Republic Act 10173 Flashcards by VERNARD DOMINIC ALOYON

Republic Act 10173

Data Privacy Act of
2012

How well did you know this?

Not at all

Perfectly

Section 1

Short Title

How well did you know this?

Not at all

Perfectly

CHAPTER I

GENERAL PROVISIONS

How well did you know this?

Not at all

Perfectly

Section 2

Declaration of Policy

How well did you know this?

Not at all

Perfectly

Declaration of Policy

Protect the fundamental human right of ________, of communication
while ensuring free flow of information

privacy

How well did you know this?

Not at all

Perfectly

Declaration of Policy

Vital role of information and communications technology in ___________

nationbuilding

How well did you know this?

Not at all

Perfectly

Declaration of Policy

To ensure that personal information and communications systems in the government and in the private
sector are _______ and _______

protected

How well did you know this?

Not at all

Perfectly

Section 3

Definition of terms

How well did you know this?

Not at all

Perfectly

National Privacy Commission created
by virtue of this Act

Commission

How well did you know this?

Not at all

Perfectly

An individual whose personal
information is processed

Data subject

How well did you know this?

Not at all

Perfectly

Any information whether recorded in
a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information

Personal information

How well did you know this?

Not at all

Perfectly

A person or organization who controls the collection, holding, processing or use of personal information. Including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf

Personal information controller

How well did you know this?

Not at all

Perfectly

Any operation or any set of
operations performed upon personal
information including, but not limited
to, the collection, recording,
organization, storage, updating or
modification, retrieval, consultation,
use, consolidation, blocking, erasure
or destruction of data

Processing

How well did you know this?

Not at all

Perfectly

Section 4

Scope

How well did you know this?

Not at all

Perfectly

This Act does not apply to the following:

Info about government officer/empolyees
Info about individual who perform service with government
Info reltng to discretionary benefit of finacial nature
Personal info processed for journal, artisitc, literary, researrch purpose
Info necessary to carry out public authority functions
Info necessary for banks/finacial institutions
Personal info from residents of foreign jurisdiction

How well did you know this?

Not at all

Perfectly

Section 5

Protection Afforded to Journalists and Their Sources

How well did you know this?

Not at all

Perfectly

Republic Act No. 53

Journalist are not compelled to reveal the source of any news

How well did you know this?

Not at all

Perfectly

Section 6

Extraterritorial Application

How well did you know this?

Not at all

Perfectly

This act also apply even if you are out of the coutry as long as:

related sa personal info ng philippine citizen
a contract is entered in the philippines
basta related sa philippines

How well did you know this?

Not at all

Perfectly

CHAPTER II

THE NATIONAL PRIVACY COMMISSION

How well did you know this?

Not at all

Perfectly

Section 7

Functions of the National Privacy Commission

How well did you know this?

Not at all

Perfectly

Functions of the National Privacy Commission

Ensure compliance of

personal information controllers

How well did you know this?

Not at all

Perfectly

Functions of the National Privacy Commission

Receive complaints, institute investigations, facilitate
or enable settlement of complaints, prepare ______ on disposition of complaints and resolution of any investigation it initiates, and, in cases it deems appropriate, publicize any such report

reports

How well did you know this?

Not at all

Perfectly

Functions of the National Privacy Commission

Issue ___________, impose a temporary or permanent ban

cease and desist orders

How well did you know this?

Not at all

Perfectly

# Functions of the National Privacy Commission ____________ or _______ any entity, government agency or instrumentality

Compel or petition

# Functions of the National Privacy Commission Monitor the _______ of other government agencies or instrumentalities

compliance

# Functions of the National Privacy Commission __________ with other government agencies and the private sector

Coordinate

# Functions of the National Privacy Commission Publish on a regular basis a _____ to all laws relating to data protection

guide

# Functions of the National Privacy Commission Publish a compilation of _______ of records and notices, including index and other finding aids

agency system

# Functions of the National Privacy Commission Recommend to the ______ the prosecution and imposition of penalties

Department of Justice (DOJ)

# Functions of the National Privacy Commission Review, approve, reject or require modification of __________ voluntarily adhered to by personal information controllers

privacy codes

# Functions of the National Privacy Commission that the privacy codes shall adhere to the underlying _____________

data privacy principles

That such privacy codes may include private dispute resolution mechanisms for _______ against any participating personal information controller

complaints

# Functions of the National Privacy Commission For this purpose, the Commission shall consult with relevant _________ in the formulation and administration of privacy codes applying the standards in this Act

regulatory agencies

# Functions of the National Privacy Commission Provide ______ on matters relating to privacy or data protection

assistance

# Functions of the National Privacy Commission ______ on the implication on data privacy of proposed national or local statutes, regulations or procedures, issue advisory opinions and interpret the provisions

