Personal Data Protection Act: Trivia Quiz

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Jlcreppy
J
Jlcreppy
Community Contributor
Quizzes Created: 1 | Total Attempts: 3,271
| Attempts: 3,271
Quiz Flashcard
SettingsSettings
Please wait...
  • 1/64 Questions

    Sarah goes for a medical check-up at a clinic. For the purposes of the check-up, the clinic will be conducting a series of tests which include measuring her height and weight. Sarah is aware that such tests will be conducted as the clinic has provided this information on the registration form that Sarah filled out and submitted prior to the tests. QUESTION: Is it consider that Sarah did consented to the collection of her personal data?

    • Yes
    • No
    • I don't know
Please wait...
About This Quiz


How much do you know about Singapore's Personal Data Protection Act? Many people can access private data and choose to use it maliciously. This is why the PDP Act was put in place to control what can be shared under different circumstances and to whom. If you have some doubts about how well you understand the act and want to verify how true they are, you can check out this quiz.

Personal Data Protection Act: Trivia Quiz - Quiz

Quiz Preview

  • 2. 

    Sarah fills up an online form. The following clause is directly above the “Submit” button. I would like to receive information about promotions and offers by: a. Phone [ ] b. SMS [X] c. Email [X] d. Mail [ ] Sarah checks the boxes SMS and Email and submits the online form. QUESTION: Can we consider that Sarah have given clear and unambiguous consent?

    • Yes

    • No

    • Not enough information

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: YES

    Sarah would be considered to have given clear and unambiguous consent.

    Rate this question:

  • 3. 

    QUESTION: From the list bellow which information could be seen as Personal data under the PDPA?: • Full name • NRIC or FIN number • Passport number • Photograph or video image of an individual • Mobile telephone number • Personal email address • Thumbprint • DNA profile • Name and residential address

    • Only Full name, NRIC, FIN number, Passport number, Email Address

    • All of the information

    • Name and residential address & telephone number

    • I don't know

    Correct Answer
    A. All of the information
    Explanation
    CORRECT RESPONSE: All of the information

    All the information can be seen as Personal data under the PDPA

    For more information please contact us: [email protected]

    Rate this question:

  • 4. 

    Organisation ABC is a market research firm that has been engaged by Organisation XYZ. The written contract specifies that ABC has been engaged to collect personal data on behalf of XYZ and produce a report, exclusively for the use of XYZ, which illustrates the correlation between investment habits and income, profession and marital status of at least 1000 working Singaporeans aged 25-40. In addition to types of investments made, income, profession and marital status, the contract specifies that ABC has to collect the NRIC number and residential address of each person surveyed. The contract neither specifies the methods or processes ABC should undertake to collect the data and produce the report, nor the specific individuals that ABC are to survey. However, all raw data collected is to be given to XYZ and ABC is not permitted to keep any copies of the data or use it for any other purpose. In this situation, ABC may still be considered a data intermediary of XYZ insofar as it is processing personal data for the sole purpose of producing the report for XYZ. QUESTION: Does the ABC company has any obligation under Personal Data Protection Act (PDPA), since it doesn't keep any copy of the data, and ABC is the company that is processing the data?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: YES

    ABC company has to comply with PDPA.
    As ABC is XYZ’s data intermediary, XYZ has the same obligations under the PDPA in respect of the personal data processed by ABC. Hence, it may wish to include additional requirements in its contract to ensure that ABC fulfils XYZ’s obligations under the PDPA.

    For more information please contact us: [email protected]

    Rate this question:

  • 5. 

    Nick will be attending an adventure camp for his company’s team-building purposes. The adventure camp operator obtains relevant health check-up records from his company to determine whether Nick is sufficiently fit to participate in the adventure activities. The records were from eight years ago when Nick first joined the company. QUESTION: Should the adventure camp company request for an update of the health check-up records?

    • Yes - This is their responsibility

    • No - It is Nick's or his company's responsibility

    • I don't know

    Correct Answer
    A. Yes - This is their responsibility
    Explanation
    CORRECT RESPONSE: Yes they have to request for an update

    In this scenario, the adventure camp company should consider requesting that Nick or his company updates his health check-up records.

    For more information please contact us: [email protected]

    Rate this question:

  • 6. 

    Sarah signs up for a membership at a gym. The application form contains an extract of the most relevant portions of the Data Protection Policy in a physical document. For example, it states that Sarah’s address details will be used for sending her a gym membership card and other communications related to her gym membership. The sales representative of the gym informs her that the full Data Protection Policy is available on the gym’s website and provides her with relevant information to locate it. QUESTION: According to PDPA did the gym properly informed Sarah about the purpose of collection of personal information?

