Manila * Cavite * Laguna * Cebu * Cagayan De Oro * Davao

Since 1977

RFBT.3408 VILLEGAS/APRADO/MAGUMUN
IPL (RA 8293), ECA (RA 8792), DPA (RA 10173) MAY 2023

Intellectual Property Law d. Criminal action for repetition of infringement

(RA 8293, as amended)
Kinds of Licensing
A. Intellectual Property Rights
a. Voluntary
a. Copyright and Related Rights b. Compulsory
b. Trademarks and Service marks
c. Geographic Indications
D. Requirements for Trademarks
d. Industrial Designs
e. Patents
f. Utility Model
g. Layout Designs (Topographies) of Integrated Acquisition of ownership: through REGISTRATION
Circuits Test in Determining Likelihood of Confusion
h. Protection of Undisclosed Information
1. Dominance Test – Dominant features
B. Differences between Copyright, Patent and 2. Holistic Test – considered as a whole
Trademark
E. Requirements of Copyright

COPYRIGHT TRADEMARK PATENT 1. Originality

Literary or Any sign to Technical 2. Expression

artistic work distinguish the solution of a
which are goods or services problem which is It is protected from the moment of creation.
intellectual of an enterprise new, involves an
creations inventive step, Two kinds of Rights
and is a. Economic Rights (reproduction,
industrially transformation, first public distribution,
applicable rental, public display, public
Registered in Registered in IPO IPO performance, communication to the
National Library public)
b. Moral Rights
Duration of the 10 years 20 years from i. To require that the authorship of the
right is generally filing or priority works be attributed to him;
50 years after date
the death of the ii. To make any alterations;
author iii. To object to any distortion;
iv. To restrain the use of his name
C. Requirements for Patent
a. Novelty – that which does not form part of a prior Unprotected Subject Matter
art • Idea, concept, principle
b. Inventive step – it is not obvious to a person • Procedure, system method or operation
skilled in the art at the time of the filing date or • Discovery or mere data
priority date of the application claiming the • News of the day
invention • Official government text; works of the
c. Industrial applicability – it can be produced and government
used in any industry

First-to-File Rule – patent shall belong to the person Derivative Works – alteration of literary and
who filed an application for such invention. artistic works

Remedies for Patent Infringement Doctrine of Fair Use1 – fair use of copyright for
criticism, comment, news reporting, teaching
a. Action for damages including multiple copies for classroom use,
b. Injunction scholarship, research, and similar purposes is NOT
c. Disposal or Destruction by court’s order of the an infringement of copyright.
infringing goods

1
Permitted Reproduction: • one (1) back-up copy or adaptation of a computer
• private reproduction in a single copy made by a natural program by the lawful owner thereof.
person exclusively for research and private study;
• reprograhic reproduction by libraries;

Page 1 of 14 www.teamprtc.com.ph RFBT.3408

TEAM PRTC

b. Utility model
Rights related to copyright (Neighboring rights): c. Industrial design
d. Copyright
• Rights of performers
e. Lay-out design
• Rights of phonogram producers
• Rights of broadcasting organizations
8. The term of protection for Utility Model is –
a. 5 years from the date of filing of the application
F. Remedies in Case of Infringement b. 7 years from the date of filing of the application
c. 10 years from the date of the filing of the
1. Injunction application
2. Damages and Indemnity d. 20 years from the date of the filing of the
3. Impounding, confiscation and Destruction application
e. 50 years from the date of the filing of the
application
IPL MC QUESTIONS
9. The term of protection for a lay-out design of an
1. The Intellectual Property Office has the following integrated circuit is –
functions, except: a. 5 years
a. Examine applications: patents, utility models, b. 7 years
industrial designs, marks, geographic indications, c. 10 years
integrated circuits d. 20 years
b. Register technology transfer arrangements & settle e. 50 years
disputes involving payments
c. Promote use of patent information 10. The term of protection for trademark is –
d. Publish undisclosed information relevant to the a. 5 years
industry b. 7 years
e. Adjudicate proceedings affecting IPRs c. 10 years
d. 20 years
2. The term of patent is – e. 50 years
a. 5 years from the date of filing of the application
b. 7 years from the date of filing of the application 11. The following are two criteria for trademark, except:
c. 10 years from the date of the filing of the a. novelty
application b. Distinctive
d. 20 years from the date of the filing of the c. Not deceptive
application d. Answer not given
e. 50 years from the date of the filing of the
application 12. – A mark distinguishing the goods or services of
members of the association which is the proprietor of
3. The following are the three criteria to be patentable, the mark from those of other undertakings.
except: a. Collective mark
a. Novelty b. Certification mark
b. Inventive step c. Service mark
c. Territoriality d. Trademark
d. Industrially applicable e. Logo
4. It is the criterion in patent that it is not obvious to a 13. It is the legal protection extended to the owner of the
person skilled in the art at the time of the filing date or rights in an original work.
priority date of the application claiming the invention. a. Patent
a. Novelty b. Copyright
b. Inventive step c. Trademark
c. Territoriality d. Service mark
d. Industrially applicable e. Geographical Indication
5. The following are not patentable, except: 14. The term of protection of copyright is –
a. technical solution to a problem a. 5 years
b. discovery of a new plant b. 7 years
c. machines that defy laws of nature c. 10 years
d. scientific theories, mathematical methods d. 20 years
e. schemes, rules of methods, playing games e. 50 years
6. The following are criteria for the Utility model, except: 15. Alteration of the literary & artistic works, works that are
a. New derived from other existing sources.
b. Industrially applicable a. Economic Right
c. Inventive step b. Moral Right
d. Territoriality c. IP right
e. Both c and d d. Derivative Right
e. Right of Exclusion
7. It is any composition of lines or colors or any three-
dimensional form, whether or not associated with lines 16. The right to make any alterations, object to any
or colors, provided, that such composition or form gives distortion, restrain the use of his name
a special appearance to and can serve as pattern for an a. Economic Right
industrial product or handicraft. b. Moral Right
a. Prior art c. IP right

