Cybercrime Prevention Act of 2012 Quiz

Questions and Answers

According to the Cybercrime Prevention Act of 2012, which of the following is NOT included as a type of cybercrime?

• Computer-related offenses
• Content-related offenses
• Offenses against the confidentiality, integrity, and availability of computer data and systems
• Offenses related to copyright infringement (correct)

Which of the following scenarios would fall under the jurisdiction of the Cybercrime Prevention Act of 2012?

• A Filipino national commits a cybercrime in another country.
• A foreign national commits a cybercrime in the Philippines using a computer located in another country.
• A Filipino national commits a cybercrime in the Philippines but the victim resides in another country.
• All of the above. (correct)

What does CIA stand for in the context of cybercrime?

• Cybersecurity, Intelligence, and Analytics
• Confidentiality, Integrity, and Availability (correct)
• Communication, Information, and Accessibility
• Communication, Integrity, and Access

Which of the following is NOT a communication technology cited in the definition of cybercrime in the Cybercrime Prevention Act of 2012?

Satellite Phone (D)

According to the Cybercrime Prevention Act of 2012, a Filipino national who commits a cybercrime in another country can be charged with a violation of the Act.

True (B)

Based on the text, which of the following statements is true regarding the jurisdiction of RA 10175?

RA 10175 applies to crimes committed by Filipino nationals regardless of location. (B)

What is the main purpose of the Cybercrime Prevention Act of 2012?

To punish cybercrime offenses. (A)

Which of the following is an example of a computer-related offense, as defined in the Cybercrime Prevention Act of 2012?

All of the above. (D)

What is the key difference between computer-related forgery and computer-related fraud, according to the text?

Forgery involves altering data without authorization, while fraud involves causing damage with intent to gain. (D)

Which of the following could be considered an example of computer-related forgery, as defined in the text?

Changing a website's appearance to make it look like a different company's. (D)

What was Mike Rowe's apparent reason for giving away his website?

He felt overwhelmed by the legal implications and costs. (D)

What example is provided in the text to illustrate computer-related fraud?

Hacking into a bank's database to increase an account balance. (C)

What is the significance of the iSLU portal example in the context of the Cybercrime Prevention Act of 2012?

It explains the difference between fraud and forgery in real-world scenarios. (A)

What can be inferred about the potential consequences of committing computer-related fraud?

The potential consequences can be severe, including legal charges and financial repercussions. (B)

Why is the Reddit thread mentioning Mike Rowe significant in the context of the content?

It supports the idea that Mike Rowe gave away his website due to stress and financial constraints. (C)

Which of the following is NOT specifically mentioned as a type of computer-related offense in the Cybercrime Prevention Act of 2012?

Computer-Related Malicious Mischief (A)

Which of the following actions is NOT considered a prohibited act under the Data Privacy Act (R.A. 10173)?

Accessing and retrieving personal information from a secure database for legitimate business purposes. (A)

What is the main characteristic of 'Improper disposal of (sensitive) personal information' as a prohibited act?

Neglecting to properly secure sensitive personal information, making it accessible to unauthorized individuals. (C)

What differentiates 'Unauthorized access or intentional breach' from 'Malicious disclosure' as prohibited acts under the Data Privacy Act?

Unauthorized access involves gaining access to sensitive information without permission, while malicious disclosure involves intentionally spreading false information about individuals. (A)

Which of the following scenarios BEST exemplifies 'Processing of personal information and sensitive personal information for unauthorized purposes'?

A company uses customer data to personalize marketing campaigns without their explicit consent. (B)

Which of the following is NOT explicitly mentioned as a prohibited act under the Data Privacy Act (R.A. 10173) based on the provided text?

Collecting personal information without disclosing the purpose of collection to the data subject. (C)

Why is a handwritten signature not considered sensitive personal information?

Signatures alone do not provide sufficient information to identify an individual. (C)

Which of the following is considered personal information only when combined with other data?

All of the above (D)

What is the primary reason why birthdays are not considered sensitive personal information on their own?

Birthdays are often shared by large groups of people. (C)

When is it considered "unauthorized processing" of personal information?

All of the above (D)

Why could an IP address alone not be used to identify a person?

Multiple individuals may share the same computer or server, using the same IP address. (C)

What is the primary focus of the Data Privacy Act in relation to personal information?

Protecting personal information from unauthorized access, use, and disclosure. (C)

How does the text define "sensitive personal information"?

Information that is specifically protected by law due to its sensitive nature. (B)

What is considered "negligence" in accessing personal information?

Accessing personal information without following proper security protocols and safeguards. (A)

Which of these rights does the content provided not explicitly describe?

