lOMoARcPSD|25562793

Topic 12 MCQs Data Privacy Act

BS Accountancy (University of Baguio)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)
 lOMoARcPSD|25562793

REPUBLIC ACT NO. 10173

AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN
INFORMATION AND COMMUNICATIONS SYSTEMS IN THE
GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS
PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER
PURPOSES
ANS # STATEMENTS AND CHOICES
A 1 It is known as the Data Privacy Act of 2012.
(Sec 1) A. RA 10173
B. RA 10137
C. RA 10317
A 2 The State recognizes the vital role of information
(Sec 2) and
communications technology in nation-building and
its inherent obligation to ensure that personal
information in information and communications
systems in the government and in the_______
sector are secured and protected.
A. PRIVATE
B. PUBLIC
C. PRIVATE AND PUBLIC
A 3 It is the commission referred in the Data Privacy
(Sec 3) Act.
A. NATIONAL PRIVACY COMMISSION
B. NATIONAL DATA PRIVACY COUNCIL
C. NATIONAL INFORMATION PRIVACY
COMMISSION
A 4 RA 10173 does not apply to the following except
(Sec 4) A. PERSONAL INFORMATION CONTROLLERS
B. THE INDIVIDUAL IS OR WAS AN OFFICER
OR EMPLOYEE OF THE GOVERNMENT
INSTITUTION
C. THE NAME OF THE INDIVIDUAL ON A
DOCUMENT PREPARED BY THE
INDIVIDUAL IN THE COURSE OF
EMPLOYMENT WITH THE GOVERNMENT
A 5 Nothing in DATA PRIVACY Act shall

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)

 lOMoARcPSD|25562793

(Sec 5) be construed as to the publishers, editors or duly

accredited reporters of any newspaper, magazine
or
periodical of general circulation protection from
being compelled
A. TO REVEAL THE SOURCE OF ANY NEWS
REPORT OR INFORMATION APPEARING
IN SAID PUBLICATION WHICH WAS
RELATED IN ANY CONFIDENCE TO SUCH
PUBLISHER, EDITOR, OR REPORTER
B. TO REVEAL THE SOURCE OF ANY NEWS
REPORT OR INFORMATION APPEARING
IN SAID PUBLICATION WHICH WAS
RELATED TO PUBLIC INFORMATION
C. TO REVEAL THE SOURCE OF ANY NEWS
REPORT OR INFORMATION APPEARING
IN SAID PUBLICATION WHICH WAS
RELATED TO GOVERNMENT
C 6 This Data Privacy Act applies to an act done or
(Sec 6) practice engaged in and outside of the Philippines
by an entity if
A. THE ACT, PRACTICE OR PROCESSING
RELATES TO PERSONAL INFORMATION
ABOUT A NONRESIDENT ALIEN
B. A NATURAL ENTITY UNINCORPORATED IN
THE PHILIPPINES BUT HAS CENTRAL
MANAGEMENT AND CONTROL IN THE
COUNTRY
C. AN ENTITY THAT HAS A BRANCH,
AGENCY, OFFICE OR SUBSIDIARY IN THE
PHILIPPINES AND THE PARENT OR
AFFILIATE OF THE PHILIPPINE ENTITY
HAS ACCESS TO PERSONAL
INFORMATION
C 7 Which of the following is not a function of National
(Sec 7) Privacy Commission?
A. ENSURE COMPLIANCE OF PERSONAL
INFORMATION CONTROLLERS
B. COMPEL OR PETITION ANY ENTITY,
GOVERNMENT AGENCY OR

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)

 lOMoARcPSD|25562793

INSTRUMENTALITY TO ABIDE BY ITS

ORDERS OR TAKE ACTION ON A MATTER
AFFECTING DATA PRIVACY
C. PUBLISH ON A REGULAR BASIS A GUIDE
TO ALL LAWS RELATING TO DATA PIRACY

