ExamGecko
Search Search Login
Home Home / IAPP / CIPP-A

IAPP CIPP-A Practice Test - Questions Answers, Page 7

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Based on the model contract released by the Privacy Commissioner for Personal Data (PDPC), Hong Kong, all of the following sections are recommended to be put into a contract to address Ordinance 33 (Data transfer/export) of Hong Kong's Personal Data Privacy Ordinance (PDPO) EXCEPT?
Hong Kong's Personal Data (Privacy) Ordinance (PDPO) was primarily inspired by which of the following?
In 2015, Section 66A of India's IT Act was ruled unconstitutional. What did this section previously prohibit?
SCENARIO – Please use the following to answer the next question: Zoe is the new Compliance Manager for the Star Hotel Group, which has five hotels across Hong Kong and China. On her first day, she does an inspection of the largest property, StarOne. She starts with the hotel reception desk. Zoe sees the front desk assistant logging in to a database as he is checking in a guest. The hotel manager, Bernard, tells her that all guest data, including passport numbers, credit card numbers, home address, mobile number and other information associated with a guest's stay is held in a database. Bernard tells her not to worry about the security of the database because it is operated for Star Hotels by a local service provider called HackProof, who therefore are responsible for all the guest data. Zoe notices what looks like a CCTV camera in the corner of the reception area. Bernard says they record all activity in the lobby. In fact, last Tuesday he had received a data access request from a lawyer requesting a copy of footage of all lobby activity for the preceding month. The lawyer's covering letter said that his client has never visited the hotel herself, but is investigating whether her husband has been doing so without her knowledge. Zoe and Bernard head up to the hotel spa. The spa is independently owned by a company called Relax Ltd. Bernard explains that Relax Ltd is a small company and, as they don't have their own database, they transfer data about the spa guests to StarOne staff so that they can upload the data into the HackProof system. Relax Ltd staff can then login and review their guest data as needed. Zoe asks more about the HackProof system. Bernard tells her that the server for the Hong Kong hotels is in Hong Kong, but there is a server in Shenzhen that has a copy of all the Hong Kong hotel data and supports the properties in China. The data is in China for back up purposes and also is accessible by staff in the China hotels so they can better service guests who visit their hotels in both territories. HackProof reports to Zoe that a copy of the entire guest database has been exfiltrated by a hacker. What is Zoe's best course of action?
Besides the Personal Data Protection Act (PDPA), which of the following is a potential source of privacy protection for Singapore citizens?
The judgement of the Supreme Court in 2017 in the case of Justice K.S. Puttaswamy (retd.) and Anr. vs. Union of India held that?
SCENARIO – Please use the following to answer the next question: Zoe is the new Compliance Manager for the Star Hotel Group, which has five hotels across Hong Kong and China. On her first day, she does an inspection of the largest property, StarOne. She starts with the hotel reception desk. Zoe sees the front desk assistant logging in to a database as he is checking in a guest. The hotel manager, Bernard, tells her that all guest data, including passport numbers, credit card numbers, home address, mobile number and other information associated with a guest's stay is held in a database. Bernard tells her not to worry about the security of the database because it is operated for Star Hotels by a local service provider called HackProof, who therefore are responsible for all the guest data. Zoe notices what looks like a CCTV camera in the corner of the reception area. Bernard says they record all activity in the lobby. In fact, last Tuesday he had received a data access request from a lawyer requesting a copy of footage of all lobby activity for the preceding month. The lawyer's covering letter said that his client has never visited the hotel herself, but is investigating whether her husband has been doing so without her knowledge. Zoe and Bernard head up to the hotel spa. The spa is independently owned by a company called Relax Ltd. Bernard explains that Relax Ltd is a small company and, as they don't have their own database, they transfer data about the spa guests to StarOne staff so that they can upload the data into the HackProof system. Relax Ltd staff can then login and review their guest data as needed. Zoe asks more about the HackProof system. Bernard tells her that the server for the Hong Kong hotels is in Hong Kong, but there is a server in Shenzhen that has a copy of all the Hong Kong hotel data and supports the properties in China. The data is in China for back up purposes and also is accessible by staff in the China hotels so they can better service guests who visit their hotels in both territories. Members of Relax Ltd's staff are concerned about the data sharing with StarOne. How should Zoe respond to their concerns?
Which jurisdiction was the first to consider IP addresses to be personal information?
SCENARIO – Please use the following to answer the next question: Dracarys Inc. is a large multinational company with headquarters in Seattle, Washington, U.S.A. Dracarys began as a small company making and selling women's clothing, but rapidly grew through its early innovative use of online platforms to sell its products. Dracarys is now one of the biggest names in the industry, and employs staff across the globe, and in Asia has employees located in both Singapore and Hong Kong. Due to recent management restructuring they have decided, on the advice of external consultants, to open an office in India in order to centralize its call center as well as its internal human resource functions for the Asia region. Dracarys would like to centralize the following human resource functions in India:
Under the PDPO, what are Hong Kong companies that make use of personal data required to do?

Question 61

Report
Export
Collapse

The "due diligence" exemption in Hong Kong's PDPO was meant to apply to?

A.

Third-party data processors located in foreign countries.

A.

Third-party data processors located in foreign countries.

Answers
B.

Companies researching the viability of business mergers.

B.

Companies researching the viability of business mergers.

Answers
C.

Service providers hosting customer information in the cloud.

C.

Service providers hosting customer information in the cloud.

Answers
D.

Direct marketers acting in the best interest of their company.

D.

Direct marketers acting in the best interest of their company.

Answers
Suggested answer: A

Explanation:

Reference: https://www.pcpd.org.hk/english/resources_centre/publications/files/GN_crossborder_e.pdf

Question 62

Report
Export
Collapse

What clarification did India make in a 2011 Press Note regarding their Sensitive Personal Data Rules?

A.

That the rules apply to data subjects located outside of India.

A.

That the rules apply to data subjects located outside of India.

Answers
B.

That the rules apply to persons or companies collecting sensitive data within India.

B.

That the rules apply to persons or companies collecting sensitive data within India.

Answers
C.

That the data processor must provide notice to the data subject before data is processed.

C.

That the data processor must provide notice to the data subject before data is processed.

Answers
D.

That sensitive personal data or information includes passwords, financial information, medical records, and biometric information.

D.

That sensitive personal data or information includes passwords, financial information, medical records, and biometric information.

Answers
Suggested answer: D

Explanation:

Reference: https://nishithdesai.com/information/news-storage/news-details/article/clarification-to-the-indian-data-protectionlaws.html

Question 63

Report
Export
Collapse

Which of the following topics was NOT addressed in India's Information Technology Act 2000 (IT Act)?

A.

Digital signatures.

A.

Digital signatures.

Answers
B.

Censorship limitations.

B.

Censorship limitations.

Answers
C.

Electronic transactions.

C.

Electronic transactions.

Answers
D.

Cybersecurity procedures.

D.

Cybersecurity procedures.

Answers
Suggested answer: D

Explanation:

Reference: https://www.csoonline.com/article/3453078/india-s-it-act-2000-a-toothless-tiger-that-needs-immediateamendment.html

Question 64

Report
Export
Collapse

Which Hong Kong body has recommended legislation that provides for the right of civil action to be taken when private information is publicly disclosed?

A.

Hong Kong's Court of Final Appeal.

A.

Hong Kong's Court of Final Appeal.

Answers
B.

Hong Kong Law Reform Commission.

B.

Hong Kong Law Reform Commission.

Answers
C.

Office of the Privacy Commissioner for Personal Data.

C.

Office of the Privacy Commissioner for Personal Data.

Answers
D.

Standing Committee of the National People's Congress of the PRC.

D.

Standing Committee of the National People's Congress of the PRC.

Answers
Suggested answer: B

Explanation:

Reference: https://www.pcpd.org.hk/english/data_privacy_law/ordinance_at_a_Glance/ordinance.html

Question 65

Report
Export
Collapse

Hong Kong's Personal Data (Privacy) Ordinance (PDPO) was primarily inspired by which of the following?

A.

Asia's APEC Privacy Framework.

A.

Asia's APEC Privacy Framework.

Answers
B.

Macau's Personal Data Protection Act.

B.

Macau's Personal Data Protection Act.

Answers
C.

South Korea's Public Agency Data Protection Act.

C.

South Korea's Public Agency Data Protection Act.

Answers
D.

Europe's Data Protection Directive (Directive 95/46/EC).

D.

Europe's Data Protection Directive (Directive 95/46/EC).

Answers
Suggested answer: D

Explanation:

Reference: https://ico.org.uk/media/1042349/review-of-eu-dp-directive.pdf

Question 66

Report
Export
Collapse

In which of the following cases would a Singaporean be prevented from accessing information about herself from an organization?

A.

The information was collected in the previous 12 months.

A.

The information was collected in the previous 12 months.

Answers
B.

The information is related to an individual's credit rating.

B.

The information is related to an individual's credit rating.

Answers
C.

The cost of providing the information proved to be unreasonable.

C.

The cost of providing the information proved to be unreasonable.

Answers
D.

Any personal information about others has been deleted from the document.

D.

Any personal information about others has been deleted from the document.

Answers
Suggested answer: B

Question 67

Report
Export
Collapse

All of the following are guidelines the PDPC gives about anonymised data EXCEPT?

A.

Anonymised data is not personal data.

A.

Anonymised data is not personal data.

Answers
B.

Any data that has been anonymised bears the same risks for re-identification.

B.

Any data that has been anonymised bears the same risks for re-identification.

Answers
C.

Data that has been anonymised satisfies the "cease to retain" requirement of Section 25.

C.

Data that has been anonymised satisfies the "cease to retain" requirement of Section 25.

Answers
D.

Organizations should consider the risk of re-identification if it intends to publish or disclose anonymised data.

D.

Organizations should consider the risk of re-identification if it intends to publish or disclose anonymised data.

Answers
Suggested answer: C

Explanation:

Reference: https://www.pdpc.gov.sg/-/media/Files/PDPC/New_DPO_Connect/nov_15/pdf/Anonymisation.pdf

Question 68

Report
Export
Collapse

A Singapore employer can do all of the following without obtaining an employee's consent EXCEPT?

A.

Share an employee's personal data with a company that provides financial planning.

A.

Share an employee's personal data with a company that provides financial planning.

Answers
B.

Disclose personal health data to a public agency during a health crisis.

B.

Disclose personal health data to a public agency during a health crisis.

Answers
C.

Use computer monitoring software on an employee's computers.

C.

Use computer monitoring software on an employee's computers.

Answers
D.

Use closed-circuit television surveillance in the workplace.

D.

Use closed-circuit television surveillance in the workplace.

Answers
Suggested answer: A

Question 69

Report
Export
Collapse

Which Indian institution is vested with powers under the Credit Information Companies (Regulation) Act of 2005?

A.

The Reserve Bank of India.

A.

The Reserve Bank of India.

Answers
B.

The National Housing Bank.

B.

The National Housing Bank.

Answers
C.

The Oriental Bank of Commerce.

C.

The Oriental Bank of Commerce.

Answers
D.

The Securities and Exchange Board of India.

D.

The Securities and Exchange Board of India.

Answers
Suggested answer: A

Explanation:

Reference: http://www.bareactslive.com/ACA/ACT416.HTM

Question 70

Report
Export
Collapse

All of the following are exempt from Section 43A of India's IT Rules 2011 EXCEPT?

A.

Charitable groups.

A.

Charitable groups.

Answers
B.

Sole proprietorships.

B.

Sole proprietorships.

Answers
C.

Government agencies.

C.

Government agencies.

Answers
D.

Religious organizations.

D.

Religious organizations.

Answers
Suggested answer: C

Explanation:

Reference: https://www.mondaq.com/india/data-protection/626190/information-technology-reasonable-security-practicesand-procedures-and-sensitive-personal-data-or-information-rules-2011

Total 93 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms