IAPP CIPP-A Practice Test - Questions Answers, Page 9
Question list
List of questions
Related questions
Which of the following does Singapore's PDPC NOT have the power to do?
Order an organization to stop collecting personal data.
Order an organization to destroy collected personal data.
Order an organization to award compensation to a complainant.
Order an organization to pay a financial penalty to the government.
Under what circumstances are smart identity cards required of Hong Kong citizens?
When opening bank accounts.
When using public transit systems.
When seeking government services.
When making substantial purchases.
SCENARIO – Please use the following to answer the next question:
Dracarys Inc. is a large multinational company with headquarters in Seattle, Washington, U.S.A. Dracarys began as a small company making and selling women's clothing, but rapidly grew through its early innovative use of online platforms to sell its products. Dracarys is now one of the biggest names in the industry, and employs staff across the globe, and in Asia has employees located in both Singapore and Hong Kong.
Due to recent management restructuring they have decided, on the advice of external consultants, to open an office in India in order to centralize its call center as well as its internal human resource functions for the Asia region.
Dracarys would like to centralize the following human resource functions in India:
The recruitment process;
Employee assessment and records management;
Employee benefits administration, including health insurance.
Dracarys will have employees on the ground in India managing the systems for the functions listed above. They have been presented with a variety of vendor options for these systems, and are currently assessing the suitability of these vendors for their needs.
The CEO of Dracarys is concerned about the behavior of her employees, especially online. After having proprietary company information being shared with competitors by former employees, she is eager to put certain measures in place to ensure that the activities of her employees, while on Dracarys' premises or when using any of Dracarys' computers and networks are not detrimental to the business.
Dracarys' external consultants are also advising the company on how to increase earnings. Dracary's management refuses to reduce production costs and compromise the quality of their garments, so the consultants suggested utilizing customer data to create targeted advertising and thus increase sales.
Which of the following guidelines does Dracarys NOT need to take into account when implementing monitoring and surveillance tools?
The Indian Information Technology Act of 2000.
The Hong Kong guide to monitoring personal data privacy at work.
The Hong Kong Code of Practice on Human Resource Management.
The Singapore advisory guidelines on the personal data protection act for selected topics (employment and CCTV).
Both Sections 72 and 72A of India's IT Act 2000 involve unauthorized access of personal information.
One main difference between the sections is that 72A does what?
Stipulates that disclosure has to have occurred.
Specifies imprisonment as a possible penalty.
Adds a provision about wrongful loss or gain.
Includes the concept of consent.
Based on the model contract released by the Privacy Commissioner for Personal Data (PDPC), Hong Kong, all of the following sections are recommended to be put into a contract to address Ordinance 33 (Data transfer/export) of Hong
Kong's Personal Data Privacy Ordinance (PDPO) EXCEPT?
Liability and indemnity.
Exemptions and Definitions.
Termination of the contract.
Obligations of the Transferee.
What personal information is considered sensitive in almost all countries with privacy laws?
Marital status.
Health information.
Employment history.
Criminal convictions.
What was the basis for the "TrustSg" mark, which was designed to build confidence in e-commerce transactions before the PDPA was enacted?
The Fair Information Practice Principles.
The Model Data Protection Code.
The Electronic Transactions Act.
The 1995 European Directive.
Which provision of Hong Kong's Personal Data (Privacy) Ordinance (PDPO) strengthens the purpose limitation principle
(DPP3)?
Notice; because the data subject must be provided with the purpose of the collection.
Public domain; because the data subjects must agree to the purpose before their information is made publicly available.
Prescribed consent; because the data subject must give express consent to their personal information being used for additional purposes.
Finality; because the purpose for collection of personal information from the subject must be directly related to a function of the collector.
In Hong Kong, which of the following are exempt from personal data access requests until after the project to which the data is related has been concluded?
Hospital administrators.
Financial institutions.
News organizations.
Non-profit groups.
Which of the following is NOT a substantial source of privacy protection for Hong Kong citizens?
The Communications and Surveillance Ordinance.
The Universal Declaration of Human Rights.
The Bill of Rights Ordinance.
The Basic Law.
Question