Right to erasure (A)

Under what circumstances can an individual be denied the right to object to the processing of their personal data?

When the data is needed for a court subpoena (C)

Which right allows an individual to obtain a copy of their data being processed?

Right to access (D)

What is the timeframe for informing an individual about the processing of their data?

Prior to data entry or at the first practical opportunity (A)

What is the primary purpose of the right to rectification?

To ensure the accuracy and correctness of personal data (C)

In what situation does an individual have the right to withhold consent to the processing of their personal data?

When there are changes or amendments to the provided information (B)

What information is an individual entitled to receive when exercising their 'right to access'?

All of the above (D)

What is the primary difference between the 'right to object' and the 'right to be informed'?

The right to object allows individuals to prevent the processing of their data (D)

What is the primary objective of the Data Privacy Act of 2012?

To balance individual privacy rights with the free flow of information. (A)

Which of these is NOT a specific data processing activity regulated by the Data Privacy Act?

Creation of new personal data records. (A)

Who is considered the 'Personal Information Controller' under the Data Privacy Act?

The individual or entity that decides the purpose and use of personal data. (D)

What is the significance of 'Consent' under the Data Privacy Act?

It confirms that personal data has been collected legally and ethically. (D)

Which scenario BEST describes a 'Breach' as defined in the Data Privacy Act?

A company accidentally publishes a list of customer names and addresses on its website. (A)

What is the role of the 'Personal Information Processor' in the context of the Data Privacy Act?

They process personal data on behalf of a Personal Information Controller. (B)

Which of these elements must be included when obtaining consent for data processing under the Data Privacy Act?

The purpose, nature, and extent of the processing of personal data. (B)

Which statement BEST reflects the Data Privacy Act's aim regarding international standards for data protection?

It ensures that Filipino data protection laws are aligned with international standards. (A)

Flashcards

Data Privacy Act

A law protecting individual privacy while allowing data flow for innovation.

Personal Information Controller

Entity deciding how to use personal data.

Personal Information Processor

Individual/entity that processes data for a controller, not for their own needs.

Consent

Agreement by a data subject for data collection and processing, detailing purpose, duration, and rights.

Breach

A security incident involving unauthorized processing of data, compromising its confidentiality and integrity.

Collection

The act of gathering personal data.

Processing

Actions taken on collected data, including storage and retrieval.

International Standards for Data Protection

Global benchmarks that ensure data protection practices meet universal criteria.

Data/System Interference

Interference with data leading to unauthorized changes or actions.

MikeRoweSoft Incident

A case where Mike Rowe gave away a website in exchange for an XBOX.

Computer-Related Forgery

Input or alteration of computer data to create inauthentic data for legal use.

Example of Forgery

Hacking to change a grade from 65 to 95 without monetary gain.

Computer-Related Fraud

Unauthorized alteration of data causing damage with fraudulent intent.

Example of Fraud

Hacking a bank to inflate account balance from Php 500 to Php 5,000.

Legal Classification

Distinction between forgery and fraud based on the presence of monetary value.

Cybercrime Prevention Act of 2012

Law governing computer-related offenses including forgery and fraud.

Cybercrime

A crime committed using information and communication technologies.

CIA in Cybersecurity

Refers to Confidentiality, Integrity, and Availability of data.

Types of Cybercrimes

Includes offenses against CIA, computer-related, and content-related offenses.

Jurisdiction of RA 10175

Applies to offenses by Filipinos anywhere or crimes affecting Phil. residents.

Offenses against CIA

Crimes that compromise the confidentiality, integrity, or availability of data.

Computer-related offenses

Crimes that involve a computer as a target or tool.

Content-related offenses

Crimes that target illegal content such as hate speech, fraud, etc.

Infringements of Copyright

Offenses related to the unauthorized use of copyrighted material.

Right to be Informed

Right to know if personal data is processed, including automated decision-making.

Disclosure Timing

Notice must be given prior to or immediately after data entry into the system.

Right to Object

Right to refuse processing of personal data for direct marketing or profiling.

Consent Withdrawal

Opportunity to withhold consent if there are changes in data processing.

Exceptions to Right to Object

Conditions under which you cannot refuse data processing include court subpoenas or contract needs.

Right to Access

Right to know if any personal data about you exists and obtain further details on its processing.

Personal Information Controller (PIC)

Entity that holds and processes personal data and must provide access to it upon request.

Right to Rectification

Right to correct any inaccuracies in the personal data held about you.

Improper Disposal

Negligently discarding sensitive personal information publicly.

