Show:
Privacy Fundamentals
PH DPA & NPC Compliance
Privacy Principles & Rights
Workplace Privacy & Scenarios
AI, Technology & Digital Risks
1

What is the primary purpose of a privacy notice?

A. To advertise company products
B. To inform individuals how their data is processed
C. To collect marketing consent

Answer: B. To inform individuals how their data is processed

1

Under RA 10173, who is primarily accountable for data protection compliance?

A. Any employee
B. The Data Protection Officer
C. The head of the organization

Answer: C. The head of the organization

1

The principle “Purpose Limitation” means:

A. Use data for any business need
B. Use data only for declared, specific purposes
C. Limit data storage to one location

Answer: B. Use data only for declared, specific purposes

1

Which of the following practices reduces workplace privacy risks?

A. Sharing passwords for convenience
B. Locking screens when stepping away
C. Storing PHI in personal email

Answer: B. Locking screens when stepping away

1

Which is a common privacy risk when using free mobile apps?

A. Larger screen size
B. Excessive data collection
C. Slow loading times

Answer: B. Excessive data collection

2

Which of the following is not personal data?

A. Office temperature
B. Employee ID number
C. Home address

Answer: A. Office temperature

2

NPC requires organizations to implement which of the following?

A. Data Privacy Impact Rating
B. Privacy Management Program
C. Free data access for all employees

Answer: B. Privacy Management Program

2

Which right allows individuals to correct inaccurate information?

A. Right to Rectification
B. Right to Restriction
C. Right to Withdraw

Answer: A. Right to Rectification

2

Which scenario is a privacy red flag?

A. Using a VPN on company devices
B. Printing employee files and leaving them on a shared desk
C. Securing documents in locked cabinets

Answer: B. Printing employee files and leaving them on a shared desk

2

What does “profiling” mean in data privacy?

A. Assigning tasks to managers
B. Automated processing to evaluate personal aspects
C. Preparing employee records

Answer: B. Automated processing to evaluate personal aspects

3

What does “data retention” refer to?

A. Backing up files monthly
B. Keeping data only as long as necessary
C. Storing data in multiple locations

Answer: B. Keeping data only as long as necessary

3

Which of the following is a reportable breach indicator?

A. Minor system downtime
B. Unauthorized disclosure of personal data
C. Scheduled maintenance

Answer: B. Unauthorized disclosure of personal data

3

“Storage Limitation” refers to:

A. Limiting file cabinet capacity
B. Not keeping personal data longer than necessary
C. Encrypting all digital files

Answer: B. Not keeping personal data longer than necessary

3

What should employees do before disposing printed records with personal data?

A. Throw them in a regular trash bin
B. Leave them on the table for collection
C. Shred or place in confidential disposal bins

Answer: C. Shred or place in confidential disposal bins

3

If an AI tool stores user prompts, the main risk is:

A. Better system performance
B. Retention of personal or sensitive data
C. Lower electricity usage

Answer: B. Retention of personal or sensitive data

4

Which of the following is an example of anonymization?

A. Masking data with partial information
B. Removing identifiers so individuals can no longer be re-identified
C. Encrypting data with a password

Answer: B. Removing identifiers so individuals can no longer be re-identified

4

What document is required when submitting a breach to the NPC?

A. Privacy Risk Card
B. Breach Notification Form
C. Audit Findings Summary

Answer: B. Breach Notification Form

4

Which principle requires organizations to ensure safeguards, processes, and accountability?

A. Data Quality
B. Proportionality
C. Accountability

Answer: C. Accountability

4

Which of the following requires notifying the DPO?

A. Requesting new office supplies
B. Receiving personal data not intended for you
C. Joining a team building activity

Answer: B. Receiving personal data not intended for you

4

What is a key risk of third-party AI vendors?

A. Improved efficiency
B. Unclear data handling and storage practices
C. Faster processing

Answer: B. Unclear data handling and storage practices

5

Which security measure protects data in transit?

A. Shredding documents
B. Using HTTPS/encryption
C. Retention schedules

Answer: B. Using HTTPS/encryption

5

Which processing activity requires a PIA under NPC rules?

A. New cafeteria vendor onboarding
B. Deployment of an AI tool analyzing employee behavior
C. Changing office uniforms

Answer: B. Deployment of an AI tool analyzing employee behavior 

5

The right to object is triggered when:

A. Data is being used for direct marketing
B. Data is deleted
C. Data is already anonymized

Answer: A. Data is being used for direct marketing

5

In role-based access controls, employees should have:

A. Access to everything for convenience
B. Access based on job need (“need-to-know”)
C. Access depending on tenure

Answer: B. Access based on job need (“need-to-know”)

5

Which of the following best describes “dataset poisoning”?

A. Corrupted data that biases AI models
B. Backing up data too often
C. Resetting AI models for optimization

Answer: A. Corrupted data that biases AI models