C 8 The National Privacy Commission shall ensure at

(Sec 8) all times the confidentiality of any
_______information that comes to its knowledge
and possession.
A. PRIVATE AND PUBLIC
B. INTERNATIONAL
C. PERSONAL
C 9 The National Privacy Commission shall be attached
(Sec 9) to the
A. DEPARTMENT OF COMMUNICATIONS
B. DEPARTMENT OF INFORMATION
SYSTEMS
C. DEPARTMENT OF INFORMATION AND
COMMUNICATIONS TECHNOLOGY
C 10 The National Privacy Commission is authorized to
(Sec 10) establish a
A. COMMITTEE
B. BOARD
C. SECRETARIAT
A 11 Who shall ensure the implementation of personal
(Sec 11) information processing principles?
A. PERSONAL INFORMATION CONTROLLER
B. PRIVATE INFORMATION MANAGER
C. NATIONAL PRIVACY COMMISSIONER
A 12 Which of the following is not a criterion for lawful
(Sec 12) processing of personal information?
A. THE PROCESSING IS NECESSARY FOR
COMPLIANCE WITH A LEGAL OBLIGATION
TO WHICH THE PERSONAL INFORMATION
COMMISSIONER IS SUBJECT
B. THE PROCESSING IS NECESSARY TO
PROTECT VITALLY IMPORTANT
INTERESTS OF THE DATA SUBJECT,
INCLUDING LIFE AND HEALTH

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)

 lOMoARcPSD|25562793

C. THE PROCESSING IS NECESSARY IN

ORDER TO RESPOND TO NATIONAL
EMERGENCY
A 13 The processing of sensitive personal information
(Sec 13) and privileged information shall be prohibited,
except when
A. THE DATA SUBJECT HAS GIVEN HIS OR
HER CONSENT, SPECIFIC TO THE
PURPOSE DURING THE PROCESSING
B. THE PROCESSING IS NECESSARY TO
PROTECT THE LIFE AND HEALTH OF THE
DATA SUBJECT OR ANOTHER PERSON
C. THE PROCESSING IS NECESSARY FOR
PURPOSES OF MEDICAL TREATMENT
A 14 A personal information controller may subcontract
(Sec 14) the processing of personal information: Provided,
that
A. THE PERSONAL INFORMATION
CONTROLLER SHALL BE RESPONSIBLE
FOR ENSURING THAT PROPER
SAFEGUARDS ARE IN PLACE TO ENSURE
THE CONFIDENTIALITY OF THE
PERSONAL INFORMATION PROCESSED
B. THE PRIVATE INFORMATION PROCESSOR
SHALL BE RESPONSIBLE FOR ENSURING
THAT PROPER SAFEGUARDS ARE IN
PLACE TO ENSURE THE
CONFIDENTIALITY OF THE PERSONAL
INFORMATION PROCESSED
C. THE PUBLIC INFORMATION CONTROLLER
SHALL BE RESPONSIBLE FOR ENSURING
THAT PROPER SAFEGUARDS ARE IN
PLACE TO ENSURE THE
CONFIDENTIALITY OF THE PERSONAL
INFORMATION PROCESSED
A 15 Personal information controllers may invoke the
(Sec 15) principle of privileged communication over
A. PRIVILEGED INFORMATION
B. PERSONAL INFORMATION
C. PRIVILEDGED PUBLIC INFORMATION

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)

