Hong Kong’s definition of a data user in the original PDPO applies to all of the following EXCEPT? A. Trust corporations. B. Third-party processors. C. Private sector organizations. D. Limited liability partnerships. Reference: https://securiti.ai/hong-kong-pdpo/

Hong Kong’s Personal Data (Privacy) Ordinance (PDPO) was primarily inspired by which of the following? A. Asia’s APEC Privacy Framework. B. Macau’s Personal Data Protection Act. C. South Korea’s Public Agency Data Protection Act. D. Europe’s Data Protection Directive (Directive 95/46/EC). Reference: https://ico.org.uk/media/1042349/review-of-eu-dp-directive.pdf

Under what circumstances are smart identity cards required of Hong Kong citizens? A. When opening bank accounts. B. When using public transit systems. C. When seeking government services. D. When making substantial purchases. Reference: http://blog.hawaii.edu/aplpj/files/2011/11/APLPJ_04.2_chung.pdf

All of the following are guidelines the PDPC gives about anonymised data EXCEPT? A. Anonymised data is not personal data. B. Any data that has been anonymised bears the same risks for re-identification. C. Data that has been anonymised satisfies the “cease to retain” requirement of Section 25. D. Organizations should consider the risk of […]

Which control is NOT included in the requirements established by the Monetary Authority of Singapore (MAS) for financial institutions in order to deter money-laundering and financial aid to terrorism (AML/CFT)? A. Identifying and knowing customers. B. Sharing personal information with the PDPC. C. Conducting regular reviews of customer accounts. D. Monitoring and reporting suspicious financial […]

A Singapore employer can do all of the following without obtaining an employee’s consent EXCEPT? A. Share an employee’s personal data with a company that provides financial planning. B. Disclose personal health data to a public agency during a health crisis. C. Use computer monitoring software on an employee’s computers. D. Use closed-circuit television surveillance […]

Which of the following principles of the OECD guidelines and Council of European Convention principles does Singapore’s PDPA incorporate? A. Disclosures to third parties included in access requests. B. Additional protections for sensitive personal data. C. The ability to opt-out from direct marketing. D. The right of deletion of data on request. Reference: https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=3204&context=sol_research

In which of the following cases would a Singaporean be prevented from accessing information about herself from an organization? A. The information was collected in the previous 12 months. B. The information is related to an individual’s credit rating. C. The cost of providing the information proved to be unreasonable. D. Any personal information about […]

Which of the following does Singapore’s PDPC NOT have the power to do? A. Order an organization to stop collecting personal data. B. Order an organization to destroy collected personal data. C. Order an organization to award compensation to a complainant. D. Order an organization to pay a financial penalty to the government. Reference: https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Advisory-Guidelines/Advisory-Guidelines-on-Enforcement-of-DP-Provisions-1-Feb-2021.pdf?la=en