CLARESSA MARQUEZ-LEDESMA

2009301343
REM 126 - Classwork on Data Privacy

Please submit fifteen (15) MCQs, with time stamps and answer key with brief explanations (45 point s)

1. It is at the heart of the real estate business. In this digital economy, it has taken on new dimensions
that impact how real estate professionals collect, share, and, most important, protect the
information they use in their businesses.
A. Competence
B. Trust
C. Confidence
D. Integrity

Answer: B. Trust
Time stamp: 13:25

2. The purpose of this law is to encourage and require businesses and the general public to protect
personal information under their control in order to avoid misappropriation of that information.
A. RA 10173
B. RA 10713
C. RA 10175
D. RA 1151

Answer: A. RA 10173
Time stamp: 18:16

3. Consent of the data subject to the collection and processing of personal information about
and/or relating to him or her shall be evidenced by the following means, except:
A. Verbal/Oral
B. Electronic
C. Written
D. Recorded

Answer: A. Verbal/Oral
Time stamp: 21:24

4. It refers to an individual whose personal information is processed.

A. Client
B. Subject
C. Victim
D. Data Subject

Answer: D. Data Subject

Time Stamp: 24:30

5. It refersto any information whether recorded in a material form or not, from which the identity of
an individual is apparent or can be reasonably and directly ascertained by the entity holding the
information, or when put together with other information would directly and certainly identify an
individual.
A. Personal information
B. Records
C. Identity
D. Priviledged information

Answer: A. Personal information

Time stamp: 24:49

6. Which of the following is not considered as sensitive personal information under the data and
privacy law?
A. Addresses
B. Marital status
C. Health records
D. Licenses

Answer: A. Addresses
Time stamp: 26:31, 30:15

7. It refers to any operation or any set of operations performed upon personal information
including, but not limited to, the collection, recording, organization, storage, updating or
modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
A. Procedure
B. Processing
C. Performance
D. Tasks

Answer: B. Processing
Time stamp: 32:10

8. The processing of personal information shall be allowed, subject to compliance with the
requirements of this Act and other laws allowing disclosure of information to the public and
adherence to the following principles, except:
A. Transparency
B. Lgitimate purpose
C. Proportionality
D. Originality

Answer: D. Originality
Time stamp: 34:57

9. Which is not a Criteria for Lawful Processing of Personal Information?

A. The data subject has given his or her consent
B. The processing is necessary for compliance with a legal obligation to which the personal information
controller is subject
C. The processing is necessary to protect vitally important interests of the data subject, including life
and health
D. The commercial value or financial gain derived from processing personal information

Answer: D. The commercial value or financial gain derived from processing personal information
Time stamp: 43:30, 45:45

10. The processing of sensitive personal information and privileged information shall be prohibited,
except in which of the following cases:

A. The processing is not necessary to achieve the lawful a n d noncommercial objectives of public
organizations and their associations
B. That such regulatory enactments does not guarantee the protection of the sensitive personal
information and the privileged information
C. The data subject has given his or her consent, specific to the purpose prior to the processing, or in
the case of privileged information, all parties to the exchange have given their consent prior to
processing
D. The processing is not necessary to achieve the lawful a n d noncommercial objectives of public
organizations and their associations

Answer: C. The data subject has given his or her consent, specific to the purpose prior to the
processing, or in the case of privileged information, all parties to the exchange have given their
consent prior to processing
Time stamp: 48:51, 50:25, 51:11
11. What is the penalty for unauthorized processing of personal information?
A. Shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not
less than Five hundred thousand pesos (Php500,000.00) but not more than Two milion pesos
(Php2,000,000.00) shall be imposed on persons who process personal information without the consent
of the data subject, or without being authorized under this Act or any existing law.
B. Shall be penalized by imprisonment ranging from one (1) year to three (3) years only
C. A fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two milion
pesos (Php2,000,000.00) shall be imposed.
D. Shall be penalized by imprisonment ranging from three (3) year to five (5) years only

Answer: A. Shall be penalized by imprisonment ranging from one (1) year to three (3) years and a
fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two milion
pesos (Php2,000,000.00) shall be imposed on persons who process personal information without the
consent of the data subject, or without being authorized under this Act or any existing law.
Time stamp: 53:41

12. What is the penalty for accessing sensitive personal information due to negligence?
A. Shall be penalized by imprisonment ranging from five (5) years to ten (10) years only
B. Shall be penalized by imprisonment ranging from three (3) years to six (6) years and a fine of not
less than Five hundred thousand pesos (Ph500,000.00) but not more than Four milion pesos
(Php4,000,000.00) shal be imposed on persons who, due to negligence, provided access to personal
information without being authorized under this Act or any existing law.
C. A fine of not less than Five hundred thousand pesos (Ph500,000.00) but not more than Four milion
pesos (Php4,000,000.00) shal be imposed on persons who, due to negligence, provided access to
personal information without being authorized under this Act or any existing law.
D. Shall be penalized by imprisonment ranging from one (1) years to three (3) years only