    • Yes

    • No

    • Not enough information

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: YES

    In this case, the gym has informed Sarah of the purposes for which her personal data will be collected, used or disclosed.

    Rate this question:

  • 7. 

    Does your organization have in place policies and procedures with regard to ensuring compliance with the Act?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes we have policies in place

    According to the PDPA:

    An organization shall develop and implement policies and practices that are necessary for the organization to meet the obligations of the organization under this Act.

    For more information please contact us: [email protected]

    Rate this question:

  • 8. 

    Organisation XYZ has been selling databases containing personal data. This would be considered a disclosure of personal data and not a reasonable existing use under Section 19. QUESTION: After the appointed day, does XYZ needs to ensure that consent has been obtained before selling these databases again?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    After the appointed day, XYZ needs to ensure that consent has been obtained before selling these databases again.

    Rate this question:

  • 9. 

    ABC also calls John to gather information for the report. After John finishes answering all the questions related to the report, ABC asks if John would consider purchasing one of ABC’s market reports. In this case, ABC’s call is not for the sole purpose of market research or market survey as one of the purposes of the call is to offer goods or services to John. QUESTION: Does the organisation required to comply with the Do Not Call Provisions in relation to the sending of that message?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE:

    ABC would be considered to have sent a specified message to John.
    The organisation will be required to comply with the Do Not Call Provisions in relation to the sending of that message.

    Rate this question:

  • 10. 

    Nick applies for a credit card from a bank, and two years later, Nick applies for a home loan from a bank. The bank has not made any checks during the two years that Nick’s personal data is accurate and complete. When the bank received the home loan application, the bank showed Nick their records of his personal data and asked Nick to make a fresh declaration that the record is accurate and complete. In addition, noting that the supporting documents previously obtained for the credit card application are now dated two years back, the bank asked Nick to provide a copy of his most recent payslip and proof of employment. QUESTION: Does the bank has made reasonable effort to ensure the accuracy of personal data collected from Nick?

    • Yes

    • No

    • Not enough information

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: YES

    In
    this scenario, the bank has made a reasonable effort to ensure that the personal data collected from Nick is accurate and complete.

    Rate this question:

  • 11. 

    Did you already hear about the PDPA (Personal Data Protection Act in Singapore? What can you explain to me about this new Act?

    • Yes I know about it

    • No, I don't know about it

    • Unsure about my knowledge

    Correct Answer
    A. Yes I know about it
    Explanation
    CORRECT RESPONSE: Yes - You should know about it According to the PDPA: "An organization is responsible for personal data in its possession or under its control." For more information please contact us: [email protected]

    Rate this question:

  • 12. 

    An adventure camp company records emergency contact information for all the participants in the adventure camp. This emergency contact information comprises the name, address and telephone number of the individual whom the organization will contact in the event of an emergency. Bernie’s emergency contact is her husband, Bernard, and she provides his contact details to the company as her emergency contact information. QUESTION: Does the company is holding any personal data about one or more individual?

    • Yes - Bernard's information only

    • Yes - Bernie and Bernard's information

    • No - Not considered as Personal Data

    • I don't know

    Correct Answer
    A. Yes - Bernie and Bernard's information
    Explanation
    CORRECT RESPONSE: Yes - Bernie and Bernard's information

    Bernard’s name, address and telephone number form part of the personal data of Bernie. As well as Bernie's data. The company is holding personal data about two individuals.

    When obtaining Bernard’s personal data from Bernie, the organization would need to consider if they are required to obtain Bernard’s consent or whether one or more of the exceptions provided in the PDPA may apply.

    In addition, since Bernard’s personal data also forms part of Bernie’s personal data (specifically, the details of her emergency contact), organizations would need to protect it as part of Bernie’s personal data.

    For more information please contact us: [email protected]

    Rate this question:

  • 13. 

    A supermarket conducts a survey of shoppers on its premises to find out ways to improve customer experience. It collects personal data such as the names and contact details of the shoppers. It clearly and legibly states at the top of the survey form, “Your personal data may be used by the supermarket or its appointed survey company for analysis of survey responses, or to contact survey respondents for follow-up queries on the survey responses.” QUESTION: Could we  consider the supermarket to have provided appropriate notification in this scenario?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    As a best practice, organizations should ensure that the notification is provided in a form that is readily accessible and easy for the individual to comprehend. The notification should also be clear and concise, and provide appropriate information on the purposes for which consent is sought.

    For more information please contact us: [email protected]

    Rate this question:

  • 14. 

