Philippine Data Privacy Act 2012

Questions and Answers

What is the purpose of the Data Privacy Act of 2012 in the Philippines?

To allow unrestricted collection and processing of personal information

To limit innovation and growth in the country

To protect the fundamental human right of privacy and ensure free flow of information (correct)

To restrict the flow of information and promote strict control over personal data

Who is required to register with the National Privacy Commission under the Data Privacy Act of 2012?

Companies with at least 250 employees or access to personal and identifiable information of at least 1,000 people (correct)

Sole proprietors involved in personal information processing

Only government agencies processing personal information

Companies with any number of employees

How should personal data be handled under the Data Privacy Act of 2012?

It can be processed without explicit consent if it benefits the organization

It can be stored without explicit consent if it is for business purposes

It can be collected without consent if deemed necessary by the organization

It should never be collected, processed, and stored without explicit consent, unless provided by law (correct)

What is the role of information controllers under the Data Privacy Act of 2012?

To notify individuals if their data have been compromised

Who are considered as personal information controllers (PICs) under R.A. 10173?

Organizations responsible for the control and processing of personal information

Under the Data Privacy Act of 2012, which entities are required to register with the National Privacy Commission?

Companies with at least 250 employees or access to the personal and identifiable information of at least 1,000 people

What is the primary purpose of the Data Privacy Act of 2012 in the Philippines?

To protect the fundamental human right of privacy and ensure free flow of information

What is the requirement for organizations in terms of collecting, processing, and storing personal data under R.A. 10173?

Explicit consent from individuals, unless otherwise provided by law

Who are considered as personal information controllers (PICs) under R.A. 10173?

Information controllers who handle personal data

What does R.A. 10173 require from personal information controllers (PICs) in case of data compromise?

Notify individuals if their data have been compromised, on time

Under the Data Privacy Act of 2012, which entities are required to register with the National Privacy Commission?

Companies with at least 250 employees or access to personal and identifiable information of at least 1,000 people

What is the primary purpose of the Data Privacy Act of 2012 in the Philippines?

To protect the fundamental human right of privacy and ensure free flow of information for innovation and growth

What is the role of information controllers under the Data Privacy Act of 2012?

To notify individuals if their data have been compromised

What does R.A. 10173 require from personal information controllers (PICs) in case of data compromise?

To notify individuals if their data have been compromised, on time

How should personal data be handled under the Data Privacy Act of 2012?

It should never be collected, processed, and stored by any organization without explicit consent, unless otherwise provided by law