Data Privacy Basics
Personal Data Detective
Data Subject Rights
Breach & Incident Response
Pytera Privacy & Security
100

This Philippine law protects personal information in both government and private sectors.

A. Data Privacy Act of 2012 (RA 10173)

B. Data Privacy Act of 2012 (RA 17301)

C. Data Privacy Act of 2012 (RA 13017)

A. Data Privacy Act of 2012 (RA 10173)

100

Name, address, email address, and contact number belong to this category of data.

A. Personal Information (PI)

B. Sensitive Personal Information (SPI)

C. Privileged Information

A. Personal Information (PI)

100

The right to know how your data is collected, used, and stored.

A. Right to Rectification/Correction

B. Right to Erasure or Blocking

C. Right to be Informed  

C. Right to be Informed  

100

A recruiter emails a spreadsheet containing applicant resumes and contact details to a person who falsely claimed to be a hiring manager without first verifying the request. What type of data breach occurred? 

A. Integrity Breach

B. Confidentiality Breach

C. Availability Breach

B. Confidentiality Breach

100

A fraudulent email designed to trick recipients into revealing information. 

A. Quishing

B. Phishing

C. Smishing

B. Phishing

200

An individual whose personal data is collected and processed. 

A. National Privacy Commission

B. Data Protection Officer

C. Data Subject

C. Data Subject

200

Race, health information, and government IDs belong to this category. 


A. Personal Information (PI)

B. Sensitive Personal Information (SPI)

C. Privileged Information

B. Sensitive Personal Information (SPI)

200

What is the Right to Access?

A. A right that allows a data subject to request deletion of unlawfully processed personal data.

B. A right that allows a person to transfer or reuse their personal data for their own purposes.

C. A right that allows the data subjects to obtain a copy of their personal data.  

C. A right that allows the data subjects to obtain a copy of their personal data.  

200

This happens when someone changes a person’s personal information in a system without permission, affecting the accuracy and integrity of the data.

A. Integrity Breach

B. Confidentiality Breach

C. Availability Breach  

A. Integrity Breach

200

Which of the following is not a common phishing indicator? 

A. suspicious sender address

B. suspicious links

C. corporate email that matches the organization

C. corporate email that matches the organization

300

Who is the person responsible for the overall management of compliance with the Data Privacy Act?

A. Data Subject

B. National Privacy Commission

C. Data Protection Officer

C. Data Protection Officer

300

Mynimo archives this type of data after 12 months.

A. Customer Data

B. Employee Data

C. Job Application Data

C. Job Application Data

300

The right to request deletion of unlawfully processed personal data.

A. Right to Erasure or Blocking

B. Right to Rectification/Correction

C. Right to Data Portability 

A. Right to Erasure or Blocking

300

Employees must report a suspected breach to the DPO within this period. 

A. 48 hours

B. 72 hours

C. 24 hours

C. 24 hours

300

What to do when you receive an email with suspicious attachments?

A. Download the attachment

B. Avoid downloading the attachments

C. Forward the attachments to the partners  

B. Avoid downloading the attachments

400

It's the principle requiring personal data processing to be adequate, relevant, suitable, and not excessive.


A. Transparency

B. Legitimate Purpose

C. Proportionality

C. Proportionality

400

Which of the following is not Mynimo's Data Subject?

A. Customer's Employees

B. Jobseekers

C. Employees  

A. Customer's Employees

400

What is the Right to Data Portability?

A. The right to know how your data is collected, used, and stored.

B. The right allowing a person to obtain and reuse their personal data.

C. The right to correct inaccurate or incomplete information.  

B. The right allowing a person to obtain and reuse their personal data.

400

The NPC and affected data subjects must generally be notified within this timeframe after knowledge of a reportable breach. 

A. 24 hours

B. 48 hours

C. 72 hours

C. 72 hours

400

Who is the Mynimo Privacy Team?

Everyone in the company

500

The acronym ABCD-S stands for these five pillars of privacy compliance.

A. Awareness, Breach Management, Compliance, Data Protection Officer, and Security Measures

B. Awesomeness, Breach Management, Compliance, Data Protection Officer, and Security Measures

C. Awareness, Breach Management, Compliance, Data Subject, and Security Measures

A. Awareness, Breach Management, Compliance, Data Protection Officer, and Security Measures

500

Name three examples of data collected from employees.

Answers could be one of the following: 

Name, date of birth, address, contact information, government-issued IDs, job position, employment history, performance evaluations, salary information, educational attainment, certifications, pre-employment medical exams, health declarations, emergency contact information, bank account details, TIN, SSS, Pag-IBIG,PhilHealth

500

This right allows a data subject to seek compensation for damages resulting from privacy violations.

A. Right to File a Complaint

B. Right to be Indemnified

C. Right to Rectification  

B. Right to be Indemnified

500

Name all three types of data breaches.

Confidentiality, Integrity, and Availability Breaches

500

What is the email address of Pytera's Data Protection Officer?

privacy@mynimo.com

M
e
n
u