Data Privacy Act RA 10173
4 Questions
3 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the purpose of RA No. 10173, the Data Privacy Act?

  • To protect the fundamental human right of privacy (correct)
  • To limit the flow of information
  • To promote innovation and growth
  • To enforce strict data regulations
  • Data Subject (DS) refers to an organization controlling personal information processing.

    False

    Personal information controller refers to a person or organization who __________ the collection, holding, processing, or use of personal information.

    controls

    Match the following Principles with their descriptions:

    <p>Proportionality = Adequate, relevant, suitable, necessary &amp; not excessive Legitimate Purpose = Compatible with the declared &amp; specified purpose Transparency = Data Subject (DS) must be aware of nature, purpose, &amp; extent of the processing of his Personal Data by the company</p> Signup and view all the answers

    Study Notes

    Data Privacy Act (RA No. 10173)

    Definition of Terms

    • Consent of the data subject: freely given, specific, informed indication of will
    • Data subject (DS): individual whose personal information is processed
    • Personal information controller: person or organization controlling collection, holding, processing, or use of personal information
    • Processing: any operation performed on personal information

    Coverage

    • All types of personal information
    • Natural or juridical persons involved in personal information processing
    • Exclusions:
      • Government institutions and employees
      • Discretionary benefits of a financial nature
      • Journalistic, artistic, literary, or research purposes
      • Banks and other financial institutions
      • Residents of foreign jurisdictions

    National Privacy Commission

    • Privacy commissioner (Chairman): enjoys benefits, privileges, and emoluments equivalent to the rank of secretary
    • Qualifications:
      • At least 35 years old
      • Good moral character
      • Recognized expert in IT and data privacy
    • Two (2) Deputy commissioners:
      • Data processing systems
      • Policies and planning

    Principles

    • Proportionality: adequate, relevant, suitable, necessary, and not excessive
    • Legitimate purpose: compatible with declared and specified purpose
    • Transparency: data subject must be aware of nature, purpose, and extent of processing

    Personal Information (PI)

    • Apparent, ascertained by entity, or would identify an individual
    • Criteria for lawful processing:
      • With consent
      • Related to fulfillment of a contract
      • For compliance with a legal obligation
      • To protect vital interest
      • For legitimate purposes
      • To respond to national emergency

    Sensitive Personal Information (SPI)

    • Race, ethnic origin, marital status, age, color, and religious, philosophical, or political beliefs
    • Health, education, genetic or sexual life, proceedings for an offense, and issued by government agencies
    • Criteria for lawful processing:
      • With consent
      • Provided for by existing law and regulation
      • Protect life and health of data subject or another
      • Achieve lawful and non-commercial objectives of public organizations and their associations
      • For purposes of medical treatment
      • Protection of lawful rights and interest of natural or legal persons

    Rights of the Data Subject

    • Informed consent
    • Complaints and damages
    • Retracted information accessible
    • Portability of data
    • Erasure
    • Access
    • Object

    Security Measures

    • Safeguards
    • Security policy
    • Identifying and assessing reasonable foreseeable vulnerabilities
    • Regular monitoring

    Unlawful Acts and Penalties

    • Unauthorized processing and access:
      • Imprisonment: 1-3 years (PI), 3-6 years (SPI)
      • Fine: 500,000 - 2,000,000 (PI), 500,000 - 4,000,000 (SPI)
    • Improper disposal:
      • Imprisonment: 6 months - 2 years (PI), 1-3 years (SPI)
      • Fine: 100,000 - 500,000 (PI), 100,000 - 1,000,000 (SPI)
    • Intentional breach:
      • Imprisonment: 1-3 years
      • Fine: 500,000 - 2,000,000
    • Processing of unauthorized process:
      • Imprisonment: 1-5 years (PI), 2-7 years (SPI)
      • Fine: 500,000 - 1,000,000 (PI), 500,000 - 2,000,000 (SPI)
    • Concealment or malicious:
      • Imprisonment: 1.5-5 years
      • Fine: 500,000 - 1,000,000
    • Unauthorized disclosure:
      • Imprisonment: 1-3 years (PI), 3-5 years (SPI)
      • Fine: 500,000 - 1,000,000 (PI), 500,000 - 2,000,000 (SPI)
    • Combination or series of acts:
      • Imprisonment: 3-6 years
      • Fine: 1,000,000 - 5,000,000

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Data Privacy Act Notes PDF

    Description

    Learn about the Data Privacy Act of 2012, a Philippine law that protects the fundamental human right of privacy in communication while ensuring the free flow of information. This quiz covers the key concepts and principles of RA No. 10173.

    More Like This

    Data Privacy Act of 2012 Quiz
    10 questions

    Data Privacy Act of 2012 Quiz

    GroundbreakingHeliotrope7668 avatar
    GroundbreakingHeliotrope7668
    Philippine Data Privacy Act 2012
    15 questions

    Philippine Data Privacy Act 2012

    FlexibleRhinoceros3646 avatar
    FlexibleRhinoceros3646
    Data Privacy Act of 2012 Quiz
    29 questions
    Use Quizgecko on...
    Browser
    Browser