01. Who is NOT potentially liable when an employee in a Singapore corporation or partnership breaches the PDPA?
a) A corporate officer.
b) The employee.
c) The employer.
d) A partner.
02. All of the following are guidelines the PDPC gives about anonymised data EXCEPT?
a) Anonymised data is not personal data.
b) Any data that has been anonymised bears the same risks for re-identification.
c) Data that has been anonymised satisfies the “cease to retain” requirement of Section 25.
d) Organizations should consider the risk of re-identification if it intends to publish or disclose anonymised data.
03. In India, the obligation to appoint a Grievance Officer applies ONLY to companies that?
a) Deal with sensitive personal data.
b) Conduct cross-border data transfers.
c) Are considered part of the public sector.
d) Lack alternate enforcement mechanisms.
04. Which of the following would NOT be exempt from Singapore’s PDPA?
a) A government automobile registration website.
b) A private party room at a popular restaurant.
c) A documentary filmed at a rock concert.
d) A video from a store’s dosed-circuit TV.
05. Both Sections 72 and 72A of India’s IT Act 2000 involve unauthorized access of personal information. One main difference between the sections is that 72A does what?
a) Stipulates that disclosure has to have occurred.
b) Specifies imprisonment as a possible penalty.
c) Adds a provision about wrongful loss or gain.
d) Includes the concept of consent.
06. Which European-influenced safeguard was NOT included in Hong Kong or Singapore’s personal data protection acts, but was subsequently adopted as a consideration in regulatory guidelines?
a) Controls on automated decision making.
b) Additional protection for sensitive personal data.
c) Legitimate interest as a legal basis for processing.
d) Notice requirements when data is collected from third parties.
07. Hong Kong’s definition of a data user in the original PDPO applies to all of the following EXCEPT?
a) Trust corporations.
b) Third-party processors.
c) Private sector organizations.
d) Limited liability partnerships.
08. The products or services are being offered for the exclusive use of an individual’s organization.
a) Third-party data processors located in foreign countries.
b) Companies researching the viability of business mergers.
c) Companies researching the viability of business mergers.
d) Direct marketers acting in the best interest of their company.
09. How is the transparency of the complaint process treated in both Hong Kong and Singapore?
a) A complainant must alert all individuals potentially affected by the complaint.
b) Investigations into complaints in Hong Kong and Singapore are open to the public.
c) The Hong Kong and Singapore Commissioner may require the complainants to identify themselves before carrying out any investigation into the complaint.
d) The Hong Kong and Singapore commissioners are obliged to start investigations when receiving a complaint and inform the respondent of the personal details of the complainant.
10. Increases in which of the following were a major reason for the enactment of Hong Kong’s Amendment Ordinance in 2012?
a) Direct marketing practices.
b) Law enforcement requests.
c) Biometric authentication.
d) Data breach reports.
The purpose of this Sample Question Set is to provide you with information about the IAPP Certified Information Privacy Professional/Asia (CIPP-A) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CIPP-A certification test. To get familiar with real exam environment, we suggest you try our Sample IAPP Information Privacy Professional/Asia Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual IAPP Certified Information Privacy Professional/Asia (CIPP-A) certification exam.