Certified Information Privacy Professional/Asia (CIPP/A) v1.0 (CIPP-A)

Page:    1 / 7   
Total 93 questions

Which was NOT listed as an individual right in the 1998 Fair Information Practice Principles (FIPPs)?

  • A. Notice.
  • B. Choice.
  • C. Right to erasure.
  • D. Right to data access.


Answer : B

Which of the following countries will continue to enjoy adequacy status under the GDPR, pending any future European Commission decision to the contrary?

  • A. Argentina.
  • B. Mexico.
  • C. Taiwan.
  • D. Korea.


Answer : A

Under the General Data Protection Regulation (GDPR), European Union member states may be allowed to transfer personal data to the United States in some cases.
Which of the following could NOT be used as a legitimate means of doing this?

  • A. A consent derogation.
  • B. A certification mechanism.
  • C. Privacy Shield.
  • D. Ad-hoc contractual clauses.


Answer : C

Which personal data element is NOT considered a special category of data under the General Data Protection Regulation (GDPR)?

  • A. Physical or mental health data.
  • B. Financial information.
  • C. Race or ethnic origin.
  • D. Political opinions.


Answer : A

Which of the following is NOT a way that the Singapore government can monitor its citizens?

  • A. Through the national identity card system.
  • B. Through the electronic road pricing system.
  • C. Through a personal computer registration system.
  • D. Through an online service that holds an individual’s medical records.


Answer : D

What was the basis for the "TrustSg" mark, which was designed to build confidence in e-commerce transactions before the PDPA was enacted?

  • A. The Fair Information Practice Principles.
  • B. The Model Data Protection Code.
  • C. The Electronic Transactions Act.
  • D. The 1995 European Directive.


Answer : B

What emerged as the main reason for creating a comprehensive data protection law when Singapore ministers met between 2005 and 2011?

  • A. To control increasing technological threats.
  • B. To raise Singapore's human rights standing.
  • C. To limit the scope of governmental surveillance.
  • D. To enhance Singapore's economic competitiveness.


Answer : D

Which of the following is NOT excluded from the scope of Singapore's Do Not Call registry?

  • A. Messages that promote investment opportunities.
  • B. Messages that conduct market research.
  • C. Messages from charitable organizations.
  • D. Messages from political candidates.


Answer : B

In what case would a foreign company NOT be liable for breaches of Singapore's PDPA?

  • A. If it has a physical office in Singapore.
  • B. If it is storing information in Singapore.
  • C. If it is collecting personal information in Singapore.
  • D. If it collects information from Singaporeans living abroad.


Answer : D

In enforcement cases, what is Singapore's Personal Data Protection Commission (PDPC) obligated to do?

  • A. Publish the decisions it makes regarding complaints.
  • B. Provide the complainant with a way to appeal a decision.
  • C. Publish the name of an organization named in a complaint.
  • D. Intervene in civil actions to provide assistance to complainants.


Answer : B

Protection of which kind of personal information is NOT explicitly mentioned in the privacy laws of Hong Kong, Singapore, and India?

  • A. Sensitive data.
  • B. Children's data.
  • C. Outsourced data.
  • D. Extraterritorial data.


Answer : B

On what group does Singapore's PDPA impose disclosure restrictions that Hong Kong and India do not?

  • A. Government officials.
  • B. Children under 13.
  • C. The deceased.
  • D. The clergy.


Answer : A

In 2015, Section 66A of India's IT Act was ruled unconstitutional.
What did this section previously prohibit?

  • A. Publishing images with sexually explicit content.
  • B. Tampering with computer source documents.
  • C. Publishing private images of others.
  • D. Sending offensive messages.


Answer : D

What clarification did India make in a 2011 Press Note regarding their Sensitive Personal Data Rules?

  • A. That the rules apply to data subjects located outside of India.
  • B. That the rules apply to persons or companies collecting sensitive data within India.
  • C. That the data processor must provide notice to the data subject before data is processed.
  • D. That sensitive personal data or information includes passwords, financial information, medical records, and biometric information.


Answer : D

Although the right to privacy is not explicitly granted in the Indian Constitution, privacy advocates frequently cite Article 21's guarantee of?

  • A. Personal liberty.
  • B. Right to property.
  • C. Equality before the law.
  • D. Freedom from intrusion.


Answer : A

Page:    1 / 7   
Total 93 questions