Page 2 of 14 www.teamprtc.com.ph RFBT.3408

TEAM PRTC

d. Derivative Right
e. Right of Exclusion 26. A patent is any technical solution of a problem in any
field of human activity which is:
17. The following are the Related Rights in Copyright, a. industrially applicable.
except: b. involves an inventive step
a. Rights of performers c. new
b. Rights of phonogram producers d. all of the above
c. Rights of broadcasting organizations
d. Rights of authorship 27. Thomas invented a device which, through the use of
noise, can recharge a cellphone battery. He applied for and
18. Infringement of a patent prescribes in __ years from the was granted a patent on his device, effective within the
date of the commission of the crime. Philippines. As it turns out, a year before the grant of
a. 2 years Thomas’ patent, Neil, also an inventor, invented a similar
b. 3 years device which he used in his cellphone business in Manila.
c. 4 years But Thomas files an injunctive suit against Neil to stop him
d. 5 years from using the device on the ground of patent infringement.
e. 10 years Will the suit prosper?
a. No, since the correct remedy for Thomas is a civil
19. No damages can be recovered for acts of infringement action for damages.
of a patent committed more than __ years before the b. No, since Neil is a prior user in good faith.
institution of the action for infringement. c. Yes, since Thomas is the first to register his device
a. 2 years for patent registration.
b. 3 years d. Yes, since Neil unwittingly used Thomas’ patented
c. 4 years invention.
d. 5 years
e. 10 years 28. Under this doctrine, infringement of patent occurs when
a device appropriates a prior invention by incorporating its
20. Act of selling the goods that have been clothed with a innovative concept and albeit with some modifications and
general appearance of the goods of another which is change performs the same function in substantially the
likely to deceive the ordinary purchaser exercising same way to achieve the same result.
ordinary care a. Doctrine of Prior Patent
a. Infringement b. Doctrine of Similarity
b. Piracy c. Doctrine of Equivalents
c. Estafa d. Doctrine of Substantiality
d. Unfair Competition
e. Illegal exaction 29. “Eagleson Refillers, Co.,” a firm that sells water to the
public, opposes the trade name application of “Eagleson
21. Statutory fair uses and criticisms, comment, news Laundry, Co.,” on the ground that such trade name tends to
reporting, teaching, scholarship, research, deceive trade circles or confuse the public with respect to
decompilation fall under what right in Copyright – the water firm’s registered trade name. Will the opposition
a. Economic Right prosper?
b. Derivative Right a. Yes, since such use is likely to deceive or confuse
c. Moral Right the public.
d. Fair use b. Yes, since both companies use water in conducting
e. Fair play their business.
c. No, since the companies are not engaged in the
22. The following are Economic Rights, except; same line of business.
a. reproduction d. No, since the root word “Eagle” is a generic name
b. transformation not subject to registration.
c. first public distribution
d. public performance 30. The “test of dominancy” in the Law on Trademarks, is
e. make any alterations a way to determine whether there exists an infringement
of a trademark by:
23. The following are derivative works, except: a. Determining if the use of the mark has been
a. translations of works into different languages dominant in the market.
b. Adaptation of works b. Focusing on the similarity of the prevalent features
c. Arrangement of music of the competing marks which might create confusion.
d. Abridgement of a novel c. Looking at the mark whether they are similar in
e. Right of transformation size, form or color.
d. Looking at the mark whether there is one specific
24. This intellectual property is protected from the moment feature that is dominant.
of its creation.
a. Trademark 31. Under the Intellectual Property Code, lectures, sermons,
b. Service mark addresses or dissertations prepared for oral delivery,
c. Patent whether or not reduced in writing or other material forms,
d. Copyright are regarded as:
e. Geographical Indication a. Non-original works.
b. Derivative works
25. The oldest law in Copyright Law. c. Original works.
a. Berne Convention d. Not subject to protection.
b. Rome Convention
c. TRIPS Agreement 32. Alden came up with a new way of presenting a telephone
d. WIPO Copyright Treaty directory in a mobile phone, which he dubbed as the

Page 3 of 14 www.teamprtc.com.ph RFBT.3408

TEAM PRTC

“digiTel” and which uses lesser time for locating names and recognize the authenticity and reliability of electronic
telephone numbers. May Alden have his “digiTel” documents related to such activities and to promote the
copyrighted in his name? universal use of electronic transaction in the government
a. No, because it is a mere system or method. and general public. (Sec. 3, RA 8792)
b. Yes, because it is an original creation.
c. Yes, because it entailed the application of 2. Application
Alden’s intellect.
d. No, because it did not entail any application of The law shall apply to any kind of data message and
Alden’s intellect. electronic document used in the context of commercial and
non-commercial activities to include domestic and
33. Zion, a junior accountant in XYZ Auditing Firm, wrote a international dealings, transactions, arrangements,
newspaper publisher a letter disputing a columnist’s claim agreements contracts and exchanges and storage of
about an incident in the accountant’s family. Zion used the information.
auditing firm’s letterhead and its computer in preparing the
letter. T also requested the firm’s messenger to deliver the 3. Definition of Terms
letter to the publisher. Who owns the copyright to the letter?
a. Zion, since he is the original creator of the "Electronic Data Message" refers to information generated,
contents of the letter. sent, received or stored by electronic, optical or similar
b. Both Zion and the publisher, one wrote the means.
letter to the other who has possession of it.
c. The auditing firm since it was an employee and "Information and Communications System" refers to a
he wrote it on the firm’s letterhead. system intended for and capable of generating, sending,
d. The publisher to whom the letter was sent. receiving, storing, or otherwise processing electronic data
messages or electronic documents and includes the
34. Luigi’s painting of Madonna and Child was used by her computer system or other similar device by or in which data
mother to print some personalized gift wrapper. As part of is recorded or stored and any procedures related to the
her mother’s efforts to raise funds for a charity, the mother recording or storage of electronic data message or
of Luigi sold the wrapper to friends. Dimitri, an electronic document.
entrepreneur, liked the painting in the wrapper and made
many copies and sold the same through National Bookstore. "Electronic Signature" refers to any distinctive mark,
Which statement is most accurate? characteristic and/or sound in electronic form, representing
a. Dimitri can use the painting for his use the identity of a person and attached to or logically
because this is not a copyrightable material. associated with the electronic data message or electronic
b. Luigi can sue Dimitri for infringement because document or any methodology or procedures employed or
artistic works are protected from the moment adopted by a person and executed or adopted by such
of creation. person with the intention of authenticating or approving an
c. Works of art need to be copyrighted also to get electronic data message or electronic document.
protection under the law.
d. Dimitri can use the drawing even though not "Electronic Document" refers to information or the
copyrighted because it is already a public representation of information, data, figures, symbols or
property having been published already. other modes of written expression, described or however
represented, by which a right is established or an obligation
35. Copyright shall last during the lifetime of the author and extinguished, or by which a fact may be prove and affirmed,
___ years after his death. which is receive, recorded, transmitted, stored, processed,
a. 10 years retrieved or produced electronically. (Section 5, RA 8792)
b. 50 years Note: the term "electronic document" may be used
c. 20 years interchangeably with "electronic data message". (A.M. No.
d. 100 years 01-7-01-SC)

36. Term of protection of Patent "Ephemeral electronic communication" refers to telephone

a. 10 years conversations, text messages, chatroom sessions,
b. 20 years streaming audio, streaming video, and other electronic
c. 30 years forms of communication the evidence of which is not
d. 50 years recorded or retained. (Sec. 1, A.M. No. 01-7-01-SC)

37. Term of protection of Utility model "Digital signature" refers to an electronic signature
a. 5 years consisting of a transformation of an electronic document or
b. 7 years an electronic data message using an asymmetric or public
c. 10 years cryptosystem such that a person having the initial
d. 20 years untransformed electronic document and the signer's public
key can accurately determine:

i. whether the transformation was created using the

ELECTRONIC COMMERCE ACT private key that corresponds to the signer's public
(RA 8792) key; and

1. Principles
ii. whether the initial electronic document had been
The law aims to facilitate domestic and international altered after the transformation was made.
dealings, transactions, arrangements agreements,
contracts and exchanges and storage of information 4. Legal Recognition And Communication Of
through the utilization of electronic, optical and similar Electronic Data Message And Electronic
medium, mode, instrumentality and technology to Documents

Page 4 of 14 www.teamprtc.com.ph RFBT.3408

TEAM PRTC

Legal Recognition of Electronic Data Messages or The electronic transactions made through networking
Documents among banks, or linkages thereof with other entities or
networks, and vice versa, shall be deemed consummated
In cases of documents and signatures in electric form, the upon the actual dispensing of cash, or the debit of one
information shall not be denied legal effect, validity or account, and the corresponding credit to another, whether
enforceability solely on the grounds that it is in the data such transaction is initiated by the depositor, or by an
message purporting to give rise to such legal effect, or that authorized collecting party. The obligation of one bank,
it is merely referred to in that electronic data message (Sec. entity, or person similarly situated to another arising
6, RA 8792). For evidentiary purposes, an electronic therefrom shall be considered absolute, and shall not be
document shall be the functional equivalent of a written subjected to the process of preference of credits (Sec. 16
document under existing laws (Sec. 7 of RA 8792). (2) of RA 8792).
On the other hand, as to electronic signature placed on the
electronic document, it shall be equivalent to the signature 5. Electronic Commerce in Carriage of Goods
of a person on a written document if that signature is proved
by showing that a prescribed procedure, not alterable by the
parties interested in the electronic document, existed under This applies to any action in connection with, or in
which: pursuance of, a contract of carriage of goods, including but
not limited to:
a. (i) Furnishing the marks, number, quantity or
a. A method is used to identify the party sought to be weight of goods; (ii) stating or declaring the nature
bound and to indicate said party’s access to the or value of goods; (iii) issuing a receipt for goods;
electronic document necessary for his consent or (iv) confirming that goods have been loaded;
approval through the electronic signature; b. (i) Notifying a person of terms and conditions of the
b. Said method is reliable and appropriate for the purpose
contract; (ii) giving instructions to a carrier;
for which the electronic document was generated or
c. (i) Claiming delivery of goods; (ii) authorizing
communicated, in the light of all circumstances,
including any relevant agreement; release of goods; (iii) giving notice of loss of, or
c. It is necessary for the party sought to be bound, in or damage to goods;
order to proceed further with the transaction, to have d. Giving any other notice or statement in connection
executed or provided the electronic signature; and with the performance of the contract;
d. The other party is authorized and enabled to verify the e. Undertaking to deliver goods to a named person or
electronic signature and to make the decision to a person authorized to claim delivery;
proceed with the transaction authenticated by the f. Granting, acquiring, renouncing, surrendering,
same. (Sec. 7 of RA 8792) transferring or negotiating rights in goods; and
g. Acquiring or transferring rights and obligations
In furtherance of the support in favor of the recognition under the contract (Sec. 25, RA 8792).
of electronic signature, it shall be presumed that electronic
signature is the signature of the person to whom it Transport of Goods
correlates and it was affixed by that person with the
intention of signing or approving the electronic document In the transport of the goods to the buyer or recipient, RA
unless the person relying on the electronically signed 8792 provides:
electronic document knows or has noticed of defects in or
unreliability of the signature or reliance on the electronic 1. Where the law requires that any action referred to
signature is not reasonable under the circumstances (Sec. contract of carriage of goods be carried out in writing or
8 of RA 8792). by using a paper document, that requirement is met if
the action is carried out by using one or more data
Communication of Electronic Data Messages or messages or electronic documents.
Documents 2. The preceding paragraph applies whether the
requirement therein is in the form of an obligation or
Under the Civil Code of the Philippines, all contracts have whether the law simply provides consequences for
three (3) essential elements, these are, consent of the failing either to carry out the action in writing or to use
contracting parties, the object which is the subject matter a paper document.
of the contract and cause of the obligation which is 3. If a right is to be granted to, or an obligation is to be
established (Article 1318 of the Civil Code). Consent is acquired by, one person and no person, and if the law
manifested by the meeting of the offer and the acceptance requires that, in order to effect this, the right or
upon the thing and the cause which are to constitute the obligation must be conveyed to that person by the
contract (1319 of the Civil Code). Under RA 8792, except transfer, or use of, a paper document, that requirement
when otherwise agreed by the parties, an offer and its is met if the right or obligation is conveyed by using one
acceptance and such other elements for the formation of or more electronic data messages or electronic
contracts may be expressed, demonstrated, and proved by documents unique;
means of electronic data messages or electronic documents. 4. For the purposes of paragraph (3), the standard of
No contract shall be denied validity or enforceability on the reliability required shall be assessed in the light of the
sole ground that it is in the form of an electronic data purpose for which the right or obligation was conveyed
message or electronic document, or that any or all of the and in the light of all the circumstances, including any
elements required under existing laws for the formation of relevant agreement.
contracts is expressed, demonstrated and proved by means 5. Where one or more data messages are used to effect
of electronic data messages or electronic documents (Sec. any action in undertaking to deliver goods to a named
16 (1) of RA 8792). person or a person authorized to claim delivery or in
granting, acquiring, renouncing, surrendering,
Consummation of the Transaction Through Electronic transferring or negotiating rights in goods, no paper
Messages or Documents document used to effect any such action is valid unless
the use of electronic data message or electronic
document has been terminated and replaced by the

Page 5 of 14 www.teamprtc.com.ph RFBT.3408

 TEAM PRTC

used of paper documents. A paper document issued in 6) the full or limited use of the documents and
these circumstances shall contain a statement of such papers for compliance with the government
termination. The replacement of the electronic data requirements: Provided, that this Act shall be itself
messages or electronic documents by paper documents mandate any department of the government, organ
shall not affect the rights or obligation of the parties of state or statutory corporation to accept or issue
involved. any document in the form of electronic data
6. If a rule of laws is compulsorily applicable to a contract messages or electronic documents upon the
of carriage of goods which is in, or is evidenced by, a adoption, promulgation and publication of the
paper document, that rule shall not be inapplicable to appropriate rules, regulations or guidelines. (Sec.
such a contract of carriage of goods which is evidenced 27, RA 8792)
by one or more electronic data messages or electronic
documents by reason of the fact that the contract is
evidenced by such electronic data messages or E-COMMERCE ACT MC QUESTIONS
electronic documents instead of by a paper document. (RA 8792)