    Sarah calls a taxi operator’s hotline to book a taxi. The customer service officer asks for her name and number in order to inform her of the taxi number, which Sarah provides voluntarily. QUESTION: With her response did Sarah have consented to the taxi company using her name and number?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    Sarah is deemed to have consented to the taxi company using her name and number to call or text her when her taxi arrives.

    Rate this question:

  • 15. 

    Sarah needs to got the airport. A taxi operator runs a limousine service and wanted to use Sarah’s information to market this service to her. The customer service officer asks for her name and number in order to inform her of the taxi number for booking a taxi. QUESTION: Can the taxi company use Sarah's personal data for marketing purpose?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. No
    Explanation
    CORRECT RESPONSE: No

    Sarah would not be deemed to have consented to the use of her personal data for this purpose.
    This is because Sarah provided her personal data for the purpose of booking a taxi for a single trip, and not for the purpose of receiving marketing information about the limousine service.

    Rate this question:

  • 16. 

    Sarah signs up for a spa membership over the Internet. She is directed to the terms and conditions page. There is a check box on the first page next to a line which says “click here if you wish to receive information about our products and services, including special offers we may have from time to time, by SMS”. Sarah checks the box. QUESTION: Can the spa allow to send such SMS to Sarah without any additional confirmation actions?

    • Yes

    • No

    • No enough information

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE:

    Sarah would be considered to have given clear and unambiguous consent.

    Rate this question:

  • 17. 

    A retailer retains billing information, including personal data, collected from its customers beyond the Point of Sale for the purposes of accounting and billing administration. QUESTION: Is a valid purpose for retaining the personal data?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    As the retailer is retaining the personal data for a valid purpose, it is not required to cease to retain the data under the Retention Limitation Obligation.

    Rate this question:

  • 18. 

    A real estate agency places a guest book at the reception counter in a show flat and requests individuals who visit the show flat to provide their name and contact details in the guest book. However, the purposes for collecting the individuals’ personal data are not stated anywhere in or near the guest book. QUESTION: Does the real estate may be considered to have provided appropriate notification in this scenario?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. No
    Explanation
    CORRECT RESPONSE: No

    Individuals could have provided their personal data for a variety of different reasons – e.g. for the purpose of being contacted in relation to their visit to the show flat, to receive information about other properties marketed by the agency, or for other purposes.
    In addition, different individuals who provide their personal data in this manner may have different purposes in mind. The real estate agency should specify the purposes in order to provide appropriate notification to the individuals from whom it would be collecting personal data.

    For more information please contact us: [email protected]

    Rate this question:

  • 19. 

    An electronics store sells products online through its website. It informs individuals purchasing products through its website of the purposes for which it will be collecting, using and disclosing personal data, including that the contact details provided by the customers will be disclosed to other companies in its corporate group and its outsourced marketing company for the purpose of marketing their products to the individual from time to time. QUESTION: Does the store provide appropriate enough details of its purposes for the individual to determine the reasons for collecting, using or disclosing personal data?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    In this case, the electronics store would be considered to have stated a sufficiently specific purpose.
    In stating its purposes, an organization should provide appropriate and specific details of its purposes for the individual to determine the reasons for which the organization will be collecting, using or disclosing his personal data.

    For more information please contact us: [email protected]

    Rate this question:

  • 20. 

    A fashion retailer makes it a condition for every customer who wants to participate in the lucky draw it is administering to provide his mobile telephone number for the purpose of being contacted in future for promotions. QUESTION: Can the fashion retailer has the right the participant to the lucky draw to provide their mobile telephone number?

    • Yes it can

    • No it cannot

    • I don't know

    Correct Answer
    A. Yes it can
    Explanation
    CORRECT RESPONSE: Yes

    As the lucky draw is not tied to a provision of a product or service, the fashion retailer can require that customers who want to participate in the lucky draw provide their mobile telephone numbers.

    Rate this question:

  • 21. 

    John Tan is a male Singaporean of 21 years of age. By themselves, general characteristics such as “male”, “Singaporean” and “21 years of age” are not able to identify a particular individual. John Tan fills up a membership form which asks for his full name, gender, nationality and age. QUESTION: Does the information provided by John considered as Personal Data?

    • Yes- All the data

    • Yes - Partially

    • No

    • I don't know

    Correct Answer
    A. Yes- All the data
    Explanation
    CORRECT RESPONSE: Yes- All the data

    In this case, all the information on the form, including the general characteristics, constitutes personal data of John Tan.

    For more information please contact us: [email protected]

    Rate this question:

  • 22. 

