Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ELEC 5 > Data Privacy Act - Test Bank > Flashcards

Data Privacy Act - Test Bank Flashcards

1
Q

In all cases, the publishers, editors, or duly accredited reporters of any newspaper, magazine or periodical of general circulation shall not be compelled to reveal the source of any news report or information appearing in said publication.

a. True. Because they are protected by the law.
b. False. Only Publishers are included in the privilege.
c. False. Only Publishers and Reporters are included in the privilege.
d. True. But only for those information that were related in any confidence to such publisher, editor, or reporter.

A

True. But only for those information that were related in any confidence to such publisher, editor, or reporter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Personal information controllers may invoke the principle of privileged communication over privileged information that they lawfully control or process. Subject to existing laws and regulations, any evidence gathered from privileged information is

a. Admissible
b. Privilege
c. Confidential
d. Inadmissible

A

Inadmissible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Refers to the structure and procedure by which personal data is collected and further processed in an information and communications system or relevant filing system, including the purpose and intended output of the processing.

a. Data Sharing Systems
b. Data Collection Systems
c. Internal Control Systems
d. Data processing Systems

A

Data processing Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The Act and its Implementing Rules and Regulations apply to the processing of all types of personal information. Who may be held liable for violation of Data Privacy Law?

a. Only Natural Persons
b. Both Natural and Juridical Persons
c. Juridical Persons and Personal information Controller
d. Only Personal Information Processor

A

Both Natural and Juridical Persons

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

One of the following is not included in the Right to be informed by the data owner.

a. The right to object to the processing of his or her personal data.
b. The recipients or classes of recipients of the information gathered.
c. The period for which the information will be stored.
d. The identity and contact details of the personal data controller or its representative.

A

The right to object to the processing of his or her personal data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Outsourcing or subcontracting generally does not require the consent of the data subject but requires the execution of an outsourcing or subcontracting agreement.

a. True. Provided the information to be processed is not sensitive personal information
b. True
c. False. consent of the majority of the data subjects is generally required in an outsourcing agreement.
d. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Any information and communication relating to the processing of personal data should be easy to access and understand, using clear and plain language.
This is the principle of?

a. Legitimate Purpose
b. Understandability
c. Transparency
d. Accessibility

A

Transparency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

As a general rule, when a data subject objects or withholds consent, the personal information controller shall no longer process the personal data, unless:

a. There is subpoena from the court.
b. The Personal Information Processor had personal interests over the matter.
c. Necessary for the cancellation of contract.
d. There is natural obligation to disclose.

A

There is subpoena from the court.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

a. Sensitive Personal Information
b. Personal Identity
c. Personal Data
d. Personal Information

A

Personal Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is required to register its personal data processing systems?
a. A PIP employing 300 employees
b. A PIP processing sensitive personal information of at least 100 individuals
c. A PIC employing 200 employees
d. A PIC processing personal information of at least 1,000 individuals

A

A PIP employing 300 employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Refers to a natural or juridical person, or any other body who controls the processing of personal data, or instructs another to process personal data on its behalf.

a. Personal Data Processor
b. Personal Data Controller
c. Personal Information Controller
d. Personal Information Processor

A

Personal Information Controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Refers to the disclosure or transfer to a third party of personal data under the custody of a personal information controller or personal information processor.

a. Data Sharing
b. Data Disclosure
c. Data Transferring
d. Data Enlisting

A

Data Sharing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is not a sensitive personal information?

a. TIN
b. Birthday
c. SSS Number
d. Tax Returns

A

Birthday

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The Commission requires the ________ of personal data processing systems operating in the country that involves accessing or requiring sensitive personal information of at least one thousand (1,000) individuals.

a. Submission
b. Disclosure
c. Approval of Data Subiect
d. Registration

A

Registration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Violations of Data Privacy Law may be committed in and outside of the Philippines.

a. False. Because it may only be committed by Filipino citizens or residents of the Philippines.
b. True. Because it has extraterritorial application
c. False. Because it has no extraterritorial application.
d. True. As long as the personal data breach refers to a person found in the Philippines.

A

True. Because it has extraterritorial application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Refers to an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It includes incidents that would result to a personal data breach, if not for safeguards that have been put in place.

a. Personal Data Breach
b. Security Incident
c. Security Breach
d. Personal Data Incident

A

Security Incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following is not a personal information?

a. Surname
b. Address
c. Creed
d. Birthday

A

Creed

18
Q

The processing of personal data shall be allowed, subject to compliance with the requirements of the Act and other laws allowing disclosure of information to the public, and adherence to the following principles. Except?

a. Legitimate Purpose
b. Transparency
c. Consent
d. Proportionality

A

Consent

19
Q

Refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

a. Security Breach
b. Non- disclosure Breach
c. Personal Data Breach
d. Data Incident

A

Personal Data Breach

20
Q

_____ refers to the principle that the processing of information shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy.

a. Legitimate Purpose
b. Legality
c. Validity of Purpose
d. Transparency

A

Legitimate Purpose

21
Q

The consent of the Data Subject may be evidenced by the following. Except?

a. Written Document
b. Express or Verbal Communication
c. Recorded File
d. Electronic Means

A

Express or Verbal Communication

22
Q

The Personal Information Controller / Processor should make sure the following with respect to any personal information collected. Except?

a. Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained.
b. Processed fairly and lawfully.
c. Collected for specified and legitimate purposes determined and declared right after collection.
d. Adequate and not excessive in relation to the purposes for which they are collected and processed.

A

Collected for specified and legitimate purposes determined and declared right after collection.

23
Q

Refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.

a. Organization
b. Recording
c. Collecting
d. Processing

A

Processing

24
Q

All security incidents and personal data breaches shall be documented through written reports, excluding those not covered by the notification requirements.

a. True. Subject to the sound discretion of the Personal Information Controller.
b. False. Because it must include even those not covered by the notification requirements.
c. True
d. False

A

b. False. Because it must include even those not covered by the notification requirements.

25
Q

HYBE was outsourced by Pledis for the processing of the information. The processing of the information by HYBE shall generally be governed by?

a. Data Privacy Law
b. Personal circumstances of the person as the data subject.
c. Contract or other legal act that binds the personal information processor to the personal information controller
d. Contract and other agreements between the personal information processor and the personal information controller

A

c. Contract or other legal act that binds the personal information processor to the personal information controller

26
Q

This refers to the right of the data subject to be notified and given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the data subject in the preceding paragraph.

a. Right to rectify.
b. Right to be informed.
c. Right to Withhold consent.
d. Right to object.

A

Right to object.

27
Q

Which of the following is not a sensitive personal information?

a. Education
b. Surname
c. Political affiliations
d. Ethnic origin

A

Surname

28
Q

Mr. Hunt wants to borrow money from Black Bank. In the loan application form, among the questions asked were about Mr. Hunt’s sexual life, health condition, previous employment records, previous health records, hobbies, religious affiliation, list of properties both local and abroad, names of all relatives up to fourth civil degree. Black Bank violated the principle of?

a. Legitimate Purpose
b. Transparency
c. Proportionality
d. Sufficiency

A

Proportionality

29
Q

Refers to an individual whose personal, sensitive personal, or privileged information is processed.

a. Subject of Data
b. Object of Data
c. Data Subiect
d. Data Object

A

Data Subiect

30
Q

Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by other means. This refers to the principle of?

a. Transparency
b. Legitimate Purpose
c. Sufficiency
d. Proportionality

A

Proportionality

31
Q

Mr. Choi ordered Big Whopper from Burger King online. Secret Company obtained his personal information. Thereafter, the information was disclosed to Burger King. Who is the Personal Information Processor?

a. Burger King and Secret Company are both the Personal Information Processor.
b. Secret Company because its services were outsourced by Burger King.
c. Mr. Choi because he was the one who provided his information to Secret Company.
d. Burger King. Because it will process the information of Mr. Choi.

A

b. Secret Company because its services were outsourced by Burger King.

32
Q

Refers to any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject.

a. Personal Information Controller
b. Personal Data Controller
c. Personal Information Processor
d. Personal Data Processor

A

c. Personal Information Processor

33
Q

Refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged information.

a. Will of the data subject.
b. Conformity of the data subject.
c. Consent of the data subject.
d. Approval of the data subject.

A

c. Consent of the data subject.

34
Q

The right of a data subject is intransmissible because the same is personal to him/her alone.

a. True. Unless the data subject consents to the transfer.
b. False. The right of a data subject is generally transmissible.
c. True. The right of a data subject is generally intransmissible.
d. Trues. Unless transferee accepts.

A

False. The right of a data subject is generally transmissible.

35
Q

Personal Information Controller shall notify the commission or data subject about the personal data breach within

a. 48 hours
b. 72 days
c. 3 days
d. 5 days

A

c. 3 days

36
Q

A report to the commission about the personal data breach may be made whether written or electronic?

a. False
b. True. Upon selection by the Personal Information Processor.
c. True
d. False. Because it must be in electronic form.

A

True

37
Q

Report of the summary of documented security incidents and personal data breaches must be done every ____

a. Semi-Annual
b. Monthly
c. Quarterly
d. Year

A

Year

38
Q

A personal information controller may subcontract or outsource the processing of personal data: Provided, that the

a. Commission expressly approves the contract between the parties.
b. Personal information controller shall use contractual or other reasonable means to ensure that proper safeguards are in place
c. Consent of all the data subject whose information will be processed are obtained.
d. Personal information processor shall use contractual or other reasonable means to ensure that proper safeguards are in place

A

b. Personal information controller shall use contractual or other reasonable means to ensure that proper safeguards are in place

39
Q

Which of the following is generally inadmissibile in court?

a. Confidential Information
b. Personal Information
c. Sensitive Personal Information
d. Privilege Information

A

d. Privilege Information

40
Q

The data privacy law does not apply to the following. Except?

a. Information about depositors of banks and other financial institutions to secure its money.
b. Information about an individual who is performing service under contract for a government institution that relates to the services performed.
c. Personal information processed for journalistic, artistic, literary or research purposes.
d. Information about an officer of a government institution that relates to his position.

A

a. Information about depositors of banks and other financial institutions to secure its money.

41
Q

The following ground is a valid reason to delay the notification. Except?

a. To secure consent from the Personal Information Processor.
b. Determine the scope of the breach.
c. To restore reasonable integrity to the information and communications system.
d. To prevent further disclosures.

A

a. To secure consent from the Personal Information Processor.

ELEC 5 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions