Privacy Fundamentals
What is the primary purpose of a privacy notice?
A. To advertise company products
B. To inform individuals how their data is processed
C. To collect marketing consent
Answer: B. To inform individuals how their data is processed
Under RA 10173, who is primarily accountable for data protection compliance?
A. Any employee
B. The Data Protection Officer
C. The head of the organization
Answer: C. The head of the organization
The principle “Purpose Limitation” means:
A. Use data for any business need
B. Use data only for declared, specific purposes
C. Limit data storage to one location
Answer: B. Use data only for declared, specific purposes
Which of the following practices reduces workplace privacy risks?
A. Sharing passwords for convenience
B. Locking screens when stepping away
C. Storing PHI in personal email
Answer: B. Locking screens when stepping away
Which is a common privacy risk when using free mobile apps?
A. Larger screen size
B. Excessive data collection
C. Slow loading times
Answer: B. Excessive data collection
Which of the following is not personal data?
A. Office temperature
B. Employee ID number
C. Home address
Answer: A. Office temperature
NPC requires organizations to implement which of the following?
A. Data Privacy Impact Rating
B. Privacy Management Program
C. Free data access for all employees
Answer: B. Privacy Management Program
Which right allows individuals to correct inaccurate information?
A. Right to Rectification
B. Right to Restriction
C. Right to Withdraw
Answer: A. Right to Rectification
Which scenario is a privacy red flag?
A. Using a VPN on company devices
B. Printing employee files and leaving them on a shared desk
C. Securing documents in locked cabinets
Answer: B. Printing employee files and leaving them on a shared desk
What does “profiling” mean in data privacy?
A. Assigning tasks to managers
B. Automated processing to evaluate personal aspects
C. Preparing employee records
Answer: B. Automated processing to evaluate personal aspects
What does “data retention” refer to?
A. Backing up files monthly
B. Keeping data only as long as necessary
C. Storing data in multiple locations
Answer: B. Keeping data only as long as necessary
Which of the following is a reportable breach indicator?
A. Minor system downtime
B. Unauthorized disclosure of personal data
C. Scheduled maintenance
Answer: B. Unauthorized disclosure of personal data
“Storage Limitation” refers to:
A. Limiting file cabinet capacity
B. Not keeping personal data longer than necessary
C. Encrypting all digital files
Answer: B. Not keeping personal data longer than necessary
What should employees do before disposing printed records with personal data?
A. Throw them in a regular trash bin
B. Leave them on the table for collection
C. Shred or place in confidential disposal bins
Answer: C. Shred or place in confidential disposal bins
If an AI tool stores user prompts, the main risk is:
A. Better system performance
B. Retention of personal or sensitive data
C. Lower electricity usage
Answer: B. Retention of personal or sensitive data
Which of the following is an example of anonymization?
A. Masking data with partial information
B. Removing identifiers so individuals can no longer be re-identified
C. Encrypting data with a password
Answer: B. Removing identifiers so individuals can no longer be re-identified
What document is required when submitting a breach to the NPC?
A. Privacy Risk Card
B. Breach Notification Form
C. Audit Findings Summary
Answer: B. Breach Notification Form
Which principle requires organizations to ensure safeguards, processes, and accountability?
A. Data Quality
B. Proportionality
C. Accountability
Answer: C. Accountability
Which of the following requires notifying the DPO?
A. Requesting new office supplies
B. Receiving personal data not intended for you
C. Joining a team building activity
Answer: B. Receiving personal data not intended for you
What is a key risk of third-party AI vendors?
A. Improved efficiency
B. Unclear data handling and storage practices
C. Faster processing
Answer: B. Unclear data handling and storage practices
Which security measure protects data in transit?
A. Shredding documents
B. Using HTTPS/encryption
C. Retention schedules
Answer: B. Using HTTPS/encryption
Which processing activity requires a PIA under NPC rules?
A. New cafeteria vendor onboarding
B. Deployment of an AI tool analyzing employee behavior
C. Changing office uniforms
Answer: B. Deployment of an AI tool analyzing employee behavior
The right to object is triggered when:
A. Data is being used for direct marketing
B. Data is deleted
C. Data is already anonymized
Answer: A. Data is being used for direct marketing
In role-based access controls, employees should have:
A. Access to everything for convenience
B. Access based on job need (“need-to-know”)
C. Access depending on tenure
Answer: B. Access based on job need (“need-to-know”)
Which of the following best describes “dataset poisoning”?
A. Corrupted data that biases AI models
B. Backing up data too often
C. Resetting AI models for optimization
Answer: A. Corrupted data that biases AI models