7. ELECTRONIC TRANSACTIONS IN 1. The E-commerce Law aims to facilitate domestic and

GOVERNMENT international dealings, transactions, arrangements,
agreements, contracts and exchanges and storage of
All departments, bureaus, offices and agencies of the information through the utilization of electronic, optical
government, as well as all government-owned and - and similar medium, mode, instrumentality and
controlled corporations, that pursuant to law require or technology to recognize the authenticity and _______
accept the filling of documents, require that documents be of electronic data messages or electronic documents
created, or retained and/or submitted, issue permits, related to such activities and to promote the universal
licenses or certificates of registration or approval, or provide use of electronic transaction in the government and by
for the method and manner of payment or settlement of the general public.
fees and other obligations to the government, shall - a. Confidentiality
b. Accessibility
(a) accept the creation, filing or retention of such c. Validity
documents in the form of electronic data messages or d. Reliability
electronic documents;
2. It refers to a person by whom, or on whose behalf,
the electronic document purports to have been
(b) issue permits, licenses, or approval in the form of
created, generated and/or sent. The term does not
electronic data messages or electronic documents;
include a person acting as an intermediary with
respect to that electronic document.
(c) require and/or accept payments, and issue receipts a. Data subject c. Addressee
acknowledging such payments, through systems using b. Originator d. Intermediary
electronic data messages or electronic documents; or
3. The E-Commerce law expressly provides that for
(d) transact the government business and/or perform evidentiary purposes, an electronic document shall be
governmental functions using electronic data messages or the _______________________ under existing laws.
electronic documents, and for the purpose, are authorized a. equivalent of the public document
to adopt and promulgate, after appropriate public hearing b. equivalent of a registered document
and with due publication in newspapers of general c. exact duplicate of a notarized document
circulation, the appropriate rules, regulations, or guidelines, d. functional equivalent of a document in writing
to, among others, specify -
4. Authorities and parties with the legal right can only
1) the manner and format in which such electronic gain access to electronic documents, electronic data
data messages or electronic documents shall be messages, and electronic data messages, and
electronic signatures. For confidentiality purposes, it
filed, created, retained or issued;
shall not share or convey to any other person.
a. Obligation of Reliability
2) where and when such electronic data messages b. Obligation of Confidentiality
or electronic documents have to signed, the use of c. Obligation of Authenticity
an electronic signature, the type of electronic d. Obligation of Security
signature required;
5. Hacking or ________ refers to the unauthorized access
3) the format of an electronic data message or into or interference in a computer system / server or
electronic document and the manner the electronic information and communication system; or any access
signature shall be affixed to the electronic data in order to corrupt, alter, seal, or destroy using a
message or electronic document; computer or other similar information and
communication devices, without the knowledge and
4) the control processes and procedures as consent of the owner of the computer or information
appropriate to ensure adequate integrity, security and communications system, including the
and confidentiality of electronic data messages or introduction of computer viruses and the like, resulting
electronic documents or records of payments; in the corruption, destruction, alteration, theft or loss
of electronic data messages or electronic document.
a. Blocking d. Piracy
5) other attributes required to electronic data
b. Erasure e. Interference
messages or electronic documents or payments;
c. Cracking
and
6. The following are essential features of the E-
Commerce Law, except:

Page 6 of 14 www.teamprtc.com.ph RFBT.3408

TEAM PRTC

a. Legal recognition of electronic documents Sensitive Personal Information- The term “sensitive
b. Use in transactions involving carriage of goods personal information” refers to personal information:
c. Admissibility as evidence
d. Permanent insurance fund 1. About an individual’s race, ethnic origin, marital
e. Electronic transactions in government status, age, color, and religious, philosophical or
political affiliations;
7. This refers to information generated, sent, received or 2. About an individual’s health, education, genetic or
stored by electronic, optical or similar means. sexual life of a person, or to any proceeding for any
a. Electronic document offense committed or alleged to have been
b. Electronic signature committed by such person, the disposal of such
c. Electronic data message proceedings, or the sentence of any court in such
d. Electronic contract proceedings;
3. Issued by government agencies peculiar to an
8. Electronic transactions made through networking among individual which includes, but not limited to, social
banks is deemed consummated upon: security numbers, previous or current health
a. receipt of the email confirmation about the records, licenses or its denials, suspension or
transaction. revocation, and tax returns; and
b. sending the confirmation code to the bank. 4. Specifically established by an executive order or an
c. the actual dispensing of cash or the debit of act of Congress to be kept classified.
one account and the corresponding credit to
another. Privileged information refers to any and all forms of data
d. placing of electronic signature in the electronic which under the Rides of Court and other pertinent laws
document. constitute privileged communication.

9. I. Another term for hacking is cracking. Personal information controller refers to a person or
II. The introduction of computer viruses is also organization who controls the collection, holding, processing
categorize as hacking. or use of personal information, including a person or
organization who instructs another person or organization
a. Both statements are correct. to collect, hold, process, use, transfer or disclose personal
b. Both statements are incorrect. information on his or her behalf. The term excludes:
c. Statement I is correct while statement II is
incorrect.
(1) A person or organization who performs such functions
d. Statement I is incorrect while statement II is
as instructed by another person or organization; and
correct.

10. It is the unauthorized copying, reproduction, alteration (2) An individual who collects, holds, processes or uses
and importation of protected material. personal information in connection with the individual’s
a. Photocopying personal, family or household affairs.
b. Cracking
c. Piracy Personal information processor refers to any natural or
d. Hacking juridical person qualified to act as such under this Act to
whom a personal information controller may outsource the
11. The following are the illegal activities under E- processing of personal data pertaining to a data subject.
Commerce Act except:
a. Hacking Processing refers to any operation or any set of operations
b. Photocopying performed upon personal information including, but not
c. Piracy limited to, the collection, recording, organization, storage,
d. Violation of Consumer Act updating or modification, retrieval, consultation, use,
consolidation, blocking, erasure or destruction of data.