Comment

# Functions of the National Privacy Commission ______ legislation, amendments or modifications to Philippine laws

Propose

# Functions of the National Privacy Commission Ensure proper and effective coordination with _______ in other countries and private accountability agents, participate in international and regional initiatives for data privacy protection

data privacy regulators

# Functions of the National Privacy Commission Negotiate and contract with other data privacy authorities of other countries for ________ and implementation of respective privacy laws

cross-border application

# Functions of the National Privacy Commission Assist ___________ doing business abroad to respond to foreign privacy or data protection laws and regulations

Philippine companies

# Functions of the National Privacy Commission Generally perform such acts as may be necessary to facilitate ______________ of data privacy protection

cross-border enforcement

Section 8

Confidentiality

Section 9

Organizational structure of the commission

- Privacy Commissioner - Deputy Privacy Commisioners (2)

The Commission shall be attached to the

Department of Information and Communications Technology (DICT)

Chairman of the Commission

Privacy Commissione

in cahrge of the Data Processing Systems, Policies and Planning. appointed by the President of the Philippine

Deputy Privacy Commissioners

How many terms does the The Privacy Commissioner and the two (2) Deputy Privacy Commissioners have?

3 years | may be reaapointed for another 3

the privacy commisioner mus be atleast ___ yrs old

good moral character, unquestionable integrity and known probity, and a recognized expert in the field of information technology and data privacy

Privacy Commissioner

The Privacy Commissioner shall enjoy the benefits, privileges and emoluments equivalent to the rank of _________

Secretary

Who is the Privacy Commisioner and chairman

Raymund Enriquez Liboro

must be recognized experts in the field of information and communications technology and data privacy

Deputy Privacy Commissioners

Deputy Privacy Commissioners shall enjoy the benefits, privileges and emoluments equivalent to the rank of _______

Undersecretary

Who are the Deputy Privacy commisioners

Leandro Angelo Y. Aguirre, John Henry Du Naga

Section 10

The Secretariat

Majority of the members of the Secretariat must have served for at least ______ in any agency of the government that is involved in the processing of personal information

five (5) years

Majority of the members of the Secretariat must have served for at least five (5) years in any agency of the government that is involved in the processing of personal information including, but not limited to, the following offices:

- Social Security System (SSS) - Government Service Insurance System (GSIS) - Land Transportation Office (LTO) - Bureau of Internal Revenue (BIR) - Philippine Health Insurance Corporation (PhilHealth) - Commission on Elections (COMELEC) - Department of Foreign Affairs (DFA) - Department of Justice (DOJ) - Philippine Postal Corporation (Philpost)

CHAPTER III

PROCESSING OF PERSONAL INFORMATION

Section 11

General Data Privacy Principles

Kept in a form which permits identification of ________ for no longer than is necessary for the purposes for which the data were collected and processed

data subjects

Section 12

Criteria for Lawful Processing of Personal Information

Section 13

Sensitive Personal Information and Privileged Information

The processing of sensitive personal information and privileged information shall be prohibited except if the The data subject has given his or her consent, specific to the purpose _____________

prior to the processing

It is okay to proccess sensitive data without consent as long as protection of the info is guranteed?

yes of course

The proccesing is necessary to protect the life and health of the data subject or another person, and data sibject cannot consent, are you allowed to process it?

yups

# It is okay to process sentisitve info as long as The processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations provided that:

- info is confined only to bonafide members of the org - info is not transfered to other parties - there is a consent from the data subject

If the processing is necessary for purposes of medical treatment, are you allowed to process sensitive info?

why not?

The processing concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority. Is it oay to process sensitive info?

yups

Section 14

Subcontract of Personal Information

A personal information controller may ________ the processing of personal information

subcontract

Section 15

Extension of Privileged Communication

____________ may invoke the principle of privileged communication over privileged information that they lawfully control or process.