Answer: B. Shall be penalized by imprisonment ranging from three (3) years to six (6) years and a
fine of not less than Five hundred thousand pesos (Ph500,000.00) but not more than Four milion
pesos (Php4,000,000.00) shal be imposed on persons who, due to negligence, provided access to
personal information without being authorized under this Act or any existing law.
Time stamp: 54:22

13. What is the penalty for Unauthorized Access or Intentional Breach?

A. The penalty of imprisonment ranging from one (1) year to three (3) years and a fine of not less than
Five hundred thousand pesos (Php500,000.00) but not more than Two milion pesos (Php2,000,000.00
shall be imposed on persons who knowingly and unlawfuly, or violating data confidentiality and
security data systems, breaks in any way into any system where personal and sensitive personal
information is stored.
B. The penalty of imprisonment ranging from three (3) year to five (5) years
C. A fine of not less than Three hundred thousand pesos (Php300,000.00) but not more than One milion
pesos (Php1,000,000.00) shall be imposed.
D. The penalty of imprisonment ranging from three (3) year to five (5) years and a fine of not less than
Five hundred thousand pesos (Php500,000.00) but not more than Two milion pesos (Php2,000,000.00
shall be imposed on persons who knowingly and unlawfuly, or violating data confidentiality and
security data systems, breaks in any way into any system where personal and sensitive personal
information is stored.

Answer: A. The penalty of imprisonment ranging from one (1) year to three (3) years and a fine of
not less than Five hundred thousand pesos (Php500,000.00) but not more than Two milion pesos
(Php2,000,000.00 shall be imposed on persons who knowingly and unlawfuly, or violating data
confidentiality and security data systems, breaks in any way into any system where personal and
sensitive personal information is stored.
Time stamp: 56:30
14. What is the penalty for Unauthorized Disclosure by any personal information controller or
persoral information processor or any of its officials, employees or agents, who discloses to a third
party personal information not covered by the immediately preceding section without the consent
of the data subject?
A. Shall be subject to imprisonment ranging from one (1) year to three (3) years and a fine of not less
than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos
(Php1.000,000.00)
B. Shall be subject to imprisonment ranging from one (1) year to three (3) years only
C. A fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million
pesos (Php1.000,000.00) only
D. Shall be subject to imprisonment ranging from three(3) year to five (5) years and a fine of not less
than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos
(Php1.000,000.00)

Answer: A. Shall be subject to imprisonment ranging from one (1) year to three (3) years and a fine
of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos
(Php1.000,000.00)
Time stamp: 57:07

15. What is the penalty for Combination or Series of Acts — Any combination or series of acts as
defined in Sections 25 to 32?
A. Subject to imprisonment ranging from three (3) years to six (6) years only
B. Subject to imprisonment ranging from three (3) years to six (6) years and a fine of not less than One
milion pesos (Php1,000,000.00) but no: more than Five milion pesos (Prp5,000,000.00).
C. A fine of not less than One milion pesos (Php1,000,000.00) but not more than Five milion pesos
(Php5,000,000.00).
D. Subject to imprisonment ranging from five (5) years to ten (10) years and a fine of not less than Five
milion pesos (Php5,000,000.00) but not more than Ten milion pesos (Prp10,000,000.00).

Answer: B. Subject to imprisonment ranging from three (3) years to six (6) years and a fine of not
less than One milion pesos (Php1,000,000.00) but not more than Five milion pesos
(Php5,000,000.00).
Time stamp: 57:42

Cite two (2) experiences that we shared in this lecture (with time stamps), and
briefly relate how the experiences relate to data privacy (30 points)
1. One of the experiences shared in the lecture was the Murder Case in Glan Sarangani involving
identity thefts in order to extort money online, and victimized a realty firm which is the Cartojano
Realty.

Time stamp: 1:30 to 8:27

2. Another experience shared was the case of a law office who was allegedly engaged by a foreigner to
collect money, and a modus to get the firm’s bank account number to be used on their illegal agenda.
The law office was issued a fake check and because of that, the law office firm was subjected to
investigation. It’s another case involving identity theft or persons impersonating or doing a lot of tricks
online to extort money.

Time stamp: 9:41 to 12:37

Identity theft and online money extortion are direct consequences of compromised data privacy.
When personal information is inadequately protected online, malicious actors can exploit
vulnerabilities to steal identities or coerce individuals into financial transactions. Strengthening data
privacy measures is crucial to mitigate such risks and safeguard sensitive information from
unauthorized access.