Physical and Preventive

109
Q

CCTV and
surveillance camera
logs

A

Physical and Detective

110
Q

Repair physical
damage, re-issue
access cards

A

Physical and Corrective

111
Q

Firewall, IPC, MFA
solution, antivirus
software

A

Technical and Preventive

112
Q

Intrusion detection
systems, honeypots

A

Technical and Detective

113
Q

Patch a system,
terminate a process,
reboot a system,
quarantine a virus

A

Technical and Corrective

114
Q

Hiring and
termination policies,
separation of duties,
data classification

A

Administrative and Preventive

115
Q

Review access rights,
audit logs, and
unauthorized
changes

A

Administrative and Detective

116
Q

Implement a
business continuity
place or incident
response plan

A

Administrative and Corrective