Personal information controllers

Subject to existing laws and regulations, any evidence gathered on privileged information is ___________

inadmissible

CHAPTER IV

RIGHTS OF THE DATA SUBJECT

Section 16

Rights of the Data Subject

What are the info need to be furnishe d to the data subject before processing their data:

1. Descroption of personal data 2. Purpose of the processing 3. Scope and method of processing 4. Receipients 5. Methods for automated access 6. Personal information controller Identity and contanct details 7. Period on information stored 8. Rights to access, correction, complaint

Data subjects should have reasonable access to, upon demand:

1. contents of personal info 2. sources of personal info 3. Recipients name and address 4. Manner of proccesing of data 5. reason for disclosure of personal info 6. Info on automated processes 7. Date of personal info last accesed 8. Personal information controller designation, name, identity

If the personal information have been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the ____________ of the new and the retracted information by recipients

simultaneous receipt

If there is a innacuracy or error in the personal info of and it is corrected who should be aso informed about the inacuracy and rectification?

Third parties

the data subject can Suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s _______ upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected.

filing system

the data subject should be ______ for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information

indemnified

Section 17

Transmissibility of Rights of the Data Subject. lawful heirs

Section 18.

. Right to Data Portability.

The data subject shall have the right, where personal information is processed by ______ means and in a structured and commonly used format

electronic

Section 19

Non-Applicability

The immediately preceding sections are not applicable if the processed personal information are used only for the needs of ____________ and, on the basis of such, no activities are carried out and no decisions are taken regarding the data subject

scientific and statistical research

CHAPTER V

SECURITY OF PERSONAL INFORMATION

Section 20

Security of Personal Information

Who is responsible for the security of personal info

Personal information controller

The personal information controller shall promptly notify heth __________affected subjectwhen sensitive personal information or other information that ay, under the circumstances, be used to enable identity fraud are reasonably believed to have been cquired by an unauthorized person

Commission

In evaluating if notification is ________, the Commission may take into account compliance by the personal information controller with this section and existence of good faith in the acquisition of personal information

unwarranted

The Commission may exempt a personal information controller from notification where, in its reasonable judgment, such notification would __________ or _________

not be in the public interest or in the interests of the affected data subjects

The Commission may authorize postponement of notification where it may hinder the progress of a _____________ related to a serious breach.

criminal investigation

CHAPTER VI

ACCOUNTABILITY FOR TRANSFER OF PERSONAL INFORMATION

Section 21

Principle of Accountability

The personal information controller is accountable for complying with the requirements of this Act and shall use _______ or other reasonable means to provide a comparable level of protection while the information are being processed by a third party.

contractual

The personal information controller shall designate an __________ who are accountable for the organization’s compliance with this Act.

individual or individuals

CHAPTER VII

SECURITY OF SENSITIVE PERSONAL INFORMATION IN GOVERNMENT

SECTION 22

Responsibility of Heads of Agencies

Who shall be responsible for complying with the security requirements in the ogvernment?

head of each government agency or instrumentality

Section 23

Requirements Relating to Access by Agency Personnel to Sensitive Personal Information

No ________ shall have access to sensitive personal information on government property or through online facilities

employee of the government

sensitive personal information maintained by an agency may not be transported or accessed from a __________

location off government property

# access of sensitive info putside gov property request in the case of any request submitted to the head of an agency, such head of the agency shall approve or disapprove the request within _________ after the date of submission of the request.

two (2) business days

How many is the limitation of records acces outside gov failities

1000

Any technology used to store, transport or access sensitive personal information for purposes of off-site access approved under this subsection shall be secured by the use of the most secure _______ standard recognized by the Commission

encryption

Section 24

Applicability to Government Contractors

In entering into any contract that may involve accessing or requiring sensitive personal information from one thousand (1,000) or more individuals, an agency shall require a contractor and its employees to register their ________

personal information processing system

CHAPTER VIII

PENALTIES

Section 25

Unauthorized Processing of Personal Information and Sensitive Personal Information

Section 26

Accessing Personal Information and Sensitive Personal Information Due to Negligence.

Section 27

Improper Disposal of Personal Information and Sensitive Personal Information.

Section 28

Processing of Personal Information and Sensitive Personal Information for Unauthorized Purposes.

Section 29

Unauthorized Access or Intentional Breach.

Section 30

Concealment of Security Breaches Involving Sensitive Personal Information

Section 31

Malicious Disclosure

Section 32

Unauthorized Disclosure.

Section 33

Combination or Series of Acts.

Unauthorized Processing of Personal Information and Sensitive Personal Information

Imprisonment: 1-3 yrs Fine: 500k -2M

Accessing Personal Information and Sensitive Personal Information Due to Negligence.