2. SCOPE OF APPLICATION
Data Privacy Act (RA 10173)
Who is covered by DPA
1. DEFINITION
Natural or personal person, government or private.
Data Subject- Section 3(c) of the DPA defines a data
subject as “an individual whose personal information is When DPA will not apply?
processed.” The IRR of the DPA is more specific when it
declares that the term refers to “an individual whose
(a) Information about any individual who is or was an officer
personal, sensitive personal, or privileged information is
or employee of a government institution that relates to the
processed.”
position or functions of the individual, including:
Personal Information- The term “personal information”
(1) The fact that the individual is or was an officer
refers to any information whether recorded in a material
or employee of the government institution;
form or not, from which the identity of an individual is
(2) The title, business address and office telephone
apparent or can be reasonably and directly ascertained by number of the individual;
the entity holding the information, or when put together
(3) The classification, salary range and
with other information would directly and certainly identify responsibilities of the position held by the
an individual.
individual; and

Page 7 of 14 www.teamprtc.com.ph RFBT.3408

TEAM PRTC

(4) The name of the individual on a document Information must be collected for specified and legitimate
prepared by the individual in the course of purposes determined and declared, and later processed in
employment with the government; a way compatible with such declared, specified and
legitimate purposes only.
(b) Information about an individual who is or was The collection and processing of information must not be
performing service under contract for a government contrary law, morals, or public policy.
institution that relates to the services performed, including c. Principle of Proportionality
the terms of the contract, and the name of the individual
given in the course of the performance of those services; Personal Information to be collected and processed must be
Accurate, relevant and, where necessary for purposes for
(c) Information relating to any discretionary benefit of a which it is to be used the processing of personal
financial nature such as the granting of a license or permit information, kept up to date.
given by the government to an individual, including the Adequate and not excessive in relation to the purposes for
name of the individual and the exact nature of the benefit; which they are collected and processed.

Retained only for as long as necessary for the fulfillment of

(d) Personal information processed for journalistic, artistic, the purposes for which the data was obtained or for the
literary or research purposes; establishment, exercise or defense of legal claims, or for
legitimate business purposes, or as provided by law.
Under Sec. 5 of the DPA, the protection afforded by RA No.
53 to publishers, editors or duly accredited reporters of any 4. PROCESSING OF PERSONAL INFORMATION
newspaper, magazine, or periodical of general circulation
from being compelled to reveal their source remains. Criteria for Lawful Processing of Personal
Related to Section 19, if processed information are used for Information
scientific and statistical research, DPA does not apply and
no rights afforded to data subject. Processing of personal information is allowed, unless
(e) Information necessary in order to carry out the functions prohibited by law. For processing to be lawful, any of the
of public authority which includes the processing of personal following conditions must be complied with:
data for the performance by the independent, central
monetary authority and law enforcement and regulatory a. The data subject must have given his or her consent
agencies of their constitutionally and statutorily mandated prior to the collection, or as soon as practicable and
functions. Nothing in this Act shall be construed as to have reasonable;
amended or repealed Republic Act No. 1405, otherwise b. The processing involves the personal information of
known as the Secrecy of Bank Deposits Act; Republic Act a data subject who is a party to a contractual
No. 6426, otherwise known as the Foreign Currency Deposit agreement, in order to fulfill obligations under the
Act; and Republic Act No. 9510, otherwise known as the contract or to take steps at the request of the data
Credit Information System Act (CISA); subject prior to entering the said agreement;
c. The processing is necessary for compliance with a
(f) Information necessary for banks and other financial legal obligation to which the personal information
institutions under the jurisdiction of the independent, controller is subject;
central monetary authority or Bangko Sentral ng Pilipinas to d. The processing is necessary to protect vitally
comply with Republic Act No. 9510, and Republic Act No. important interests of the data subject, including his
9160, as amended, otherwise known as the Anti-Money or her life and health;
Laundering Act and other applicable laws; and e. The processing of personal information is necessary
to respond to national emergency or to comply with
(g) Personal information originally collected from residents the requirements of public order and safety, as
of foreign jurisdictions in accordance with the laws of those prescribed by law;
foreign jurisdictions, including any applicable data privacy f. The processing of personal information is necessary
laws, which is being processed in the Philippines. for the fulfillment of the constitutional or statutory
mandate of a public authority; or
g. The processing is necessary to pursue the legitimate
interests of the personal information controller, or
by a third party or parties to whom the data is
3. DATA PRIVACY PRINCIPLES disclosed, except where such interests are
overridden by fundamental rights and freedoms of
a. Principle of Transparency the data subject, which require protection under the
Philippine Constitution.
Data subject must be made aware of the:
a. Nature Processing of SPI and Privileged Information
b. Purpose
c. Extent The processing of sensitive personal and privileged
d. Retention information is prohibited, except in any of the following
e. Rights of Data Subject cases:
f. Recipients
a. Consent is given by data subject, or by the parties
As a Personal Information Controller, you have to be to the exchange of privileged information, prior to
transparent. You must inform the data subject of what
the processing of the sensitive personal information
information will you get, for what purpose, how long will you
or privileged information, which shall be undertaken
retain such information in your system, inform the data
pursuant to a declared, specified, and legitimate
subject of the recipients of the information you gathered.
purpose;
b. The processing of the sensitive personal information
b. Principle of Legitimacy
or privileged information is provided for by existing
laws and regulations: Provided, that said laws and

Page 8 of 14 www.teamprtc.com.ph RFBT.3408

TEAM PRTC

regulations do not require the consent of the data compliance with applicable laws and regulations for
subject for the processing, and guarantee the the protection of data privacy and security.
protection of personal data; b. Data Protection Policies. Any natural or juridical
c. The processing is necessary to protect the life and person or other body involved in the processing of
health of the data subject or another person, and personal data shall implement appropriate data
the data subject is not legally or physically able to protection policies that provide for organization,
express his or her consent prior to the processing; physical, and technical security measures, and, for
d. The processing is necessary to achieve the lawful such purpose, take into account the nature, scope,
and noncommercial objectives of public context and purposes of the processing, as well as
organizations and their associations provided that: the risks posed to the rights and freedoms of data
subjects.
1. Processing is confined and related to the bona fide
members of these organizations or their 1. The policies shall implement data protection
associations; principles both at the time of the determination
2. The sensitive personal information are not of the means for processing and at the time of
transferred to third parties; and the processing itself
3. Consent of the data subject was obtained prior to 2. The policies shall implement appropriate
processing; security measures that, by default, ensure only
personal data which is necessary for the
e. The processing is necessary for the purpose of specified purpose of the processing are
medical treatment: Provided, that it is carried out processed. They shall determine the amount of
by a medical practitioner or a medical treatment personal data collected, including the extent of
institution, and an adequate level of protection of processing involved, the period of their storage,
personal data is ensured; or and their accessibility.
f. The processing concerns sensitive personal 3. The polices shall provide for documentation,
information or privileged information necessary for regular review, evaluation, and updating of the
the protection of lawful rights and interests of privacy and security policies and practices.
natural or legal persons in court proceedings, or the
establishment, exercise, or defense of legal claims, c. Records of Processing Activities. Any natural or
or when provided to government or public authority juridical person or other body involved in the
pursuant to a constitutional or statutory mandate. processing of personal data shall maintain records
that sufficiently describe its data processing
system, and identify the duties and responsibilities
5. SECURITY MEASURES FOR PROTECTION OF
of those individuals who will have access to personal
PERSONAL DATA
data. Records should include:
Data Privacy and Security
1. Information about the purpose of the
processing of personal data, including any
Personal information controllers and personal information
intended future processing or data sharing;
processors shall implement reasonable and appropriate
2. A description of all categories of data subjects,
organizational, physical, and technical security measures
personal data, and recipients of such personal
for the protection of personal data.
data that will be involved in the processing;
3. General information about the data flow within
The personal information controller and personal the organization, from the time of collection,
information processor shall take steps to ensure that any processing, and retention, including the time
natural person acting under their authority and who has limits for disposal or erasure of personal data;
access to personal data, does not process them except upon 4. A general description of the organizational,
their instructions, or as required by law. physical, and technical security measures in
place;
The security measures shall aim to maintain the availability, 5. The name and contact details of the personal
integrity, and confidentiality of personal data and are information controller and, where applicable,
intended for the protection of personal data against any the joint controller, the its representative, and
accidental or unlawful destruction, alteration, and the compliance officer or Data Protection
disclosure, as well as against any other unlawful processing. Officer, or any other individual or individuals
These measures shall be implemented to protect personal accountable for ensuring compliance with the
data against natural dangers such as accidental loss or applicable laws and regulations for the
destruction, and human dangers such as unlawful access, protection of data privacy and security.
fraudulent misuse, unlawful destruction, alteration and
contamination. d. Management of Human Resources. Any natural or
juridical person or other entity involved in the
Organizational Security Measures processing of personal data shall be responsible for
selecting and supervising its employees, agents, or
Where appropriate, personal information controllers and representatives, particularly those who will have
personal information processors shall comply with the access to personal data.
following guidelines for organizational security:
The said employees, agents, or representatives
a. Compliance Officers. Any natural or juridical person shall operate and hold personal data under strict
or other body involved in the processing of personal confidentiality if the personal data are not intended
data shall designate an individual or individuals who for public disclosure. This obligation shall continue
shall function as data protection officer, compliance even after leaving the public service, transferring to
officer or otherwise be accountable for ensuring another position, or upon terminating their
employment or contractual relations. There shall be

