Data Privacy Act (RA 10173)

The right protected under the 1987 Constitution insofar as the Data Privacy Law is concerned is –

a. Right against unreasonable searches and seizure

b. Right to travel

c. Right against involuntary servitude

d. Right against ex post facto law

e. Right to privacy

e. Right to privacy

The consent of the data subject must be freely given, specific,__________indication of the will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her.

a. learned

b. informed

c. careful

d. analyzed

e. thorough

b. informed

It refers to a system for generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents and includes the

computer system or other similar device by or which data is recorded, transmitted or stored and an procedure related to the recording, transmission or storage of electronic data, electronic message, or electronic document.

a. Filing system

b. data processing system

c. Information and communication system

d. processing

c. Information and communication system

It refers to any act of information relating to natural or juridical persons to the extent that, although the information is not processed by equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular person is readily accessible.

a. Filing system

b. data processing system

c. Information and communication system

d. processing

a. Filing system

It refers to personal information about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;

a. personal information

b. sensitive personal information

c. confidential information

d. privileged

e. Top secret information

b. sensitive personal information

S1 - The PIP has the obligation to notify in case of breach.

S2 – The PIP cannot share, amend or further process outside the bounds of contract.

a. S1 is true; S2 is false

b. S1 is false; S2 is true

c. Both are true

d. Both are false

b. S1 is false; S2 is true

It refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

a. profiling

b. data Processing

c. filing system

d. data sharing

a. profiling

It is an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It includes incidents that would result to a personal data breach, if not for safeguards that have been put in place.

a. security breach

b. security incident

c. personal data breach

d. personal data violation

e. security protocol

b. security incident

S1 - The Privacy Commissioner shall be assisted by three (3) Deputy Privacy Commissioners.

S2 - The Privacy Commissioner and the two (2) Deputy Privacy Commissioners shall be appointed by the President of the Philippines for a term of two (2) years.

a. S1 is true; S2 is false

b. S1 is false; S2 is true

c. Both are true

d. Both are false

d. Both are false

The Data Privacy Act of 2012 protects all forms of information that are – except,

a. Personal

b. Sensitive

c. Privileged

d. Published

d. Published

Each personal information controller is responsible for personal information under its control or custody, including information that have been transferred to a

third party for processing, whether domestically or internationally, subject to cross-border arrangement and cooperation.

a. Principle of Subsidiary

b. Principle of Confidentiality

c. Principle of Accountability

d. Principle of Incontrovertibility

e. Principle of Solidarity

c. Principle of Accountability

It is important that the organization should take steps to ensure that the data is handled legally, securely, efficiently and effectively in order to deliver the best possible care.

a. Risk-based Approach

b. Secured Approach

c. Confidentiality Approach

d. Limited Liability Approach

a. Risk-based Approach

The processing of personal information shall be allowed, subject to compliance with the requirements of this Act and other laws allowing disclosure of information to the public and adherence to the principles of, except –

a. Mutuality c. Legitimate purposes

b. Transparency d. Proportionality

a. Mutuality

The processing of information shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose. Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by other means.

a. Mutuality c. Legitimate purposes

b. Transparency d. Proportionality

d. Proportionality

The following are the rights given under the Data Privacy Law, except:

a. Data Portability d. erasure

b. Accessibility e. publication

c. Blocking

e. publication

The Commission and affected data subjects shall be notified by the personal information controller ______________ (1) upon knowledge of, or (2) when there is reasonable belief by the personal information controller or personal information processor that, a personal data breach requiring notification has occurred.

a. within 24 hours

b. within 36 hours

c. within 48 hours

d. within 72 hours

d. within 72 hours

Registration of personal data processing systems operating in the country that involves accessing or requiring sensitive personal information of at least _____________ individuals, including the personal data processing system of contractors, and their personnel, entering into contracts with government agencies.

a. 250 d. 2,000

b. 500 e. 5,000

c. 1,000

c. 1,000

Unauthorized processing, negligent handling, or improper disposal of personal information under the Data Privacy Law is punishable with up to six (6) years imprisonment or up to ____ million pesos depending on the nature and degree of the violation.

a. 2 c. 4 e. 10

b. 3 d. 5

c. 4

It is act of disclosing to a third party personal information not covered by the immediately preceding section without the consent of the data subject.

a. malicious disclosure

b. personal disclosure

c. unauthorized disclosure

d. impeded disclosure

e. illegal disclosure

c. unauthorized disclosure

The year the Data Privacy Law took effect

a. 2010 d. 2013

b. 2011 e. 2014

c. 2012

c. 2012

It is the commission referred in the Data Privacy Act.

a. National Data Privacy Council

b. National Privacy Commission

c. National Information Privacy Commission

d. National Data Privacy Commission

b. National Privacy Commission

I. The Data Privacy Act applies to the processing of the personal information of Philippines citizens who must reside in the Philippines.

II. The law has no extraterritorial application.

a. Both statements are correct.

b. Both statements are incorrect.

c. Statement I is correct while statement II is incorrect.

d. Statement I is incorrect while statement II is correct.

b. Both statements are incorrect.

The Data Privacy Act does not apply to the following except:

a. Personal information processed for journalistic, artistic, literary or research purposes

b. Information about any individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual.

c. Information necessary in order to carry out the functions of public authority

d. Information processed by personal information controllers

d. Information processed by personal information controllers

The rights of the data subject include the following except:

a. Right to be informed

b. Right to damages

c. Right to object

d. None of the above

d. None of the above

The processing of personal data shall be allowed subject to adherence to the following principles except:

a. Transparency

b. Proportionality

c. Partiality

d. Legitimate Purpose

c. Partiality

Which of the following information is covered by the protection of Data Privacy Act?

a. Information about any individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual

b. Information about an individual who is or was performing service under contract for a government institution that relates to the services performed, including the terms of the contract, and the name of the individual given in the course of the performance of those services

c. Information about students enrolled in the College of Law or Graduate School

d. Information relating to any discretionary benefit of a financial nature such as the granting of a license or permit given by the government to an individual, including the name of the individual and the exact nature of the benefit

c. Information about students enrolled in the College of Law or Graduate School

Which of the following is considered a sensitive personal information?

a. Information about an individual’s religious affiliation

b. Information about an individual’s business or company affiliation

c. Individual’s display photo in his/her facebook and Instagram accounts

d. All of the above are sensitive personal information

a. Information about an individual’s religious affiliation

The data subject shall have the right, where personal information is processed by electronic means and in a structured and commonly used format, to obtain from the personal information controller a copy of data undergoing processing in an electronic or structured format, which is commonly used and allows for further use by the data subject is referred as?

a. Right to Erasure/Blocking

b. Right to Data Portability

c. Right to Access

d. Right to be Informed

b. Right to Data Portability