New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

CIPP-A Certified Information Privacy Professional/Asia (CIPP/A) Questions and Answers

Questions 4

Which European-influenced safeguard was NOT included in Hong Kong or Singapore's personal data protection acts, but was subsequently adopted as a consideration in regulatory guidelines?

Options:

A.

Controls on automated decision making.

B.

Additional protection for sensitive personal data.

C.

Legitimate interest as a legal basis for processing.

D.

Notice requirements when data is collected from third parties.

Buy Now
Questions 5

In what way are Hong Kong citizens protected from direct marketing in ways that India and Singapore citizens are not?

Options:

A.

Subscribers must have explicitly indicated that they did not object to their data being collected and used for marketing purposes.

B.

Subscribers can opt out of the use of their data for marketing purposes after collection by withdrawing consent.

C.

Data subjects must be notified on a website if their data is being used for marketing purposes.

D.

Data subjects are protected from the secondary use of personal data for marketing purposes.

Buy Now
Questions 6

Hong Kong's New Guidance on Direct Marketing clarified that direct marketing rules under the new regime do NOT apply if what condition exists?

Options:

A.

The data subject’s personal data is collected from public registers or third parties.

B.

The products or services are being offered by the organization's parent company.

C.

The data subject has already given consent for other services offered by the company.

D.

The products or services are being offered for the exclusive use of an individual's organization.

Buy Now
Questions 7

All of the following are exempt from Section 43A of India's IT Rules 2011 EXCEPT?

Options:

A.

Charitable groups.

B.

Sole proprietorships.

C.

Government agencies.

D.

Religious organizations.

Buy Now
Questions 8

Protection of which kind of personal information is NOT explicitly mentioned in the privacy laws of Hong Kong, Singapore, and India?

Options:

A.

Sensitive data.

B.

Children's data.

C.

Outsourced data.

D.

Extraterritorial data.

Buy Now
Questions 9

Which of the following topics was NOT addressed in India's Information Technology Act 2000 (IT Act)?

Options:

A.

Digital signatures.

B.

Censorship limitations.

C.

Electronic transactions.

D.

Cybersecurity procedures.

Buy Now
Questions 10

In 2015, Section 66A of India's IT Act was ruled unconstitutional. What did this section previously prohibit?

Options:

A.

Publishing images with sexually explicit content.

B.

Tampering with computer source documents.

C.

Publishing private images of others.

D.

Sending offensive messages.

Buy Now
Questions 11

A Singapore employer can do all of the following without obtaining an employee's consent EXCEPT?

Options:

A.

Share an employee's personal data with a company that provides financial planning.

B.

Disclose personal health data to a public agency during a health crisis.

C.

Use computer monitoring software on an employee's computers.

D.

Use closed-circuit television surveillance in the workplace.

Buy Now
Questions 12

Under the PDPO, what are Hong Kong companies that make use of personal data required to do?

Options:

A.

Appoint an official compliance officer.

B.

Register with the appropriate data authority.

C.

Honor all data subject requests for correcting personal information.

D.

Provide contact information of persons handling data access requests.

Buy Now
Questions 13

SCENARIO – Please use the following to answer the next QUESTION:

Fitness For Everyone ("FFE") is a gym on Hong Kong Island that is affiliated with a network of gyms throughout Southeast Asia. When prospective members of the gym stop in, call in or submit an inquiry online, they are invited for a free trial session. At first, the gym asks prospective clients only for basic information: a full name, contact number, age and their Hong Kong ID number, so that FFE's senior trainer Kelvin can reach them to arrange their first appointment.

One day, a potential customer named Stephen took a tour of the gym with Kelvin and then decided to join FFE for six months. Kelvin pulled out a registration form and explained FFE's policies, placing a circle next to the part that read "FEE and affiliated third parties" may market new products and services using the contact information provided on the form to Stephen "for the duration of his membership." Stephen asked if he could opt-out of the marketing communications. Kelvin shrugged and said that it was a standard part of the contract and that most gyms have it, but that even so Kelvin's manager wanted the item circled on all forms. Stephen agreed, signed the registration form at the bottom of the page, and provided his credit card details for a monthly gym fee. He also exchanged instant messenger/cell details with Kelvin so that they could communicate about personal training sessions scheduled to start the following week.

After attending the gym consistently for six months, Stephen's employer transferred him to another part of the Island, so he did not renew his FFE membership.

One year later, Stephen started to receive numerous text messages each day from unknown numbers, most marketing gym or weight loss products.

Suspecting that FFE shared his information widely, he contacted his old FFE branch and asked reception if they still had his information on file. They did, but offered to delete it if he wished. He was told FFE's process to purge his information from all the affiliated systems might take 8 to 12 weeks. FFE also informed him that Kelvin was no longer employed by FFE and had recently started working for a competitor. FFE believed that Kelvin may have shared the mobile contact details of his clients with the new gym, and apologized for this inconvenience.

Which of the following types of text messages are permissible, regardless of Stephen's withdrawal of consent?

Options:

A.

From the FFE retention department, offering a special discount for reactivating membership.

B.

From health care services provided by Hong Kong's Hospital Authority or Department of Health.

C.

From an FFE affiliate that provides a mechanism to opt out of further communications by reply-texting "OO."

D.

From an FFE affiliate in the region Stephen was transferred to, offering services similar to those he purchased previously.

Buy Now
Exam Code: CIPP-A
Exam Name: Certified Information Privacy Professional/Asia (CIPP/A)
Last Update: Dec 22, 2024
Questions: 90

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99