Unauthorized Processing

Processing personal data for purposes not authorized by the subject.

Unauthorized Access

Knowingly violating data confidentiality and security systems.

Malicious Disclosure

Disclosing false information about someone’s sensitive data with bad intent.

Negligence in Data Management

Failing to protect sensitive data leading to unauthorized access.

Handwritten Signatures

Not sensitive unless used to identify an individual.

Sensitive Personal Information

Data that can directly identify an individual when combined with other data.

Username Identification

Usernames like 'iloveyou3000' don't identify individuals without more info.

IP Address Limitations

IP addresses alone cannot uniquely identify individuals due to shared devices.

Birthday as Personal Info

Birthdays alone can't distinguish individuals due to common dates.

Negligence in Data Access

Failing to protect personal data leading to unauthorized access is prohibited.

Data Combination Importance

Multiple data pieces are needed to identify individuals effectively.

Study Notes

Cybercrime Laws in the Philippines

• The Philippines has laws addressing cybercrime, including the Philippine E-Commerce Act of 2000 (Republic Act 8792) and the Cybercrime Prevention Act of 2012 (Republic Act 10175).

Brief Retrospective View

• The ILOVEYOU worm, created in 2000 by Onel De Guzman, caused significant damage across the globe, affecting U.S. officials and other institutions.
• This incident exposed the lack of pre-existing cybercrime laws in the Philippines.

The ILOVEYOU Worm

• Onel De Guzman created a worm that spread through email attachments.
• The worm activated a code that instructed recipients to forward the email to their contacts.
• The worm's spread significantly affected global email accounts.
• Estimated damages reached 10 billion USD.

Guide Questions

• Q 1.1: Onel De Guzman's actions were considered illegal because there were no pre-existing laws in the Philippines concerning cybercrimes at that time.

Philippine E-Commerce Act of 2000 (Republic Act 8792)

• This act recognized and regulated electronic commercial and non-commercial transactions and documents.
• The act is used in the Philippines to address harmful activities caused by individuals who misuse electronic devices.
• It also established penalties for the unlawful use of technology and internet data.

Important Provisions of R.A. 8792

• Chapter II, Section 6: Legal Recognition of Data Messages, established that data messages do not lose their validity simply because they're in electronic form .
• Chapter II, Section 7: Legal Recognition of Electronic Documents, established that electronic documents hold the same legal weight as printed documents.

Prohibited Acts: Hacking

• Hacking/Cracking involves unauthorized access, alteration, or destruction of computer systems.
• Any access done with the intention of corrupting, altering, stealing, or destroying data systems without the owner's consent is illegal.

Prohibited Acts: Piracy

• Piracy is the unauthorized copying, reproduction, storage, uploading, downloading, or broadcasting of protected material using telecommunication networks such as the internet, infringing intellectual property rights.

Penalties

• The minimum fine for cybercrimes is Php 100,000.00.
• The maximum fine is commensurate with the damage incurred.
• Mandatory imprisonment ranges from 6 months to 3 years.

Guide Questions: R.A. 8792 and R.A. 10175

• Connecting to an open WiFi network (with no password) without the owner's consent is illegal under RA 10175, even if there's no direct intent to harm.

Cybercrime Prevention Act of 2012 (R.A. 10175)

• R.A. 10175 is the comprehensive cybercrime law in the Philippines.
• The Act established sufficient powers to effectively prevent and combat cybercrime offences.

Important Definitions

• Personal Information Controller: The individual, corporation, or body deciding how personal data is handled.
• Personal Information Processor: The entity or person processing personal data for the controller.

Three Types of Cybercrimes

• Offenses Against Confidentiality, Integrity, and Availability (CIA) of computer data and systems
• Computer-related offenses
• Content-related offenses

Cybercrime Prevention Act of 2012 (R.A. 10175): Jurisdiction

• Any violation committed by a Filipino national, regardless of the place of commission, is punishable under this law.
• Criminal acts committed within or involving the Philippines using any computer system, wholly or partially situated in the country, are also punishable.
• If damage is caused to a natural or juridical person located in the Philippines due to a cybercrime, anyone responsible for the offense is liable.

Cybercrime Prevention Act of 2012 (R.A. 10175): Jurisdiction Explanation

• If a Filipino commits a crime anywhere in the world, Philippine law can pursue action against them.
• Any part of a cybercrime that takes place in the Philippines subjects it to the law and the law enforcers.
• If a person is a victim of a cybercrime within the Philippines, whoever perpetrated the crime can be held liable.

Cybercrime Prevention Act of 2012 (R.A. 10175): Illegal Access

• Unlawful access to any computer or part of a computer system is illegal without consent from the owner.

