Data Privacy

Questions and Answers

What does the right to data portability allow individuals to do?

• Transfer their personal data across different services. (correct)
• Limit the use of their data to a single service.
• Delete their personal data from all services.
• Access their personal data without restrictions.

Which of the following rights allows individuals to access information provided to a data controller?

• Right to Object
• Right to Erasure
• Right to be Informed
• Right to Access (correct)

Which principle emphasizes the need for fairness and lawfulness in processing personal data?

• Security
• Proportionality
• Transparency (correct)
• Legitimate Purpose

Which right allows individuals to object to the processing of their personal data?

Right to Object (D)

What does the right to erasure enable individuals to do?

Request deletion of their personal data. (B)

What is the 'proportionality' principle related to data processing?

Data processing should match the purpose of data collection. (C)

Which right allows individuals to file complaints regarding data processing activities?

Right to File a Complaint (A)

Which right is specifically about receiving notifications about data processing?

Right to be Informed (B)

What limitation is placed on the right to data portability?

It only applies to information provided by the individual to a controller. (C)

How does the principle of 'legitimate purpose' function in data processing?

Data processing must serve a recognized legal objective. (D)

What must a data subject be informed about regarding their personal data?

The existence of their rights as a data subject (D)

In which scenarios do healthcare professionals view data privacy concerns?

In both in-patient and out-patient scenarios (A)

What is the primary challenge associated with data privacy in healthcare?

Maintaining patient confidentiality while ensuring data is readily accessible (D)

Which of the following describes methods used for automated access to patient data?

Technological systems designed for data retrieval (C)

Who is regarded as the data controller in a healthcare setting?

The organization responsible for managing the data (A)

What can an individual claim compensation for?

Suffering damages due to inaccurate or unlawfully obtained personal data (B)

Who can file a complaint about the misuse of personal information?

Anyone whose personal information has been compromised (C)

What is a primary responsibility of the data controller?

To control, review, and aggregate web analytics data (D)

What is the right to rectify concerning personal data?

The right to dispute and correct inaccuracies in one’s data (A)

What category does the data processor belong to?

An entity responsible for processing personal data under the controller's direction (D)

Under what condition can one claim damages related to personal data?

If there were issues with data accuracy or legality (C)

What is a key restriction on the holding of personal information?

It must be kept confidential and for declared purposes only (D)

What constitutes a valid reason for filing a complaint?

Misuse, malicious disclosure, or improper disposal of personal information (B)

Which of the following is not an obligation of the data controller?

To market personal data to external organizations (D)

What is the main focus of the rights granted to the data subjects?

To ensure personal data is used for legitimate purposes only (C)

What is one risk associated with sharing personal data on social media?

Potential misuse for profiling (D)

What does the Right to Data Portability allow individuals to do?

Transfer their data between services (C)

What is required before personal data can be collected or processed?

User's explicit consent (D)

What right allows individuals to know how their data is being used?

Right to Access (A)

What potential impact can compromised personal data have?

It may affect finances (A)

Which of the following represents a misuse of personal data?

Sharing data with companies without consent (A)

What does the principle of proportionality require regarding the processing of personal information?

It must be relevant and not exceed the declared purpose. (C)

What legislative act governs data privacy in the Philippines?

Republic Act No. 10173 (B)

What does the term 'direct marketing' refer to in the context of personal data use?

Using customer data for targeted promotions (C)

What is one of the main causes of healthcare data breaches?

Failures to upgrade cyberspace quickly. (D)

How does personal patient information relate to criminal exploitation?

It is valuable for criminals to exploit. (D)

In research, personal information must be held under what condition?

It is stored under strict confidentiality. (B)

What is the declared purpose for collecting personal data in healthcare?

For direct marketing and research. (B)

Why is the processing of personal information significant in the healthcare setting?

It helps reduce mistakes and provide better care. (B)

What percentage of healthcare data breaches are attributed to cybercrime?

51% (D)

How does the trend towards digital record-keeping affect healthcare?

It allows for easier sharing of information. (B)

Which of the following would not align with the principle of proportionality?

Collecting excessive personal information irrelevant to its purpose. (B)

What is essential for ensuring compliance with the principle of proportionality?

Regularly reviewing data collection practices. (B)

Flashcards are hidden until you start studying

Study Notes

Introduction to Data Privacy

• Technological advancements improve communication but raise concerns over personal data privacy.
• Data privacy breaches can significantly impact personal, social, and financial aspects of life.
• Individuals often share personal information on social media, potentially leading to misuse.

Data Privacy Act of 2012 (RA No. 10173)

• Enacted by the Congress of the Philippines to protect personal information.
• Explicit consent is required before collecting, processing, or storing personal data.

Data Subject’s Rights

• Right to be Informed: Individuals must be informed about the collection and processing of their data.
• Right to Access: Individuals can access their personal data and understand how it is processed.
• Right to Object: Individuals can oppose the processing of their data under certain circumstances.
• Right to Erasure and Blocking: Individuals can request the deletion of their personal data.
• Right to Damages: Compensation is available for damages caused by incorrect or unlawfully used personal data.
• Right to File a Complaint: Individuals can file complaints if their personal data is misused or disclosed improperly.
• Right to Rectify: Individuals can correct any inaccuracies in their personal data.
• Right to Data Portability: Facilitates the easy transfer and use of personal data across different services.

Principles of Data Processing

• Transparency: Individuals must be informed about the data processing activities involving their personal data.
• Legitimate Purpose: Personal data processing should serve a clear and legitimate purpose.
• Proportionality: Collected data must be relevant and not exceed the intended purpose.

Healthcare Industry Context

• Cybersecurity is a growing concern in healthcare, with over 51% of data breaches occurring in this sector.
• Common breaches arise from:
  • Failure to Upgrade Systems: Healthcare organizations lag in cybersecurity improvements compared to other sectors.
  • Valuable Patient Information: Criminals target personal patient data for exploitation.

Responsibilities in Data Handling

• Personal data handling must be done under strict confidentiality, only for declared purposes.
• Documentation required includes:
  • Description of personal data to be collected and processing methods.
  • Purpose of data collection (e.g., research, statistics).
  • Basis for processing data, especially when consent is not provided.
  • Identification of the Personal Information Controller, outlining their responsibilities.

Perspectives on Data Privacy

• Healthcare Professionals: Emphasize the importance of privacy in both in-patient and out-patient scenarios.
• Medical Students: Acknowledge privacy during ward activities and case presentations.
• Clinical practices, surgical education, and community medicine presentations must maintain data confidentiality throughout the data processing lifecycle.