Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

3F Rflib Dpa MCQ

Download as pdf or txt
Download as pdf or txt
You are on page 1of 5

RFLIB DATA PRIVACY ACT (R.A.

10173)
Study online at https://quizlet.com/_f5bvul

1. Commission shall refer to the National Privacy Commission created by


virtue of this Act.

2. Consent of the refers to any freely given, specific, informed indication of


data subject will, whereby the data subject agrees to the collection and
processing of personal information about and/or relating
to him or her.

3. Consent shall be evidenced by written, electronic or recorded


means. It may also be given on behalf of the data subject
by an agent specifically authorized by the data subject to
do so.

4. Data subject refers to an individual whose personal information is


processed

5. Direct marketing refers to communication by whatever means of any adver-


tising or marketing
material which is directed to particular individuals.

6. Filing system refers to any act of information relating to natural or ju-


ridical persons to the extent that, although the information
is not processed by equipment operating automatically
in response to instructions given for that purpose, the
set is structured, either by reference to individuals or by
reference to criteria relating to individuals, in such a way
that specific information relating to a particular person is
readily accessible.

7. National Priva- an independent body created under Republic Act No.


cy Commission 10173 or the Data Privacy Act of 2012, mandated to
("NPC") administer and implement the provisions of the Act, and
to monitor and ensure compliance of the country with
international standards set for data protection.

8. When Data Priva- —It must involve any processing of personal information.
cy Act is APPLIC- —By either natural or juridical persons
ABLE —Whether or not found in the Philippines that uses equip-
ment or maintains an office, branch or

1/5
RFLIB DATA PRIVACY ACT (R.A. 10173)
Study online at https://quizlet.com/_f5bvul
agency in the Philippines.
—Either acting as a controller or processor

9. When Data Priva- —Officer or employee of a government institution.


cy Act is NOT AP- —Performing service under contract for a government
PLICABLE institution.
—Granting of a license or permit given by the government.
—Journalistic, artistic, literary or research purposes.
—Necessary in order to carry out the functions of public
authority.
—Information necessary for banks and other financial in-
stitutions.
—Originally collected from residents of foreign jurisdic-
tions.

10. No amendment which affords the publishers, editors or duly accredited re-
or repeal of Re- porters of any newspaper, magazine or periodical of gen-
public Act No. 53 eral circulation protection from being compelled to reveal
the source of any news report or information appearing
in said publication which was related in any confidence to
such publisher, editor, or reporter.

11. Extraterritorial The Data Privacy Act applies to entities processing per-
Application sonal information about Philippine citizens or residents,
both within and outside the Philippines, if they have a link
to the country, have business in the Philippines, or have
access to personal information.

12. privileged infor- refers to any and all forms of data which under the Rules
mation of Court and other pertinent laws constitute privileged
communication.

13. sensitive person- information that are about:


al information —Race, ethnic origin, marital status, age, color, and reli-
gious, philosophical or political affiliations.
—Health, education, genetic or sexual life of a person.
—Issued by government agencies peculiar to an individ-
ual.
—Specifically established by an executive order or an act
of congress to be kept classified.
2/5
RFLIB DATA PRIVACY ACT (R.A. 10173)
Study online at https://quizlet.com/_f5bvul

14. prohibited general rule on processing of personal information

15. exception on pro- —Consent


cessing of per- —Provided for by existing laws and regulations.
sonal informa- —Necessary to protect life and health.
tion —Necessary to achieve the lawful and noncommercial
objectives of public organizations and
their associations.
—Necessary for purposes of medical treatment
—Necessary for the protection of lawful rights and inter-
ests

16. Subcontract of —responsible for ensuring that proper safeguards.


Personal Infor- —prevent its use for unauthorized purposes.
mation

17. Rights of Data —Right to be Informed


Subject —Right to be Furnished the information indicated
—Right to Reasonable Access
—Right to Dispute inaccuracy or error
—Right to Suspend, Withdraw, Order Blocking, Removal
or Destruction of personal information.
—Right to be Indemnified for any damages
—Right to Data Portability

18. Lawful heirs and ________________ and ___________ of data subject


assigns may invoke these rights if data subject is incapacitated.

19. Right to Data data subjects have the right to obtain an electronic copy
Portability of the information.

20. NON-APPLICA- These rights are __________________________ if it is


BLE used only for the needs of scientific and statistical re-
search provided there is strict confidentiality.

21. personal infor- must implement reasonable and appropriate organiza-


mation controller tional, physical and technical measures intended for the
protection of personal information against any accidental

3/5
RFLIB DATA PRIVACY ACT (R.A. 10173)
Study online at https://quizlet.com/_f5bvul
or unlawful destruction, alteration and disclosure, as well
as against any other unlawful processing.

22. personal infor- shall implement reasonable and appropriate measures to


mation controller protect personal information against natural dangers such
as accidental loss or destruction, and human dangers
such as unlawful access, fraudulent misuse, unlawful de-
struction, alteration and contamination.

23. determination of must take into account (1) the nature of the personal in-
the appropriate formation to be protected, (2) the risks represented by the
level of security processing, (3) the size of the organization and complexity
of its operations, (4) current data privacy best practices
and (5) the cost of security implementation.

24. personal infor- must further ensure that third parties processing personal
mation controller information on its behalf shall implement the security mea-
sures required by this provision.

25. employees, shall operate and hold personal information under strict
agents or confidentiality if the personal information is not intended
representatives for public disclosure. This obligation shall continue even
of a personal after leaving the public service, transfer to another po-
information sition or upon termination of employment or contractual
controller who relations.
are involved in
the processing
of personal
information

26. personal infor- shall promptly notify the Commission and affected data
mation controller subjects when sensitive personal information or other in-
formation that may, under the circumstances, be used to
enable identity fraud are reasonably believed to have been
acquired by an unauthorized person, and the personal
information controller or the Commission believes that
such unauthorized acquisition is likely to give rise to a real
risk of serious harm to any affected data subject.

27.
4/5
RFLIB DATA PRIVACY ACT (R.A. 10173)
Study online at https://quizlet.com/_f5bvul
Notification to shall at least describe the nature of the breach, the sensi-
the Commission tive personal information possibly involved, and the mea-
sures taken by the entity to address the breach.

28. 72 hours If there is likelihood of risk to individuals, the data proces-


sor must report data breaches within ______________.

29. Principle of Ac- Each personal information controller is responsible for


countability personal information under its control or custody, including
information that have been transferred to a third party for
processing, whether domestically or internationally, sub-
ject to cross-border arrangement and cooperation.

30. personal infor- accountable for complying with the requirements of the
mation controller Data Privacy Act and shall use contractual or other rea-
sonable means to provide a comparable level of protection
while the information is being processed by a third party.

31. Data Protection The personal information controller shall designate an


Officer individual or individuals who are accountable for the or-
ganization's compliance with the Data Privacy Act. The
identity of the individual(s) so designated shall be made
known to any data subject upon request.

32. Responsibility of All sensitive personal information maintained by the gov-


Heads of Agen- ernment, its agencies and instrumentalities shall be se-
cies cured, as far as practicable, with the use of the most
appropriate standard recognized by the information and
communications technology industry, and as recommend-
ed by the Commission.

33. head of each gov- shall be responsible for complying with the security re-
ernment agency quirements mentioned while the Commission shall mon-
or instrumentali- itor the compliance and may recommend the necessary
ty action in order to satisfy the minimum standards.

5/5

You might also like