Cybercrime Prevention Act of 2012 (R.A. 10175): Data Interference

• Reckless alteration, damaging, deletion, or deterioration of data or programs is illegal.

Cybercrime Prevention Act of 2012 (R.A. 10175) :System Interference

• Reckless interference with a computer or network is illegal.

Example of Data/System Interference: Cryptojacking or Cryptomining Malware

• Software programs and malware that use a computer's resources for cryptocurrency mining without consent.

Example of Data/System Interference: Website Defacing

• Unauthorized modification of websites to include malicious content.

Cybercrime Prevention Act of 2012 (R.A. 10175): Misuse of Devices

• Unauthorized use, production, sale, procurement, distribution of devices, including passwords, for criminal purposes can result in legal action.

Example of Data/System Interference: Use of Skimming Devices/Keyloggers

• Devices used to collect personal information without consent, including credit/debit card details, passwords.
• Involving surveillance, a security breach in the process of taking people's accounts and information.

Cybercrime Prevention Act of 2012 (R.A. 10175): Cyber-Squatting

• Acquiring a domain name with bad faith to profit, mislead, or damage another's reputation.

Example of Data/System Interference: MikeRoweSoft

• Case where a student was legally challenged for using an existing trademark in his (website's domain name).

Cybercrime Prevention Act of 2012 (R.A. 10175): Computer-Related Forgery

• Creating inaccurate data in computer systems with the intent of misrepresentation.

Cybercrime Prevention Act of 2012 (R.A. 10175): Computer-Related Fraud

• Unauthorized actions affecting computer data or systems with the intent to cause a financial loss.

Example of Computer-Related Fraud

• Changing account balances or asking for prepaid loads with deceptive intent to defraud or steal money.

Cybercrime Prevention Act of 2012 (R.A. 10175): Computer-Related Identity Theft

• Acquiring or misusing another person's identifying information.

Example of Computer-Related Identity Theft

• Creating fake profiles for malicious intentions like fraud, theft, or harassment.

Cybercrime Prevention Act of 2012 (R.A. 10175): Cybersex

• Creating and/or engaging in the illegal transfer or recording of harmful/sexual activity using computer systems.

Guide Questions: R.A. 10175

• Consent-based recording of sexual activity is not considered cybersex.
• Sharing photos taken with consent does not violate the act.

Cybercrime Prevention Act of 2012 (R.A. 10175): Child Pornography

• Creating, distributing, or showcasing any content that depicts children engaging in sexual activity.

Guide Questions

• "Hentai" clips, unless explicitly featuring minors, are not considered a violation.

Cybercrime Prevention Act of 2012 (R.A. 10175): Online Libel

• Online libel involves making false, malicious statements or postings that harm another person's reputation.

Online Libel: Elements

• False accusation
• Published statement
• Specific person harmed
• Malicious intent

Guide Questions: R.A. 10175: Libel

• Liking/reacting to a post without actively making claims against a person is not a violation of online libel.
• Sharing a post that contains libel does not make the sharer liable.
• Comments such as "OO NGA!" or similar statements, without additional malicious intent, do not constitute a violation.

Data Privacy Act of 2012 (R.A. 10173)

• The act protects individuals' personal information with rules regarding collection and processing.

Important Principles

• Transparency: Data subjects have a right to understand how their data is being handled.
• Legitimate Purpose: Data collection must align with specific, explicit, and legal reasons.
• Proportionality: Data processing should be limited to essential information.

Processing Sensitive Personal Information

• Consent is needed.
• Processing is related to contract fulfillment.
• Processing supports compliance with legal obligations.
• Processing protects vital interests, such as health or safety.

Rights of the Data Subject

• Right to be informed
• Right to object
• Right to access
• Right to rectification
• Right to erasure or blocking
• Right to damages
• Right to data portability
• Right to file a complaint

Notable Cases and Questions

• Zulueta v. C.A. (1996): Highlighting that the right to privacy remains even within marriage.
• Hing v. Choachuy (2013): Surveillance cameras installed on property without consent can be considered a breach of privacy.

Reasonable Expectation of Privacy

• Situations where individuals expect their private area, like a bathroom or fitting room, or personal actions will remain private.

Punishable Acts (R.A. 9995)

• Unauthorized photographic or video recording of private areas or sexual activity.
• Copying, distribution, or publication of such recordings without consent. (Photo and Video Voyeurism Act of 2009)

Punishable Acts (R.A. 10173)

• Unauthorized processing, access, or disclosure of personal information.
• Improper storage, management or disposal of personal information.