Imprisonment: 3-6 yrs Fine: 500k - 4M

Improper Disposal of Personal Information and Sensitive Personal Information.

Personal Imprisonment: 6 mon - 2 yrs Fine: 100k-500k Sentisitve Imprisonment: 1-2 yrs Fine: 100k -1M

Processing of Personal Information and Sensitive Personal Information for Unauthorized Purposes.

Personal Imprisonment: 1 yr and 6 mon - 5 yrs Fine: 500k - 1M Sentisitve Imprisonment: 2-7 yrs Fine: 500k - 2M

Unauthorized Access or Intentional Breach.

Imprisonment: 1 -3 yrs Fine: 500k - 2M

Concealment of Security Breaches Involving Sensitive Personal Information.

Imprisonment: 1 yr and 6 mons - 5 yrs Fine: 500k -1M

Malicious Disclosure

Imprisonment: 1 yr and 6 mons - 5 yrs Fine: 500k -1M

Unauthorized Disclosure.

Personal Imprisonment: 1 yr - 3 yrs Fine: 500k - 1M Sentisitve Imprisonment: 3-5 yrs Fine: 500k - 2M

Combination or Series of Acts

Imprisonment: 3 - 6 yrs Fine: 1-5 M

Section 34

Extent of Liability

If the offender is a corporation, partnership or any juridical person, the penalty shall be imposed upon the _________, as the case may be, who participated in, or by their gross negligence, allowed the commission of the crime.

responsible officers

If the offender is a juridical person, the court may

suspend or revoke any of its rights under this Act.

If the offender is an alien, he or she shall, in addition to the penalties herein prescribed, be _________ without further proceedings after serving the penalties prescribed.

deported

If the offender is a public official or employee and lie or she is found guilty of acts penalized under Sections 27 and 28 of this Act, he or she shall, in addition to the penalties prescribed herein, suffer perpetual or temporary absolute __________, as the case may be.

disqualification from office

Section 35

Large-Scale.

The maximum penalty in the scale of penalties respectively provided for the preceding offenses shall be imposed when the personal information of at least __________is harmed, affected or involved as the result of the above mentioned actions.

one hundred (100) persons

Section 36

Offense Committed by Public Officer

When the offender or the person responsible for theoffense is a public officer as defined in the Administrative Code of the Philippines in the exercise of his or her duties, an accessory penalty consisting in the disqualification to occupy public office for a ___________ imposed shall be applied.

term double the term of criminal penalty

SECTION 37

Restitution

CHAPTER IX

MISCELLANEOUS PROVISIONS

Section 38

Interpretation

SECTION 39

Implementing Rules and Regulations (IRR)

Within __________ from the effectivity of this Act, the Commission shall promulgate the rules and regulations to effectively implement the provisions of this Act

ninety (90) days

SECTION 40

Reports and Information

The Commission shall _________ report to the _________ and _________ on its activities in carrying out the provisions of this Act

- annually - President and Congress

SECTION 41

Appropriations Clause

The Commission shall be provided with an initial appropriation of ______ to be drawn from the national government.

Twenty million pesos (Php20,000,000.00)

Appropriations for the succeeding years shall be included in the _____________.

General Appropriations Act

It shall likewise receive___________ per year for ________ upon implementation of this Act drawn from the national government.

- Ten million pesos (Php10,000,000.00) - five (5) years

Section 42

Transitory Provision.

Section 43

Separability Clause

Existing industries, businesses and offices affected by the implementation of this Act shall be given ______ transitory period from the effectivity of the IRR or such other period as may be determined by the Commission, to comply with the requirements of this Act.

one (1) year

In case that the DICT has not yet been created by the time the law takes full force and effect, the National Privacy Commission shall be attached to the ________

Office of the President.

Section 44

Repealing Clause

SECTION 45

effectivity Clause

What is amended by this act?

Section 7 of Republic Act No. 9372, otherwise known as the “Human Security Act of 2007”

This Act shall take effect _________ after its publication in at least _________ of general circulation.

- 15 days - two (2) national newspapers

President of the Senate

JUAN PONCE ENRILE

Speaker of the House of Representatives

FELICIANO BELMONTE JR

Secretary of Senate

EMMA LIRIO-REYES

Secretary General (House of Representatives)

MARILYN B. BARUA-YAP

Republic Act 10173 Flashcards

(160 cards)