Data Privacy Protection Competency Guide Knowledge assessment of data privacy protection

accountable and responsible.

We share the essential questions of understanding that the accountable and responsible in data
protection must be able to answer with clarity, coherence, completeness, and consistency in order “to
do the right things” in respecting data privacy rights, and in securing the confidentiality, integrity, and
availability of personal information in the business process, system and technology of their organization.

The person or entity designated to ensure, monitor, and guide data privacy compliance must
communicate the valid, verifiable, acceptable, and actionable data privacy protection knowledge based
on rules and standards of practice.

1. What is the proper description of R.A. 10173 that simply tell the statutory goals and objectives
to be achieved by a government agency and private enterprise?
2. What are the three knowledge inputs to be considered by a government agency in the creation
of data privacy and protection policy and security control framework?
3. What are the two essential compliance evidences that are required by privacy rules before an
information and communication system is released and operated to collect, retain, use, share
and dispose the personal information of any data subject?
4. Identify what the law considers as threat to data privacy, and can be complained as penalized
violation?
5. Who is considered by R.A. 10173 to have data privacy right and whose personal information
must be secured?
6. Who is obligated by law to implement the exercise of data privacy rights and to implement
security measures of data protection?
7. What are the accountability and legal liability of person and entity who are defined by law as
controller, processor, and 3rd party of personal information?
8. Identify the personal data considered as sensitive personal information.
9. Identify the data privacy rights processes to be integrated in the personal data processing of a
government agency and private enterprise?
10. Identify the lawful criteria that justify the government agency and private enterprise to process
personal information of a Data Subject?
11. Identify the privacy principles that determine valid collection, retention, and use of personal
information?
12. Identify the valid indicator that data sharing respects data privacy right and security of personal
information.
13. Identify the two pre-requisite input in doing privacy impact assesnent
14. Identify two critical evidences that demonstrate security incident management?
15. What is the ISO standard that identifies and describes the data privacy principles of the rules
and regulation?
16. What is the ISO standard that identifies and describes the information security controls of the
rules and regulation?
17. What are the ISO standards that provide proper guidance on privacy impact assessment and
security risks management
18. What is the ISO standard to guide the setting up of a security incident management system?
19. What is the ISO standards to identify and describe the data privacy management capability?
20. What is the NPC advisory/issuance to gude complaint handling procedures?