E-Commerce and Data Privacy Act Quiz

Questions and Answers

Which of the following is NOT a responsibility of the personal information processor?

• Conducting regular audits independently (correct)
• Assisting the personal information controller in compliance
• Informing the personal information controller of infringements
• Deleting personal data after service provision

What is required before a processor can engage another processor?

• Prior approval from the Commission
• Notification to data subjects about the engagement
• Written contract with the new processor
• Prior instruction from the personal information controller (correct)

What must be done to personal data at the end of processing services, according to the obligations?

• Return or delete all personal data (correct)
• Keep a copy for future processing
• Archive data for a certain period
• Share data with other processors

What does a personal information processor need to provide to demonstrate compliance?

All information necessary for the personal information controller (A)

What action should a personal information processor take if they believe an instruction violates the Act?

Immediately inform the personal information controller (A)

What is the primary purpose of the Electronic Commerce Act?

To establish legal recognition of electronic data messages. (A)

Which of the following defines 'Data Outsourcing' under the Data Privacy Act?

Transferring personal data for processing in compliance with documented instructions. (C)

What is a responsibility of a Personal Information Processor?

To impose confidentiality on authorized personnel. (A)

Which of the following is NOT a right of a data subject under the Data Privacy Act?

Right to monetary compensation for data processing. (A)

What is the primary scope of application of the Data Privacy Act?

Covers processing of personal data by both private and public sectors. (D)

What must companies ensure when processing personal data according to the Data Privacy Act?

Implement security measures and comply with the Act. (D)

Which of the following correctly describes 'Data Sharing'?

Transfer of data between parties that have their own reasons for processing. (B)

What is a key principle included in the Data Privacy Act?

Data processing should be done on a need-to-know basis. (D)

What is required for the sharing of an electronic key with another party?

Consensual agreement from the individual or entity in possession (D)

What characterizes the obligation of confidentiality regarding electronic keys?

It mandates that access obtained must not be conveyed to others (A)

Which is true about the legal recognition of electronic documents?

An electronic signature is equated to a handwritten signature (C)

According to the Best Evidence Rule, how can an electronic document be considered equivalent to an original?

If it is a printout that accurately reflects the data (B)

What is the role of an originator in the context of electronic documents?

A person by whom the electronic document is created or sent. (B)

What must be ensured for electronic documents to be admissible in legal proceedings?

They must comply with the Rules of Court and be authenticated (A)

Which of the following best defines an electronic data message?

Information generated and transmitted by electronic means. (C)

What does the Authentication of Evidence Rule require for an electronic document?

It must be digitally signed or authenticated through security measures (D)

What is a digital signature?

An electronic signature derived from a public cryptosystem. (B)

Which of the following statements about the obligation of confidentiality is false?

Sharing is allowed with approval from a third party (A)

Which of the following accurately reflects the role of an electronic key?

A secret code that defends sensitive information (D)

What characterizes ephemeral electronic communication?

Communications that are not retained after transmission. (B)

What is the primary function of a service provider in the context of electronic documents?

To provide technical means for storing and accessing documents. (B)

Which best describes an electronic signature?

A distinctive mark or characteristic representing a person's identity in electronic form. (A)

What does the principle of lawful access entail?

Only authorized individuals have access to electronic files based on their legal rights. (B)

What is the role of the National Privacy Commission?

To monitor and ensure compliance with international data protection standards (A)

What distinguishes an electronic document from other forms of communication?

It must represent information in a digital format. (B)

Which of the following is NOT considered a data subject's right?

To access private data without restrictions (A)

Which principle of data processing ensures that personal information is only collected for a legitimate purpose?

Legitimate purpose (A)

Under which circumstance is the processing of sensitive personal information permitted?

If data subject has consented to the processing (D)

What is an example of a factor that overrides the interests of the data controller?

Fundamental rights and freedoms of the data subject (D)

Which of the following terms refers to the individual whose personal information is processed?

Data Subject (B)

What does the principle of accountability entail in data processing?

Ensuring penalties for violations of data protection rules (B)

What must be demonstrated in order to lawfully process personal information?

Consent from the data subject (B)

Study Notes

Electronic Commerce Act (Republic Act No. 8792)

• Defines essential terms and principles underlying electronic commerce.
• Provides legal recognition for electronic data messages/documents, granting them the same validity as traditional documents.
• Covers both commercial and non-commercial uses of electronic transactions.

Key Terms

• Originator: Person who creates or sends an electronic document.
• Addressee: Intended recipient of the electronic message or document.
• Service Provider: Entity offering online services or technical means related to electronic documentation.

Electronic Documents and Messages

• Electronic Document: Represents information or rights created, transmitted, or stored electronically.
• Electronic Data Message: Information sent, received, or stored through electronic means.
• Digital Signature: A method to verify identity and authenticity of an electronic document using cryptographic techniques.

Legal Framework

• Equal legal effect for electronic documents and signatures as traditional paperwork.
• The principle of lawful access restricts unauthorized access to electronic files and keys.
• Confidentiality obligations prevent sharing of sensitive data obtained during processing.

Data Privacy Act (Republic Act No. 10173)

• Establishes definitions, scope, and principles regarding personal data protection.
• Emphasizes rules for processing personal data and implementing security measures.

Personal Information Processor Duties

• Processes data only per instructions from controllers, ensuring confidentiality and security.
• Required to assist controllers in compliance with legal obligations.
• Obligated to delete or return data upon service completion.

Data Outsourcing and Sharing

• Data Outsourcing: Transfer of personal data to process under controller's instructions without personal processing purposes.
• Data Sharing: Disclosure of personal data to third parties, where each party has independent reasons for processing.

Data Subject Rights

• Right to be informed about data processing, access personal data, and correct inaccuracies.
• Right to receive notifications on data breaches and accountability for data transfer issues.

National Privacy Commission

• Enforces compliance with data protection laws and international standards.
• Composed of a Privacy Commissioner and Deputy Commissioner for guidance and policy enforcement.

Principles of Data Processing

• Confidentiality: All personal data treated as confidential.
• Security: Information handled with transparency and for legitimate purposes.
• Accountability: Sets penalties for violations of data protection laws.

Exceptions for Processing Sensitive Data

• Processing permissible under conditions like consent, legal obligations, or emergencies.
• Exceptions must prioritize the fundamental rights of data subjects outlined in the Philippine Constitution.

Compliance and Registration

• Compliance with the Data Privacy Act mandates registration and adherence to stipulated requirements for data controllers and processors.

Description

Test your knowledge of the E-Commerce Act and the Data Privacy Act with this quiz. It covers essential definitions, principles, and applications relevant to electronic commerce and data privacy law. Understand how these laws apply to transactions and communication in the digital space.