Page 9 of 14 www.teamprtc.com.ph RFBT.3408

TEAM PRTC

capacity building, orientation or training programs (1) Contents of his or her personal information that
for such employees, agents or representatives, were processed;
regarding privacy or security policies. (2) Sources from which personal information were
obtained;
e. Processing of Personal Data. Any natural or juridical (3) Names and addresses of recipients of the personal
person or other body involved in the processing of information;
personal data shall develop, implement and review: (4) Manner by which such data were processed;
(5) Reasons for the disclosure of the personal
information to recipients;
1. A procedure for the collection of personal data,
(6) Information on automated processes where the
including procedures for obtaining consent, when
data will or likely to be made as the sole basis for
applicable;
any decision significantly affecting or will affect the
2. Procedures that limit the processing of data, to
data subject;
ensure that it is only to the extent necessary for the
(7) Date when his or her personal information
declared, specified, and legitimate purpose;
concerning the data subject were last accessed and
3. Policies for access management, system
modified; and
monitoring, and protocols to follow during security
(8) The designation, or name or identity and address of
incidents or technical problems;
the personal information controller.
4. Policies and procedures for data subjects to exercise
their rights under the Act;
c. Right to Correct/Rectify
5. Data retention schedule, including timeline or
conditions for erasure or disposal of records.
Dispute the inaccuracy or error in the personal information
and have the personal information controller correct it
f. Contracts with Personal Information Processors.
immediately and accordingly, unless the request is
The personal information controller, through
vexatious or otherwise unreasonable. If the personal
appropriate contractual agreements, shall ensure
information have been corrected, the personal information
that its personal information processors, where
controller shall ensure the accessibility of both the new and
applicable, shall also implement the security
the retracted information and the simultaneous receipt of
measures required by the Act and these Rules. It
the new and the retracted information by recipients thereof:
shall only engage those personal information
Provided, That the third parties who have previously
processors that provide sufficient guarantees to
received such processed personal information shall he
implement appropriate security measures specified
informed of its inaccuracy and its rectification upon
in the Act and these Rules, and ensure the
reasonable request of the data subject.
protection of the rights of the data subject.

d. Right to Erasure/Blocking
6. Rights of Data Subject

Suspend, withdraw or order the blocking, removal or

a. Right to be informed
destruction of his or her personal information from the
personal information controller’s filing system upon
Be informed whether personal information pertaining to him discovery and substantial proof that the personal
or her shall be, are being or have been processed; information is incomplete, outdated, false, unlawfully
obtained, used for unauthorized purposes or are no longer
Be furnished the information indicated hereunder before the necessary for the purposes for which they were collected.
entry of his or her personal information into the processing In this case, the personal information controller may notify
system of the personal information controller, or at the next third parties who have previously received such processed
practical opportunity: personal information.

(1) Description of the personal information to be e. Right to Object

entered into the system;
(2) Purposes for which they are being or are to be As to the processing of his or her personal information
processed; including those for direct marketing or profiling.
(3) Scope and method of the personal information
processing; f. Right to Damages
(4) The recipients or classes of recipients to whom they
are or may be disclosed; Be indemnified for any damages sustained due to such
(5) Methods utilized for automated access, if the same inaccurate, incomplete, outdated, false, unlawfully obtained
is allowed by the data subject, and the extent to or unauthorized use of personal information.
which such access is authorized;
(6) The identity and contact details of the personal g. Right to Data Portability
information controller or its representative;
(7) The period for which the information will be stored; The data subject shall have the right, where personal
and information is processed by electronic means and in a
(8) The existence of their rights, i.e., to access, structured and commonly used format, to obtain from the
correction, as well as the right to lodge a complaint personal information controller a copy of data undergoing
before the Commission. processing in an electronic or structured format, which is
commonly used and allows for further use by the data
b. Right to Access subject. The Commission may specify the electronic format
referred to above, as well as the technical standards,
Reasonable access to, upon demand, the following: modalities and procedures for their transfer.

h. Right to File Complaint

Page 10 of 14 www.teamprtc.com.ph RFBT.3408

TEAM PRTC

If any of the violation under the DPA has been committed: be in the public interest, or in the interest of the
1. unlawful processing 2. malicious or unauthorized affected data subjects.
disclosure disclosure 3. improper disposal 4. processing for c. The Commission may authorize postponement of
unauthorized purpose 5. unauthorized access 6. intentional notification where it may hinder the progress of a
breach. criminal investigation related to a serious breach.

