Podcast
Questions and Answers
The Data Privacy Act is also known as Republic Act No. __________.
The Data Privacy Act is also known as Republic Act No. __________.
10173
What is the policy of the State regarding data privacy?
What is the policy of the State regarding data privacy?
To protect the fundamental human right of privacy of communication while ensuring free flow of information to promote innovation and growth.
Who is considered a data subject?
Who is considered a data subject?
What is consent of the data subject?
What is consent of the data subject?
Signup and view all the answers
Personal information refers to any information whether recorded in a material form or not, from which the __________ of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information.
Personal information refers to any information whether recorded in a material form or not, from which the __________ of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information.
Signup and view all the answers
What is sensitive personal information?
What is sensitive personal information?
Signup and view all the answers
The processing of sensitive personal information is, in general, allowed.
The processing of sensitive personal information is, in general, allowed.
Signup and view all the answers
What is the applicability of the Data Privacy Act?
What is the applicability of the Data Privacy Act?
Signup and view all the answers
What is not applicable to the Data Privacy Act?
What is not applicable to the Data Privacy Act?
Signup and view all the answers
What is the general rule on processing of personal information?
What is the general rule on processing of personal information?
Signup and view all the answers
The processing of personal information is necessary to protect the __________ of the data subject or another person.
The processing of personal information is necessary to protect the __________ of the data subject or another person.
Signup and view all the answers
What is the general rule on processing of sensitive personal information?
What is the general rule on processing of sensitive personal information?
Signup and view all the answers
What are the three principles to adhere to according to the Data Privacy Act (DPA)?
What are the three principles to adhere to according to the Data Privacy Act (DPA)?
Signup and view all the answers
What are some of the general principles to adhere to in the collection, processing, and retention of personal data?
What are some of the general principles to adhere to in the collection, processing, and retention of personal data?
Signup and view all the answers
The data subject has the right to dispute the inaccuracy or error in the personal data and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise ________.
The data subject has the right to dispute the inaccuracy or error in the personal data and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise ________.
Signup and view all the answers
Unauthorized processing of personal information and sensitive personal information is allowed under the Data Privacy Act.
Unauthorized processing of personal information and sensitive personal information is allowed under the Data Privacy Act.
Signup and view all the answers
Study Notes
Data Privacy Act (R.A. No. 10173)
- The policy of the State is to protect the fundamental human right of privacy of communication while ensuring free flow of information to promote innovation and growth.
- The Act aims to ensure that personal information in information and communications systems in the government and private sector are secured and protected.
Key Concepts
- Data Subject: An individual whose personal information is processed.
- Consent of the Data Subject: Any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about him/her.
- Personal Information: Any information from which the identity of an individual is apparent or can be reasonably and directly ascertained.
- Sensitive (Personal) Information: Information about an individual's race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations, etc.
Application of the Data Privacy Act
- The Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing.
- The Act is applicable to any act done or practice engaged in and outside of the Philippines by an entity if:
- The act, practice, or processing relates to personal information about a Philippine citizen or a resident.
- The entity has a link with the Philippines.
Non-Applicability of the Data Privacy Act
- The Act does not apply to:
- Information about any individual who is or was an officer or employee of a government institution that relates to his official position or functions.
- Information about an individual who is or was performing service under contract for a government institution that relates to the services performed.
- Information relating to any discretionary benefit of a financial nature such as the granting of a license or permit given by the government to an individual.
- Personal information processed for journalistic, artistic, literary or research purposes.
Processing of Personal Information
- Processing: Any operation or any set of operations performed upon personal information, including collection, recording, organization, storage, updating, modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data.
- Personal Information Controller: A person or organization who controls the collection, holding, processing, or use of personal information.
- Personal Information Processor: A natural or juridical person qualified to act as such under the Act to whom a personal information controller may outsource the processing of personal data.
General Rules on Processing of Personal Information
- The processing of personal information is permitted unless prohibited by law.
- The processing of sensitive information is prohibited unless permitted by law.
- Conditions for lawful processing of personal information:
- Not otherwise prohibited by law.
- At least one of the following: consent, necessary for a contract, necessary for compliance with a legal obligation, necessary to protect vitally important interest, etc.
Rights of a Data Subject
- Right to be Informed: The data subject must be notified and furnished with information about the processing of personal data.
- Right to Withhold Consent: The data subject must be notified and given an opportunity to withhold consent to the processing of personal data in case of changes.
- Right to Access: The data subject has the right to reasonable access to the contents of his/her personal data.
- Right to Rectification: The data subject has the right to correct inaccurate or erroneous personal data.
- Right to Erasure or Blocking: The data subject has the right to suspend, withdraw, or order the blocking, removal, or destruction of personal data.
- Right to Damages: The data subject shall be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, or unlawfully obtained personal data.
- Right to Data Portability: The data subject has the right to obtain a copy of personal data in an electronic or structured format.### Compliance and Accountability
- The organization must designate an individual accountable for compliance with the Act, whose identity must be made known to any data subject upon request.
Security Measures
- The personal information controller and processor must take steps to ensure that authorized personnel only process personal data upon instruction or as required by law.
- Security measures must:
- Maintain the availability, integrity, and confidentiality of personal data.
- Protect personal data against accidental or unlawful destruction, alteration, and disclosure.
- Protect personal data against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, and alteration.
Prohibited Acts
Unauthorized Processing
- Processing personal information without the consent of the data subject or without being authorized under this Act or any existing law is prohibited.
Unauthorized Access
- Providing access to personal information without being authorized under this Act or any existing law is prohibited.
Improper Disposal
- Knowingly or negligently disposing, discarding, or abandoning personal information in an area accessible to the public or placing it in a container for trash collection is prohibited.
Unauthorized Purpose
- Processing personal information for purposes not authorized by the data subject or otherwise authorized under this Act or existing laws is prohibited.
Unauthorized Access or Intentional Breach
- Knowingly and unlawfully accessing or breaching data confidentiality and security data systems is prohibited.
Concealment of Security Breaches
- Intentionally or by omission concealing the fact of security breach after having knowledge and the obligation to notify the National Privacy Commission is prohibited.
Malicious Disclosure
- Maliciously disclosing unwarranted or false information relative to any personal information or sensitive personal information is prohibited.
Unauthorized Disclosure
- Disclosing personal information to a third party without the consent of the data subject is prohibited.
Large-Scale
- Large-scale violations occur when personal information of at least 100 persons is harmed, affected, or involved as a result of the above-mentioned actions.
Restitution
- Restitution for any aggrieved party shall be governed by the provisions of the New Civil Code.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers the basics of the Data Privacy Act of 2012, Republic Act No. 10173, including the concept of data privacy and the rights of data subjects.