Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home IAPP CIPP-A

IAPP CIPP-A Exam Practice Questions (P. 4)

  • Full Access (93 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #16
Which of the following principles of the OECD guidelines and Council of European Convention principles does Singapore's PDPA incorporate?
  1. A
    Disclosures to third parties included in access requests.
  2. B
    Additional protections for sensitive personal data.
  3. C
    The ability to opt-out from direct marketing.
  4. D
    The right of deletion of data on request.

Correct Answer:
C

Question #17
SCENARIO – Please use the following to answer the next question:
B-Star Limited is a Singapore based construction company with many foreign construction workers. B-Star's HR team maintains two databases. One (the "simple database") contains basic details from a standard in-processing form such as name, local address and mobile number. The other database (the "sensitive database") contains information collected by the HR Department as part of Annual Review Interviews. With the workers' cooperation, this database has expanded to include far-reaching sensitive information such as medical history, religious beliefs, ethnicity and educational levels of immediate family members. Carl left B-Star's employment yesterday, and has flown back home, rendering him unreachable. Today B-Star, without Carl's consent, wants to conduct research using Carl's medical records in the sensitive database.
Can B-Star legally conduct this research using Carl's medical data?
  1. A
    Yes, because Carl gave his consent for his sensitive personal data to be collected during his employment.
  2. B
    No, an organization is not allowed to use sensitive personal data without an individual's consent unless absolutely necessary.
  3. C
    No, because the research is taking place after Carl has left B-Star's employment.
  4. D
    Yes, if the research is deemed to be in the public interest.

Correct Answer:
B

Question #18
A Singapore employer can do all of the following without obtaining an employee's consent EXCEPT?
  1. A
    Share an employee's personal data with a company that provides financial planning.
  2. B
    Disclose personal health data to a public agency during a health crisis.
  3. C
    Use computer monitoring software on an employee's computers.
  4. D
    Use closed-circuit television surveillance in the workplace.

Correct Answer:
A

Question #19
Which control is NOT included in the requirements established by the Monetary Authority of Singapore (MAS) for financial institutions in order to deter money-laundering and financial aid to terrorism (AML/CFT)?
  1. A
    Identifying and knowing customers.
  2. B
    Sharing personal information with the PDPC.
  3. C
    Conducting regular reviews of customer accounts.
  4. D
    Monitoring and reporting suspicious financial transactions.

Correct Answer:
A

Question #20
All of the following are guidelines the PDPC gives about anonymised data EXCEPT?
  1. A
    Anonymised data is not personal data.
  2. B
    Any data that has been anonymised bears the same risks for re-identification.
  3. C
    Data that has been anonymised satisfies the "cease to retain" requirement of Section 25.
  4. D
    Organizations should consider the risk of re-identification if it intends to publish or disclose anonymised data.

Correct Answer:
C

Previous Questions Next Questions

All Pages