Personal Data and Privacy

Questions and Answers

What is a characteristic of freely given consent, according to the DPA?

Granular and specific

Multi-purpose

No risk of deception (correct)

Risk of deception

What is a potential threat to privacy in the workplace?

Secure disposal of documents

Regular software updates

Lack of backup and failover procedures (correct)

Strong password policies

What is a step in the data life cycle?

Data sharing

Data collection (correct)

Data encryption

Data analysis

Who can give consent on behalf of the data subject?

An agent specifically authorized by the data subject

What is a consequence of unsecured disposal of documents?

Data breach

What is a characteristic of specific consent?

Granular and specific

What is a potential threat to privacy in the workplace due to natural disasters?

Fire

What is a stage in the employee on-boarding process that involves data processing?

Payroll and benefits administration

What is the primary purpose of registering data processing systems?

To ensure compliance with data protection regulations

What right does a data subject have when their personal data is being collected or processed?

The right to be informed

What can a company do with a large user base and reams of private information about those users?

Use the data to make connections between users

What is the primary purpose of a Personal Information Controller (PIC)?

To collect and process personal data

What can a data subject request from an organization that holds their personal data?

Reasonable access to their personal data

What is the consequence of not registering data processing systems?

Non-compliance with data protection regulations

What is the primary goal of data protection regulations?

To protect personal data from unauthorized access

What can a data subject do if they suspect their personal data has been misused?

File a complaint with the relevant authorities

What is the primary concern of damages due to inaccurate, incomplete, outdated, or unauthorized use of personal data?

Violation of rights and freedoms as a data subject

What is the main principle of data processing that ensures the data subject is aware of the nature and purpose of processing?

Transparency

Which of the following is a legitimate basis for processing personal data?

All of the above

What is the purpose of the Free Mobile Disaster Alert Act (RA 10639)?

To mandate the sending of free mobile alerts in the event of natural and man-made disasters

What is the primary goal of data privacy principles?

To ensure the legitimate processing of personal data

What is the consequence of violating the rights and freedoms of a data subject?

All of the above

What is the purpose of the principle of proportionality in data processing?

To ensure the processing of personal data is limited to what is necessary

What is the primary role of a data controller in ensuring data privacy?

To ensure the protection of personal data from unauthorized use

Study Notes

Personal Data and Data Processing

• Personal data refers to aspects relating to a natural person, including performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
• Registration of data processing systems is required to analyze or predict aspects concerning that natural person.

Data Subject Rights

• Right to be Informed: data subjects have the right to be informed that their personal data will be, are being, or were collected and processed.
• Right to Access: data subjects have the right to find out whether an organization holds any personal data about them and gain reasonable access to it.

Data Processing Relationships

• Personal Information Controllers (PIC) are responsible for holding personal data.
• Data subjects may authorize an agent to act on their behalf.

Data Life Cycle

• Collection: the first stage of the data life cycle.
• Use: the second stage of the data life cycle.
• Sharing/Transfer: the third stage of the data life cycle.
• Storage: the fourth stage of the data life cycle.
• Disposal: the fifth stage of the data life cycle.

Consent and Data Privacy

• Consent must be freely given, specific, and not obtained through deception, intimidation, coercion, or negative consequences.
• Data privacy is important to protect against threats such as theft, unsecured disposal of documents, natural disasters, lack of backup and failover procedures, and phishing attacks.

Lawful Processing of Personal Data

• Processing of personal data is allowed subject to adherence to the principles of transparency, legitimate purpose, and proportionality.
• Lawful processing of personal data includes consent of the data subject, contractual agreement, protection of vital interest, compliance to legal obligation, response to public order and safety, medical treatment or procedures, legitimate interests of the company, and constitutional or statutory mandate of public authority.

Data Privacy Principles

• Transparency: data subjects must be aware of the nature, purpose, and extent of processing of their personal data, risks, control measures, PIC identity, and their rights to privacy.
• Legitimate Purpose: personal data must be processed for a legitimate purpose.
• Proportionality: personal data must be processed in a proportionate manner.

Description

This quiz assesses your knowledge of personal data aspects, including performance, economic situation, health, and preferences, and how it relates to data protection and privacy.