Information Security and Ethics

Questions and Answers

What is considered 'personal information' according to the Act?

• Any information that can be used to identify an individual indirectly, but only if it is recorded in a material form.
• Any information that can be used to identify an individual only when put together with other information that is publicly available.
• Any information that is shared publicly by the individual.
• Any information that can be used to identify an individual directly. (correct)

What is necessary for the collection of personal data?

• The customer's explicit consent.
• Both the customer's proper consent and the company's legitimate reason for collection. (correct)
• The company's legitimate reason for collection.
• Neither the customer's consent nor the company's legitimate reason for collection.

What is the responsibility of companies in protecting customer information?

• To protect customer information only during the collection process.
• To protect customer information from collection to disposal, regardless of the customer's request. (correct)
• To protect customer information from collection to disposal, but only if the customer requests it.
• To protect customer information only during the disposal process.

What is required for the data subject's consent to be considered valid?

The consent must be freely given, specific, and informed. (B)

What is the scope of the Act's application?

The Act applies to any process of personal data by anyone in government or private sectors. (D)

What is the purpose of the Act's requirement for personal data to be relevant and used solely for its intended purpose?

To ensure that personal data is used for its intended purpose and not for any other purpose. (D)

What does authentication primarily deal with?

Ensuring an individual's identity (B)

What is the primary focus of information ethics?

Agreeing on standards for right and wrong behavior in IT (A)

What is a unique attribute of information systems addressed by information ethics?

Separation of act from consequences (B)

What is the primary purpose of the Fair Credit Reporting Act of 1970?

Controlling the operations of credit-reporting bureaus (D)

What is a key aspect of business ethics in the context of information systems?

Developing a code of morals for a particular profession (D)

What is a challenge to information ethics in the context of computer crime?

Would-be criminals often need help to misbehave (C)

What information must be provided to the data subject according to the Data Privacy Act?

Method of access, identity and contact details of the personal information controller, duration of storage, reason for use, and their rights (C)

What is the penalty for non-compliance with the Data Privacy Act?

Imprisonment up to six years and a fine of not less than Five hundred thousand pesos (PHP 500,000) (B)

What is one of the requirements for compliance with the Data Privacy Act?

Appointing a Data Protection Officer, conducting a privacy impact assessment, and exercising a breach reporting procedure (B)

Which of the following is a right of the data subject under the 1987 Constitution of the Republic of the Philippines?

Right to freedom of expression and privacy of communication and correspondence (A)

What is the purpose of the 'Great Firewall of China'?

To control the access to the Internet (A)

What happens to evidence obtained in violation of the right to privacy of communication and correspondence?

It is inadmissible for any purpose in any proceeding (D)