Non-applicability of Rights Breach Report

The rights mentioned are not applicable if the processed

a. The personal information controller shall notify the
personal information are used only for the needs of scientific
Commission by submitting a report, whether written
and statistical research and, on the basis of such, no
or electronic, containing the required contents of
activities are carried out and no decisions are taken
notification. The report shall also include the name
regarding the data subject: Provided, That the personal
of a designated representative of the personal
information shall be held under strict confidentiality and
information controller, and his or her contact
shall be used only for the declared purpose. Likewise, the
details.
immediately preceding sections are not applicable to
b. All security incidents and personal data breaches
processing of personal information gathered for the purpose
shall be documented through written reports,
of investigations in relation to any criminal, administrative
including those not covered by the notification
or tax liabilities of a data subject.
requirements. In the case of personal data
breaches, a report shall include the facts
7. DATA BREACH NOTIFICATION
surrounding an incident, the effects of such
incident, and the remedial actions taken by the
Notification
personal information controller. In other security
incidents not involving personal data, a report
1. The Commission and affected data subjects shall be
containing aggregated data shall constitute
notified by the personal information controller
sufficient documentation. These reports shall be
within seventy-two (72) hours upon knowledge of,
made available when requested by the Commission.
or when there is reasonable belief by the personal
A general summary of the reports shall be
information controller or personal information
submitted to the Commission annually.
processor that, a personal data breach requiring
notification has occurred.
2. Notification of personal data breach shall be Data Breach v. Security Incident:
required when sensitive personal information or any
other information that may, under the Data Breach: accidental or unlawful destruction, loss,
circumstances, be used to enable identity fraud are alteration, unauthorized disclosure of, or access to, personal
reasonably believed to have been acquired by an data transmitted, stored, or otherwise processed.
unauthorized person, and the personal information
controller or the Commission believes that such Security Incident: event or occurrence that affects or tends
unauthorized acquisition is likely to give rise to a to affect data protection, it may compromise the availability,
real risk of serious harm to any affected data integrity, and confidentiality of personal data.
subject.
3. Depending on the nature of the incident, or if there 8. OUTSOURCING AND SUBCONTRACTING
is delay or failure to notify, the Commission may AGREEMENTS
investigate the circumstances surrounding the
personal data breach. Investigations may include A personal information controller may subcontract the
on-site examination of systems and procedures. processing of personal information: Provided, That the
personal information controller shall be responsible for
The notification shall at least describe the nature of the ensuring that proper safeguards are in place to ensure the
breach, the personal data possibly involved, and the confidentiality of the personal information processed,
measures taken by the entity to address the breach. The prevent its use for unauthorized purposes, and generally,
notification shall also include measures taken to reduce the comply with the requirements of this Act and other laws for
harm or negative consequences of the breach, the processing of personal information. The personal
representatives of the personal information controller, information processor shall comply with all the
including their contact details, from whom the data subject requirements of this Act and other applicable laws.
can obtain additional information about the breach, and any
assistance to be provided to the affected data subjects. Processing by a personal information processor shall be
governed by a contract or other legal act that binds the
Delay in Notification personal information processor to the personal information
controller.
Notification may be delayed only to the extent necessary to
determine the scope of the breach, to prevent further
disclosures, or to restore reasonable integrity to the a. The contract or legal act shall set out the subject-
information and communications system. matter and duration of the processing, the nature
and purpose of the processing, the type of personal
data and categories of data subjects, the obligations
a. In evaluating if notification is unwarranted, the and rights of the personal information controller,
Commission may take into account compliance by and the geographic location of the processing under
the personal information controller with this section the subcontracting agreement.
and existence of good faith in the acquisition of b. The contract or other legal act shall stipulate, in
personal data. particular, that the personal information processor
b. The Commission may exempt a personal shall:
information controller from notification where, in its
reasonable judgment, such notification would not

Page 11 of 14 www.teamprtc.com.ph RFBT.3408

TEAM PRTC

1. Process the personal data only upon the 1. The name and address of the personal information
documented instructions of the personal controller or personal information processor, and of
information controller, including transfers of its representative, if any, including their contact
personal data to another country or an details;
international organization, unless such transfer 2. The purpose or purposes of the processing, and
is authorized by law; whether processing is being done under an
2. Ensure that an obligation of confidentiality is outsourcing or subcontracting agreement;
imposed on persons authorized to process the 3. A description of the category or categories of data
personal data; subjects, and of the data or categories of data
3. Implement appropriate security measures and relating to them;
comply with the Act, these Rules, and other 4. The recipients or categories of recipients to whom
issuances of the Commission; the data might be disclosed;
4. Not engage another processor without prior 5. Proposed transfers of personal data outside the
instruction from the personal information Philippines;
controller: Provided, that any such arrangement 6. A general description of privacy and security
shall ensure that the same obligations for data measures for data protection;
protection under the contract or legal act are 7. Brief description of the data processing system;
implemented, taking into account the nature of 8. Copy of all policies relating to data governance, data
the processing; privacy, and information security;
5. Assist the personal information controller, by 9. Attestation to all certifications attained that are
appropriate technical and organizational related to information and communications
measures and to the extent possible, fulfill the processing; and
obligation to respond to requests by data 10. Name and contact details of the compliance or data
subjects relative to the exercise of their rights; protection officer, which shall immediately be
6. Assist the personal information controller in updated in case of changes.
ensuring compliance with the Act, these Rules,
other relevant laws, and other issuances of the b. The procedure for registration shall be in accordance with
Commission, taking into account the nature of these Rules and other issuances of the Commission.
processing and the information available to the
personal information processor;
DATA PRIVACY LAW MC QUESTIONS
7. At the choice of the personal information
(RA 10173)
controller, delete or return all personal data to
the personal information controller after the end
1. The right protected under the 1987 Constitution
of the provision of services relating to the
insofar as the Data Privacy Law is concerned is –
processing: Provided, that this includes deleting
a. Right against unreasonable searches and seizure
existing copies unless storage is authorized by
b. Right to travel
the Act or another law;
c. Right against involuntary servitude
8. Make available to the personal information
d. Right against ex post facto law
controller all information necessary to
e. Right to privacy
demonstrate compliance with the obligations
laid down in the Act, and allow for and
2. The consent of the data subject must be freely given,
contribute to audits, including inspections,
specific,____________indication of the will, whereby
conducted by the personal information
the data subject agrees to the collection and processing
controller or another auditor mandated by the
of personal information about and/or relating to him or
latter;
her.
9. Immediately inform the personal information
a. learned
controller if, in its opinion, an instruction
b. informed
infringes the Act, these Rules, or any other
c. careful
issuance of the Commission.
d. analyzed
e. thorough
Duty of personal information processor
3. It refers to a system for generating, sending, receiving,
The personal information processor shall comply with the storing or otherwise processing electronic data
requirements of the Act, these Rules, other applicable laws, messages or electronic documents and includes the
and other issuances of the Commission, in addition to computer system or other similar device by or which
obligations provided in a contract, or other legal act with a data is recorded, transmitted or stored and any
personal information controller. procedure related to the recording, transmission or
storage of electronic data, electronic message, or
9. REGISTRATION AND COMPLIANCE electronic document.
REQUIREMENTS a. Filing system
b. data processing system
c. Information and communication system
The personal information controller or personal information
d. processing
processor that employs fewer than two hundred fifty (250)
persons shall not be required to register unless the
4. It refers to any act of information relating to natural or
processing it carries out is likely to pose a risk to the rights
juridical persons to the extent that, although the
and freedoms of data subjects, the processing is not
information is not processed by equipment operating
occasional, or the processing includes sensitive personal
automatically in response to instructions given for that
information of at least one thousand (1,000) individuals.
purpose, the set is structured, either by reference to
individuals or by reference to criteria relating to
a. The contents of registration shall include:
individuals, in such a way that specific information
relating to a particular person is readily accessible.

