Podcast
Questions and Answers
What is the purpose of RA No. 10173, the Data Privacy Act?
What is the purpose of RA No. 10173, the Data Privacy Act?
Data Subject (DS) refers to an organization controlling personal information processing.
Data Subject (DS) refers to an organization controlling personal information processing.
False
Personal information controller refers to a person or organization who __________ the collection, holding, processing, or use of personal information.
Personal information controller refers to a person or organization who __________ the collection, holding, processing, or use of personal information.
controls
Match the following Principles with their descriptions:
Match the following Principles with their descriptions:
Signup and view all the answers
Study Notes
Data Privacy Act (RA No. 10173)
Definition of Terms
- Consent of the data subject: freely given, specific, informed indication of will
- Data subject (DS): individual whose personal information is processed
- Personal information controller: person or organization controlling collection, holding, processing, or use of personal information
- Processing: any operation performed on personal information
Coverage
- All types of personal information
- Natural or juridical persons involved in personal information processing
- Exclusions:
- Government institutions and employees
- Discretionary benefits of a financial nature
- Journalistic, artistic, literary, or research purposes
- Banks and other financial institutions
- Residents of foreign jurisdictions
National Privacy Commission
- Privacy commissioner (Chairman): enjoys benefits, privileges, and emoluments equivalent to the rank of secretary
- Qualifications:
- At least 35 years old
- Good moral character
- Recognized expert in IT and data privacy
- Two (2) Deputy commissioners:
- Data processing systems
- Policies and planning
Principles
- Proportionality: adequate, relevant, suitable, necessary, and not excessive
- Legitimate purpose: compatible with declared and specified purpose
- Transparency: data subject must be aware of nature, purpose, and extent of processing
Personal Information (PI)
- Apparent, ascertained by entity, or would identify an individual
- Criteria for lawful processing:
- With consent
- Related to fulfillment of a contract
- For compliance with a legal obligation
- To protect vital interest
- For legitimate purposes
- To respond to national emergency
Sensitive Personal Information (SPI)
- Race, ethnic origin, marital status, age, color, and religious, philosophical, or political beliefs
- Health, education, genetic or sexual life, proceedings for an offense, and issued by government agencies
- Criteria for lawful processing:
- With consent
- Provided for by existing law and regulation
- Protect life and health of data subject or another
- Achieve lawful and non-commercial objectives of public organizations and their associations
- For purposes of medical treatment
- Protection of lawful rights and interest of natural or legal persons
Rights of the Data Subject
- Informed consent
- Complaints and damages
- Retracted information accessible
- Portability of data
- Erasure
- Access
- Object
Security Measures
- Safeguards
- Security policy
- Identifying and assessing reasonable foreseeable vulnerabilities
- Regular monitoring
Unlawful Acts and Penalties
- Unauthorized processing and access:
- Imprisonment: 1-3 years (PI), 3-6 years (SPI)
- Fine: 500,000 - 2,000,000 (PI), 500,000 - 4,000,000 (SPI)
- Improper disposal:
- Imprisonment: 6 months - 2 years (PI), 1-3 years (SPI)
- Fine: 100,000 - 500,000 (PI), 100,000 - 1,000,000 (SPI)
- Intentional breach:
- Imprisonment: 1-3 years
- Fine: 500,000 - 2,000,000
- Processing of unauthorized process:
- Imprisonment: 1-5 years (PI), 2-7 years (SPI)
- Fine: 500,000 - 1,000,000 (PI), 500,000 - 2,000,000 (SPI)
- Concealment or malicious:
- Imprisonment: 1.5-5 years
- Fine: 500,000 - 1,000,000
- Unauthorized disclosure:
- Imprisonment: 1-3 years (PI), 3-5 years (SPI)
- Fine: 500,000 - 1,000,000 (PI), 500,000 - 2,000,000 (SPI)
- Combination or series of acts:
- Imprisonment: 3-6 years
- Fine: 1,000,000 - 5,000,000
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Learn about the Data Privacy Act of 2012, a Philippine law that protects the fundamental human right of privacy in communication while ensuring the free flow of information. This quiz covers the key concepts and principles of RA No. 10173.