CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. IAPP
  5. CIPP-A

Free CIPP-A Exam Braindumps (page: 6)

Page 5 of 23
PDF with 93 Questions

SCENARIO – Please use the following to answer the next question:

B-Star Limited is a Singapore based construction company with many foreign construction workers. B-Star's HR team maintains two databases. One (the "simple database") contains basic details from a standard in-processing form such as name, local address and mobile number. The other database (the "sensitive database") contains information collected by the HR Department as part of Annual Review Interviews. With the workers' cooperation, this database has expanded to include far-reaching sensitive information such as medical history, religious beliefs, ethnicity and educational levels of immediate family members. Carl left B-Star's employment yesterday, and has flown back home, rendering him unreachable. Today B-Star, without Carl's consent, wants to conduct research using Carl's medical records in the sensitive database.

Can B-Star legally conduct this research using Carl's medical data?

  1. Yes, because Carl gave his consent for his sensitive personal data to be collected during his employment.
  2. No, an organization is not allowed to use sensitive personal data without an individual's consent unless absolutely necessary.
  3. No, because the research is taking place after Carl has left B-Star's employment.
  4. Yes, if the research is deemed to be in the public interest.

Answer(s): B



A Singapore employer can do all of the following without obtaining an employee's consent EXCEPT?

  1. Share an employee's personal data with a company that provides financial planning.
  2. Disclose personal health data to a public agency during a health crisis.
  3. Use computer monitoring software on an employee's computers.
  4. Use closed-circuit television surveillance in the workplace.

Answer(s): A



Which control is NOT included in the requirements established by the Monetary Authority of Singapore (MAS) for financial institutions in order to deter money-laundering and financial aid to terrorism (AML/CFT)?

  1. Identifying and knowing customers.
  2. Sharing personal information with the PDPC.
  3. Conducting regular reviews of customer accounts.
  4. Monitoring and reporting suspicious financial transactions.

Answer(s): A


Reference:

https://www.mas.gov.sg/-/media/MAS/Regulations-and-Financial-Stability/Regulatory-and-Supervisory-Framework/Anti_Money-Laundering_Countering-the-Financing-of-Terrorism/Guidance-for-Effective-AML-CFT-Transaction- Monitoring-Controls.pdf (page 3)



All of the following are guidelines the PDPC gives about anonymised data EXCEPT?

  1. Anonymised data is not personal data.
  2. Any data that has been anonymised bears the same risks for re-identification.
  3. Data that has been anonymised satisfies the "cease to retain" requirement of Section 25.
  4. Organizations should consider the risk of re-identification if it intends to publish or disclose anonymised data.

Answer(s): C


Reference:

https://www.pdpc.gov.sg/-/media/Files/PDPC/New_DPO_Connect/nov_15/pdf/Anonymisation.pdf






Post your Comments and Discuss IAPP CIPP-A exam with other Community members:

CIPP-A Exam Discussions & Posts