Page 12 of 14 www.teamprtc.com.ph RFBT.3408

TEAM PRTC

a. Filing system d. Principle of Incontrovertibility

b. data processing system e. Principle of Solidarity
c. Information and communication system
d. processing 12. It is important that the organization should take steps
to ensure that the data is handled legally, securely,
5. It refers to personal information about an individual’s efficiently and effectively in order to deliver the best
race, ethnic origin, marital status, age, color, and possible care.
religious, philosophical or political affiliations; a. Risk-based Approach
a. personal information b. Secured Approach
b. sensitive personal information c. Confidentiality Approach
c. confidential information d. Limited Liability Approach
d. privileged
e. Top secret information 13. The processing of personal information shall be allowed,
subject to compliance with the requirements of this Act
6. S1 - The PIP has the obligation to notify in case of and other laws allowing disclosure of information to the
breach. public and adherence to the principles of, except –
S2 – The PIP cannot share, amend or further process a. Mutuality c. Legitimate purposes
outside the bounds of contract. b. Transparency d. Proportionality
a. S1 is true; S2 is false
b. S1 is false; S2 is true 14. The processing of information shall be adequate,
c. Both are true relevant, suitable, necessary, and not excessive in
d. Both are false relation to a declared and specified purpose. Personal
data shall be processed only if the purpose of the
7. It refers to any form of automated processing of processing could not reasonably be fulfilled by other
personal data consisting of the use of personal data to means.
evaluate certain personal aspects relating to a natural a. Mutuality c. Legitimate purposes
person, in particular to analyze or predict aspects b. Transparency d. Proportionality
concerning that natural person’s performance at work,
economic situation, health, personal preferences, 15. The following are the rights given under the Data
interests, reliability, behavior, location or movements. Privacy Law, except:
a. profiling a. Data Portability d. erasure
b. data Processing b. Accessibility e. publication
c. filing system c. Blocking
d. data sharing
16. The Commission and affected data subjects shall be
8. It is an event or occurrence that affects or tends to notified by the personal information controller
affect data protection, or may compromise the ______________ (1) upon knowledge of, or (2) when
availability, integrity and confidentiality of personal there is reasonable belief by the personal information
data. It includes incidents that would result to a controller or personal information processor that, a
personal data breach, if not for safeguards that have personal data breach requiring notification has
been put in place. occurred.
a. security breach a. within 24 hours
b. security incident b. within 36 hours
c. personal data breach c. within 48 hours
d. personal data violation d. within 72 hours
e. security protocol
17. Registration of personal data processing systems
9. S1 - The Privacy Commissioner shall be assisted by operating in the country that involves accessing or
three (3) Deputy Privacy Commissioners. requiring sensitive personal information of at least
S2 - The Privacy Commissioner and the two (2) Deputy _____________ individuals, including the personal data
Privacy Commissioners shall be appointed by the processing system of contractors, and their personnel,
President of the Philippines for a term of two (2) years. entering into contracts with government agencies.
a. S1 is true; S2 is false a. 250 d. 2,000
b. S1 is false; S2 is true b. 500 e. 5,000
c. Both are true c. 1,000
d. Both are false
18. Unauthorized processing, negligent handling, or
10. The Data Privacy Act of 2012 protects all forms of improper disposal of personal information under the
information that are – except, Data Privacy Law is punishable with up to six (6) years
a. Personal imprisonment or up to ____ million pesos depending on
b. Sensitive the nature and degree of the violation.
c. Privileged a. 2 c. 4 e. 10
d. Published b. 3 d. 5

11. Each personal information controller is responsible for 19. It is act of disclosing to a third party personal
personal information under its control or custody, information not covered by the immediately preceding
including information that have been transferred to a section without the consent of the data subject.
third party for processing, whether domestically or a. malicious disclosure
internationally, subject to cross-border arrangement b. personal disclosure
and cooperation. c. unauthorized disclosure
a. Principle of Subsidiary d. impeded disclosure
b. Principle of Confidentiality e. illegal disclosure
c. Principle of Accountability

Page 13 of 14 www.teamprtc.com.ph RFBT.3408

TEAM PRTC

20. The year the Data Privacy Law took effect offers you struggles but keep on fighting until you see
a. 2010 d. 2013 success.
b. 2011 e. 2014
c. 2012
End of RFBT.3408
21. It is the commission referred in the Data Privacy Act.
a. National Data Privacy Council
b. National Privacy Commission
c. National Information Privacy Commission
d. National Data Privacy Commission

22. I. The Data Privacy Act applies to the processing of the

personal information of Philippines citizens who must reside
in the Philippines.
II. The law has no extraterritorial application.

a. Both statements are correct.

b. Both statements are incorrect.
c. Statement I is correct while statement II is
incorrect.
d. Statement I is incorrect while statement II is
correct.

23. The Data Privacy Act does not apply to the following
except:
a. Personal information processed for journalistic,
artistic, literary or research purposes
b. Information about any individual who is or was
an officer or employee of a government
institution that relates to the position or
functions of the individual.
c. Information necessary in order to carry out the
functions of public authority
d. Information processed by personal information
controllers

24. The rights of the data subject include the following

except:
a. Right to be informed
b. Right to damages
c. Right to object
d. None of the above

25. The processing of personal data shall be allowed

subject to adherence to the following principles except:
a. Transparency
b. Proportionality
c. Partiality
d. Legitimate Purpose

Struggles develop strength

One day a man was passing by a garden when he saw a

butterfly cocoon which was about to get open.

He saw a small opening on it and watched the several

hours of struggles the butterfly came through to get the
body out of it. After many hours, it seemed that the
butterfly stopped trying as there was no progress.

He thought to help the butterfly by cutting the cocoon with

a scissor. So the butterfly came out easily but the wings
were shriveled and the body was tiny and withered.

Unfortunately, the butterfly was not able to take flight and

spend the rest of life crawling with a wounded body.

Moral: This is nature’s way of telling the importance of

struggles in life. Sometimes, different kinds of struggles
are needed in life to make you stronger in the future.
Never feel disappointed in life and stop trying when life

Page 14 of 14 www.teamprtc.com.ph RFBT.3408