CIPP-A Online Practice Questions and Answers

How can the privacy principles issued in 1980 by the Organisation for Economic Cooperation and Development (OECD) be defined?

A. Guidelines governing the protection of privacy and trans-border data flows issued in collaboration with the Federal Trade Commission.

B. Guidelines governing the protection of privacy and trans-border data flows of personal data in states that are members.

C. Mandatory rules governing the protection of privacy and trans-border data flows within the European Union.

D. Mandatory rules governing the protection of privacy and trans-border data flows among binding member states.

SCENARIO

SCENARIO

Increases in which of the following were a major reason for the enactment of Hong Kong's Amendment Ordinance in 2012?

A. Direct marketing practices.

B. Law enforcement requests.

C. Biometric authentication.

D. Data breach reports.

The "due diligence" exemption in Hong Kong's PDPO was meant to apply to?

A. Third-party data processors located in foreign countries.

B. Companies researching the viability of business mergers.

C. Service providers hosting customer information in the cloud.

D. Direct marketers acting in the best interest of their company.

All of the following are exempt from Section 43A of India's IT Rules 2011 EXCEPT?

A. Charitable groups.

B. Sole proprietorships.

C. Government agencies.

D. Religious organizations.

SCENARIO

Which European-influenced safeguard was NOT included in Hong Kong or Singapore's personal data protection acts, but was subsequently adopted as a consideration in regulatory guidelines?

A. Controls on automated decision making.

B. Additional protection for sensitive personal data.

C. Legitimate interest as a legal basis for processing.

D. Notice requirements when data is collected from third parties.

Under the PDPO, what are Hong Kong companies that make use of personal data required to do?

A. Appoint an official compliance officer.

B. Register with the appropriate data authority.

C. Honor all data subject requests for correcting personal information.

D. Provide contact information of persons handling data access requests.

Who is NOT potentially liable when an employee in a Singapore corporation or partnership breaches the PDPA?

A. A corporate officer responsible of setting up data processing.

B. The employee following the management processes.

C. The employee's direct manager overseeing data handling.

D. A partner of the partnership handling data related matters.