Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

ICT > DPA > Flashcards

DPA Flashcards

(44 cards)

Start Studying
1
Q

Who is a Data Protection Officer (DPO)?

A
  • A designated person responsible for ensuring compliance with data protection laws.
  • Main point of contact for data breaches and privacy concerns.
  • Oversees data security policies and impact assessments.
  • Liaises with regulatory authorities like the National Privacy Commission (NPC).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the objective of the Data Privacy Act?

A
  • Protect personal data from misuse and unauthorized access.
  • Ensure the free flow of information for innovation and economic growth.
  • Applies to public and private entities handling personal data.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who does the Data Privacy Act apply to?

A

It covers all persons involved in the processing of personal information, although these persons are not found or established in the Philippines, provided they use equipment located in the Philippines or they maintain an office, branch, or agency in the Philippines.

  • Government and private sector organizations.
  • Companies processing personal or sensitive information.
  • Individuals or businesses collecting personal data in the Philippines.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is personal information?

A

Personal information refers to any information whether recorded in a material form or not,

from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information,

or when put together with other information would directly and certainly identify an individual.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is personal data?

A

“Personal Data” is used when personal information, sensitive personal information, and privileged information are referred to collectively. On the other hand, personal information forms part of the broader concept of personal data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a data subject?

A
  • An individual whose personal information is being collected, processed, or stored.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is processing of personal information?

CROSUM RCUCBED

A

It refers to any operation or set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating, modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is privileged information?

A

It refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.
Examples: Attorney-Client Privilege; Physician-Patient Privilege; Marital Privilege Rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What constitutes valid consent for data processing?

A
  • Consent must be freely given, specific, and informed.
  • Documented in writing, electronically, or through recorded means.
  • Not required if processing is mandated by law, court order, or public safety reasons.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Who is a Personal Information Controller (PIC)?

A
  • Entity that decides why and how personal data is processed.
  • Responsible for ensuring compliance with the Data Privacy Act.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who is a Personal Information Processor (PIP)?

A
  • Processes data on behalf of a PIC under contractual agreement.
  • Must follow data security protocols and privacy laws.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three main data privacy principles?

A
  • Transparency – Data subjects must be informed of how their data is used.
  • Legitimate Purpose – Data should only be collected for a lawful purpose.
  • Proportionality – Only collect and store the minimum data necessary.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a Data Sharing Agreement (DSA)?

A
  • A contract between organizations outlining conditions for sharing personal data.
  • Only Personal Information Controllers (PICs) can enter into DSAs.
  • Ensures compliance with data privacy laws and security measures.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the three main kinds of privacy?

A
  • Locational Privacy – Protection of physical spaces.
  • Informational Privacy – Control over personal data.
  • Decisional Privacy – Freedom to make personal choices.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is locational privacy?

A
  • Also called situational privacy.
  • Protects against physical intrusions (e.g., unlawful searches, trespassing)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is informational privacy?

A
  • The right to control how personal data is collected, stored, and used.
  • Prevents unauthorized access or data misuse.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is decisional privacy?

A
  • The right to make personal life choices without interference.
  • Includes reproductive rights, medical decisions, lifestyle choices.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the rights of the data subject?

DIE-RADO

Study These Flashcards
A

Right to be Informed – the right to be informed in a timely manner by the PIC if his data have been compromised

Right to Access – the right to know if an organization holds his data, and if so, the right to gain access to them

Right to Object – the right to contest any unlawful processing of data against him

Right to Rectify – the right to dispute and compel correction of inaccurate data a PIC has about him

Right to Erasure and Blocking – the right to withdraw or order the removal or blocking of his personal data

Right to Damages – the right to claim compensation arising from inaccurate or unauthorized use of personal data

Right to Data Portability – right to electronically move, copy, or transfer his data in a secure manner for further use. It enables the free flow of his personal information in the internet according to his preference.

19
Q

What is the definition of the right to privacy?

Study These Flashcards
A
  • The right to be free from unwarranted exploitation or intrusion into private activities.
  • Protects individuals from unwanted public exposure.
20
Q

Two-part test for privacy violations

Study These Flashcards
A
  1. Did the individual exhibit an expectation of privacy?
  2. Would society recognize it as reasonable?
21
Q

Cadajas issue on privacy

Study These Flashcards
A

If a person voluntarily shares their password, they have limited privacy rights over the shared account.

22
Q

What does Section 19 of the Data Privacy Act state?

Study These Flashcards
A
  • Exemptions from privacy protections, including:
  • Investigations related to criminal, administrative, or tax liabilities.
  • Processing of data for scientific and statistical research.
23
Q

When can personal data be used in legal proceedings?

Study These Flashcards
A
  • If data is collected for court cases or to determine criminal, administrative or tax liability.
24
Q

Outsourcing or Subcontracting

Study These Flashcards
A
  • A PIC or PIP may outsource or subcontract the functions of its DPO or COP.

DPO or COP must oversee the performance of his or her functions by the third-party service provider or providers

25
DPA: Declaration of Policy
– It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.
26
How is consent evidenced?
Consent shall be evidenced by: - written, - electronic or - recorded means. It may also be given on behalf of the data subject by an agent specifically authorized by the data subject to do so. Otherwise, personal information may also be obtained upon a - lawful order of the court, - when theDPA allows it or - Public Safety or Public Order so requires
27
(f) Information and Communications System
a system for generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents and includes the computer system or other similar device by or which data is recorded, transmitted or stored and any procedure related to the recording, transmission or storage of electronic data, electronic message, or electronic document.
28
PIC
a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf
29
Who are not PIC's
(1) A person or organization who performs such functions as instructed by another person or organization; and (2) An individual who collects, holds, processes or uses personal information in connection with the individual’s personal, family or household affairs.
30
Processing
any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
31
Exhaustion of Admin Remedies
The doctrine of exhaustion of administrative remedies requires that when an administrative remedy is provided by law, relief must be sought by exhausting this remedy before judicial intervention may be availed of . It ensures an orderly procedure which favors a preliminary sifting process, particularly with respect to matters within the competence of the administrative agency
32
Quasi-judicial power of the NPC
Receive complaints, institute investigations, facilitate or enable settlement of complaints through the use of alternative dispute resolution processes, adjudicate, award indemnity on matters affecting any personal information, prepare reports on disposition of complaints and resolution of any investigation it initiates
33
What is personal information
Personal information refers to information that makes a person readily identifiable
34
Sensitive Personal Information
sensitive personal information refers to personal information: A) about an individual’s race, ethnic origin, marital status, age, color, as well as religious, philosophical, or political affiliations; B) about an individual’s health, education, genetic or sexual life, or any proceeding for any offense committed or alleged to have been committed by such an individual, the disposal of such proceedings, or the sentence of any court in such proceedings. C) issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and, D) specifically established by an executive order or an act of Congress to be kept classified.
35
What are the exceptions to the application of the Data Privacy Act?
A) information about any individual who is or was an officer or employee of a government institution that relates to his position or functions; B) Information about an individual who is or was performing service under contract for a government institution that relates to the services performed; C) information relating to any discretionary benefit of a financial nature such as the granting of a license or permit given by the government to an individual; D) personal information processed for journalistic, artistic, literary, or research purposes.
36
Are institutions required to appoint someone who should be responsible for ensuring compliance with the law?
Yes. Under the Implementing Rules and Regulations of the Data Privacy Act, all institutions are required to appoint one or more than one Data Protection Officer (DPO), who should be accountable for ensuring compliance with the appropriate data protection laws and regulations.
37
How is privileged information and sensitive personal information treated by the Data Privacy Act?
The processing of privileged information and sensitive personal information is prohibited by the law.
38
What are the instances when the processing of sensitive personal information and privileged information are allowed?
A) The data subject has given consent before the processing. In the case of privileged information, all parties to the information have given their consent before the processing; B) The processing is necessary to protect the life and health of the data subject or another person; and the data subject is not legally or physically able to express consent before the processing; C) The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured; D) The processing concerns such personal information as is necessary for the protection of lawful rights and interests of persons in court proceedings or when provided to government or public authority.
39
Data included under data privacy
Any personal data that could be sensitive or can be used maliciously by someone is included in data privacy. It includes: A) Online Privacy. It includes all personal data given out during online interactions; B) Financial Privacy. Any financial information shared online or offline is sensitive as it can be utilized to commit fraud; C) Medical Privacy. Details of medical treatment and history is privileged and cannot be disclosed to a third party. D) Residential and geographic records. Giving of address online can be a potential risk and needs protection from unauthorized access. E) Political Privacy. Political preferences should be privileged information.
40
Processing of personal data shall be allowed, subject to the adherence to the principles of (3)
transparency, legitimate purpose, and proportionality.
41
Transparency
The data subject must be aware of the nature, purpose, and extent of the processing of his or her personal data, including the - risks and safeguards involved, - the identity of personal information controller, - his or her rights as a data subject, - and how these can be exercised. Any information and communication relating to the processing of personal data should be easy to access and understand, using clear and plain language
42
LEGITIMATE PURPOSE
The processing of information shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy.
43
PROPORTIONALITY
The processing of information shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose. Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by other means.
44
The collection, processing, and retention of personal data is said to be for legitimate purpose when:
Data subject gives consent prior to the collection and processing of personal data. The data subject must be provided specific information regarding the purpose and extent of processing; Purpose should be determined and declared before, or as soon as reasonably practicable, after collection. Only personal data that is necessary and compatible with declared, specified, and legitimate purpose shall be collected. (Note: The data subject’s consent should be evidenced by written, electronic or recorded means.)

ICT (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions