CIPP-A Online Practice Questions and Answers
In which of the following cases would a Singaporean be prevented from accessing information about herself from an organization?
A. The information was collected in the previous 12 months.
B. The information is related to an individual's credit rating.
C. The cost of providing the information proved to be unreasonable.
D. Any personal information about others has been deleted from the document.
All of the following are guidelines the PDPC gives about anonymised data EXCEPT?
A. Anonymised data is not personal data.
B. Any data that has been anonymised bears the same risks for re-identification.
C. Data that has been anonymised satisfies the "cease to retain" requirement of Section 25.
D. Organizations should consider the risk of re-identification if it intends to publish or disclose anonymised data.
How was the Supreme Court's ruling in the Maneka Gandhi v Union of India case significant to Indian law?
A. It expanded the interpretation of right to life under Article 21 of the Constitution.
B. It established that privacy is a fundamental right granted by the Constitution under Article 21.
C. It upheld that the impounding of passports for "public interest" is allowable under Section 10(3)(c) of the Passports Act.
D. It ruled that under Article 32 of the Constitution individuals may file writ petitions when they feel their rights were violated.
Both Sections 72 and 72A of India's IT Act 2000 involve unauthorized access of personal information.
One main difference between the sections is that 72A does what?
A. Stipulates that disclosure has to have occurred.
B. Specifies imprisonment as a possible penalty.
C. Adds a provision about wrongful loss or gain.
D. Includes the concept of consent.
Under the General Data Protection Regulation (GDPR), European Union member states may be allowed to transfer personal data to the United States in some cases.
Which of the following could NOT be used as a legitimate means of doing this?
A. A consent derogation.
B. A certification mechanism.
C. Privacy Shield.
D. Ad-hoc contractual clauses.
In 2015, Section 66A of India's IT Act was ruled unconstitutional.
What did this section previously prohibit?
A. Publishing images with sexually explicit content.
B. Tampering with computer source documents.
C. Publishing private images of others.
D. Sending offensive messages.
Who is NOT potentially liable when an employee in a Singapore corporation or partnership breaches the PDPA?
A. A corporate officer responsible of setting up data processing.
B. The employee following the management processes.
C. The employee's direct manager overseeing data handling.
D. A partner of the partnership handling data related matters.
In which situation would a data intermediary based in Singapore be liable for breaches against the PDPA?
A. When it fails to provide an individual access to his or her data.
B. When it does not provide anonymous transactions with an individual.
C. When it fails to inform an individual it is processing data from a controller.
D. When it processes data contrary to the provisions established in the contract.