 lOMoARcPSD|25562793

A 16 The data subject is entitled to

(Sec 16) A. BE INFORMED WHETHER PERSONAL
INFORMATION PERTAINING TO HIM OR
HER SHALL BE, ARE BEING OR HAVE
BEEN PROCESSED
B. BE FURNISHED THE INFORMATION
INDICATED HEREUNDER AFTER THE
ENTRY OF HIS OR HER PERSONAL
INFORMATION INTO THE PROCESSING
SYSTEM OF THE PERSONAL
INFORMATION CONTROLLER, OR AT THE
NEXT PRACTICAL OPPORTUNITY
C. BE INFORMED WHETHER INFORMATION
IS PRIVATE OF NOT
C 17 Who shall invoke the rights of the data subject?
(Sec 17) A. lawful heirs
B. lawful assigns
C. lawful heirs and assigns
B 18 What is right to data portability?
(Sec 18) A. THE DATA SUBJECT SHALL HAVE THE
RIGHT, WHERE PERSONAL INFORMATION
IS PROCESSED BY THE DATA PRIVACY
PROCESSOR
B. THE DATA SUBJECT SHALL HAVE THE
RIGHT, WHERE PERSONAL INFORMATION
IS PROCESSED BY ELECTRONIC MEANS
C. THE DATA SUBJECT SHALL HAVE THE
RIGHT, WHERE PUBLIC INFORMATION IS
PROCESSED BY ELECTRONIC MEANS
B 19 Under Section 19 of the Data Privacy Act, the
(Sec 19) immediately preceding sections are not applicable if
the processed personal information are used only
for the needs of scientific and statistical research
and, on the basis of such, no activities are carried
out and no decisions are taken regarding the data
subject: Provided, that
A. THE PUBLIC INFORMATION SHALL BE
HELD UNDER STRICT CONFIDENTIALITY
AND SHALL BE USED ONLY FOR THE

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)

 lOMoARcPSD|25562793

DECLARED PURPOSE.
B. THE PERSONAL INFORMATION SHALL BE
HELD UNDER STRICT CONFIDENTIALITY
AND SHALL BE USED ONLY FOR THE
DECLARED PURPOSE.
C. THE PERSONAL INFORMATION IS
REQUIRED BY THE DEPARTMENT OF
REESEARCH AND DEVELOPMENT
B 20 He shall implement reasonable and appropriate
(Sec 20) organizational, physical and technical measures
intended for the protection of personal information
against any accidental or unlawful destruction,
alteration and disclosure, as well as against any
other unlawful processing.
A. PERSONAL DATA PROCESSOR
B. PERSONAL DATA CONTROLLER
C. PERSONAL DATA PRIVACY
COMMISSIONER
A 21 Each personal information controller is
(Sec 21) responsible for
A. PERSONAL INFORMATION UNDER ITS
CONTROL OR CUSTODY
B. INFORMATION THAT IS FROM A THIRD
PARTY AFTER PROCESSING
C. INTERNATIONAL DATA SUBJECT TO
INTER-COMPANY TRANSACTIONS,
ARRANGEMENT AND COOPERATION
A 22 Who is responsible to all sensitive personal
(Sec 22) information maintained by the government, its
agencies and instrumentalities?
A. HEAD OF AGENCIES
B. DATA COLLECTOR
C. GOVERNMENT DATA COMMISSIONER
A 23 The transport or access sensitive personal
(Sec 23) information for purposes of off-site access approved
under this subsection shall be secured
by
A. THE USE OF THE MOST SECURE
ENCRYPTION

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)

 lOMoARcPSD|25562793

B. THE USE OF THE MOST SECURE

PRIVACY SOFTWARE
C. THE USE OF THE MOST SECURE DATA
STORAGE
A 24 When will an agency require a contractor and its
(Sec 24) employees to register their personal information
processing system with the Commission?
A. IN ENTERING INTO ANY CONTRACT THAT
MAY INVOLVE ACCESSING OR
REQUIRING SENSITIVE PERSONAL
INFORMATION FROM ONE THOUSAND OR
MORE INDIVIDUALS
B. IN ENTERING INTO ANY SERVICE
CONTRACT THAT MAY INVOLVE
POSSESSING OR REQUIRING SENSITIVE
PERSONAL INFORMATION FROM ONE
THOUSAND OR MORE INDIVIDUALS
C. IN ENTERING INTO ANY CONTRACT THAT
MAY INVOLVE ACCESSING OR
REQUIRING SENSITIVE PUBLIC
INFORMATION FROM ONE THOUSAND OR
MORE INDIVIDUALS
A 25 The unauthorized processing of personal
(Sec 25) information shall be penalized by imprisonment
ranging from one (1) year to three (3) years and a
fine of not less than Five hundred thousand pesos
(Php500,000.00) but not more than Two million
pesos (Php2,000,000.00) shall be imposed on
persons who process personal information
___________under Data Privacy Act or any
existing law.
A. WITHOUT THE CONSENT OF THE DATA
SUBJECT, OR WITHOUT BEING
AUTHORIZED
B. WITH THE CONSENT OF THE DATA
SUBJECT BUT WITHOUT BEING
AUTHORIZED
C. WITHOUT THE CONSENT OF THE DATA
SUBJECT BUT BEING AUTHORIZED
C 26 Which of the following is not penalized under Data

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)

 lOMoARcPSD|25562793

(Sec 26) Privacy Act?

A. THE UNAUTHORIZED PROCESSING OF
PERSONAL INFORMATION
B. ACCESSING PERSONAL INFORMATION
AND SENSITIVE PERSONAL
INFORMATION DUE TO NEGLIGENCE
C. IMPROPER DISPOSAL OF PERSONAL
INFORMATION AND SENSITIVE PUBLIC
INFORMATION
C 27 It is committed by a person who knowingly or
(Sec 27) negligently dispose, discard or abandon the
personal information of an individual.
A. THE UNAUTHORIZED PROCESSING OF
PERSONAL INFORMATION
B. ACCESSING PERSONAL INFORMATION
AND SENSITIVE PERSONAL
INFORMATION DUE TO NEGLIGENCE
C. IMPROPER DISPOSAL OF PERSONAL
INFORMATION AND SENSITIVE PRIVATE
INFORMATION
C 28 It is committed by persons processing sensitive
(Sec 28) personal information for purposes not authorized by
the data subject.
A. THE UNAUTHORIZED PROCESSING OF
PERSONAL INFORMATION
B. ACCESSING PERSONAL INFORMATION
AND SENSITIVE PERSONAL
INFORMATION DUE TO NEGLIGENCE
C. PROCESSING OF PERSONAL
INFORMATION AND SENSITIVE
PERSONAL INFORMATION FOR
UNAUTHORIZED PURPOSES
C 29 An act committed by persons who knowingly and
(Sec 29) unlawfully, or violating data confidentiality and
security data systems, breaks in any way into any
system where personal and sensitive personal
information is stored.
A. ACCESSING PERSONAL INFORMATION
AND SENSITIVE PERSONAL
INFORMATION DUE TO NEGLIGENCE

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)

 lOMoARcPSD|25562793

B. PROCESSING OF PERSONAL
INFORMATION AND SENSITIVE
PERSONAL INFORMATION FOR
UNAUTHORIZED PURPOSES
C. UNAUTHORIZED ACCESS OR
INTENTIONAL BREACH
C 30 It is an act where persons who, after having
(Sec 30) knowledge of a security breach and of the
obligation to notify the Commission intentionally or
by omission conceals the fact of such security
breach.
A. CONCEALMENT OF DATA BREACHES
INVOLVING SENSITIVE PERSONAL
INFORMATION
B. CONCEALMENT OF SECURITY BREACHES
INVOLVING SENSITIVE PUBLIC
INFORMATION
C. CONCEALMENT OF SECURITY BREACHES
INVOLVING SENSITIVE PERSONAL
INFORMATION
A 31 An act committed by any personal information
(Sec 31) controller or personal information processor or any
of its officials, employees or agents, who, with
malice or in bad faith, discloses unwarranted or
false information relative to any personal
information or personal sensitive information
obtained by him or her.
A. MALICIOUS DISCLOSURE
B. MALICIOUS DATA PROCESSING
C. BAD FAITH DISCLOSURE
A 32 Refers to the disclosure to a third party personal
(Sec 32) information without the consent of the data subject.
A. UNAUTHORIZED DISCLOSURE
B. MALICIOUS DISCLOSURE
C. PENDING DISCLOSURE
A 33 Which of the following statements is correct?
(Sec 33) A. ANY COMBINATION OR SERIES OF ACTS
AS DEFINED IN SECTIONS 25 TO 32 OF
THE DATA PRIVACY ACT SHALL MAKE THE
PERSON SUBJECT TO IMPRISONMENT

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)

 lOMoARcPSD|25562793

RANGING FROM THREE (3) YEARS TO SIX

(6) YEARS
B. UNAUTHORIZED DISCLOSURE IS ONLY
COMMITTED BY AN AGENT
C. PERSONAL CONTROLLER IS NOT
SUBJECT TO INTENTIONAL BREACH
A 34 Under RA 10173, If the offender is a corporation,
(Sec 34) partnership or any juridical person, the penalty shall
be imposed upon
A. THE RESPONSIBLE OFFICERS
B. THE CEO
C. THE BOARD OF DIRECTORS
A 35 The __________penalty in the scale of penalties
(Sec 35) respectively provided for the preceding offenses
shall be imposed when the personal information of
at
least one hundred persons is harmed, affected or
involved as the result of the above mentioned
actions.
A. MAXIMUM
B. MINIMUM
C. ACCEPTABLE
B 36 When the offender or the person responsible for the
(Sec 36) offense on RA 10173 is ________as defined in the
Administrative Code of the Philippines in the
exercise of his or her duties, an accessory penalty
consisting in the disqualification to occupy public
office for a term double the term of criminal penalty
imposed shall he applied.
A. AN EMPLOYEE
B. A PUBLIC OFFICER
C. AN AGENT
B 37 Under RA 10173, Restitution for any aggrieved
(Sec 37) party shall be governed by the provisions of the
A. OLD DATA PRIVACY LAWS
B. NEW CIVIL CODE
C. PD 1371
B 38 Any doubt in the interpretation of any provision of
(Sec 38) Data Privacy Act shall be
A. INTERPRETED BY THE COURT

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)

 lOMoARcPSD|25562793

B. LIBERALLY INTERPRETED IN A MANNER

MINDFUL OF THE RIGHTS AND
INTERESTS OF THE INDIVIDUAL ABOUT
WHOM PERSONAL INFORMATION IS
PROCESSED
C. REFERRED TO THE DATA PRIVACY
COMMISSION
B 39 It shall promulgate the rules and regulations to
(Sec 39) effectively implement the provisions of Data Privacy
Act.
A. NATIONAL PRIVACY COUNCIL
B. NATIONAL PRIVACY COMMISSION
C. NATIONAL PRIVACY CONTROLLER
B 40 The National Privacy Commission shall annually
(Sec 40) report to the
A. PRESIDENT
B. PRESIDENT AND CONGRESS
C. CONGRESS
A 41 The Commission shall be provided with an initial
(Sec 41) appropriation of Twenty million pesos to be drawn
from
A. THE NATIONAL GOVERNMENT
B. THE NATIONAL FINANCE DEPARTMENT
C. THE NATIONAL BANK
A 42 Existing industries, businesses and offices affected
(Sec 42) by the implementation of Data Privacy Act shall be
given one-year transitory period
from________________, to comply with the
requirements of this Act.
A. THE EFFECTIVITY OF THE IRR OR SUCH
OTHER PERIOD AS MAY BE DETERMINED
BY THE COMMISSION
B. THE EFFECTIVITY OF THE IRR
C. THE PERIOD AS MAY BE DETERMINED BY
THE COMMISSION
A 43 If any provision or part hereof is held invalid or
(Sec 43) unconstitutional under RA 10173, the remainder of
the law or the provision not otherwise affected shall
remain
A. VALID AND SUBSISTING

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)

 lOMoARcPSD|25562793

B. SUBSISTING
C. VALID BUT SUBSISTING
A 44 Which Act is amended in RA 10173?
(Sec 44) A. HUMAN SECURITY ACT OF 2007
B. DATA SECURITY ACT OF 2017
C. HUMAN PRIVACY ACT OF 1997
A 45 Data Privacy Act shall take effect fifteen (15) days
(Sec 45) ____________in at least two (2) national
newspapers of general circulation.
A. AFTER ITS PUBLICATION
B. BEFORE REPEAL
C. AFTER AMMENDMENT OF RA 9372

Downloaded by Mike Gowan (michaelgowan122@yahoo.com)