    An individual wishes to obtain certain services from a telecom service provider, Operator X and is required by the telecom service provider to agree to its terms and conditions for provision of the services. Operator X can stipulate as a condition of providing the services that the individual agrees to the collection, use and disclosure of specified items of personal data by the organisation for the purpose of supplying the services. Such items of personal data may include the name and address of the individual as well as personal data collected in the course of providing the services such as the individual’s location data. The individual provides consent for those specified items of personal data but subsequently withdraws that consent. The withdrawal of consent results in Operator X being unable to provide services to the individual. This would in turn entail an early termination of the service contract. QUESTION: Can an organisation prohibit an individual from withdrawing his consent to the collection, use or disclosure of personal data about the individual himself?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. No
    Explanation
    CORRECT RESPONSE: No - The Operator X must not prohibit an individual from withdrawing his consent

    Operator X should inform the individual of the consequences of the early termination, e.g. that the individual would incur early termination charges.

    For more information please contact us: [email protected]

    Rate this question:

  • 23. 

    A shop in the shopping center receives a request from an individual to view a photograph of him taken by the official photographer at a private event held recently that the individual was invited to. The individual provides the shop with sufficient information to determine when the event was held. QUESTION: Does the company has to provide access to the photo?

    • Yes has to provide access to the photo

    • No obligation to provide access to the photo

    • I don't know

    Correct Answer
    A. Yes has to provide access to the photo
    Explanation
    CORRECT RESPONSE: Yes

    The provision of access in this case would be reasonable and the shop should provide the photo which the individual requested.

    The burden or expense of providing access would be reasonable to the organization.

    For more information please contact us: [email protected]

    Rate this question:

  • 24. 

    Sarah makes a visit to a spa for a facial treatment. After the treatment is completed, she makes her way to the cashier to make payment. The cashier tells her that the facial will cost her $49.99. She hands over her credit card to the cashier for the purpose of making payment. QUESTION: Does the cashier need to ask for Sarah’s consent to collect, use or disclose her personal data required to process the payment?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. No
    Explanation
    CORRECT RESPONSE: No

    The cashier need not ask for Sarah’s consent to collect, use or disclose her credit card number and any other related personal data (e.g. name on credit card) required to process the payment transaction.

    Sarah would be deemed to have consented to the collection, use and disclosure of her credit card number and other related personal data for processing of the payment as she voluntarily provided the personal data and it is reasonable that Sarah would provide the personal data to pay for her facial. Sarah’s deemed consent would extend to all other parties involved in the payment processing chain who collect or use Sarah’s personal data.
    These parties could include, for example, Sarah’s bank, the spa’s bank and its processers and the payment system provider.

    Rate this question:

  • 25. 

    A dance school has collected personal data of its tutors and students. It retains and uses such data (with the consent of the individuals), even if a tutor or student is no longer with the dance school, for the purpose of maintaining an alumni network. QUESTION: Is this a valid purpose to retain the personal data?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: No

    As the dance school is retaining the personal data for a valid purpose, it is not required to cease to retain the data under the Retention Limitation Obligation.

    Rate this question:

  • 26. 

    John picks up a photograph from his friend’s table which clearly shows the image of an individual. QUESTION: Is the picture considered as holding any personal data?

    • Yes - We can identify the person on the picture

    • No - The picture doesn't have any name

    • No - The picture below to a friend of John

    • I don't know

    Correct Answer
    A. Yes - We can identify the person on the picture
    Explanation
    CORRECT RESPONSE: Yes - We can identify the person on the picture

    John is holding the personal data of that individual even though he does not know his name.

    For more information please contact us: [email protected]

    Rate this question:

  • 27. 

    A supermarket conducts a survey of shoppers on its premises, with the additional intent of marketing new products to the survey respondents. However, this supermarket only indicates on the survey form, “Your personal data may be used by the supermarket or its appointed survey company for analysis of survey responses, or to contact survey respondents for follow-up queries on the survey responses” and does not make any mention of its marketing purposes. It further attempts to pass off the marketing of new products as following up on survey responses. QUESTION: Is this supermarket to be considered as having provided the required information on its purposes?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. No
    Explanation
    CORRECT RESPONSE: No

    This supermarket is unlikely to be considered as having provided the required information on its purposes in this scenario.
    Any consent obtained in such circumstances is invalid and the collection, use or disclosure of personal data relying upon such invalid consent would be a contravention of the Data Protection Provisions.

    For more information please contact us: [email protected]

    Rate this question:

  • 28. 

    As part of a research study, a participant is requested to submit information to the research institute, comprising all of the following: • The participant’s name • A general description of the participant, e.g. 30 year old married Chinese female of AB+ blood type; • Educational institutions that the participant has attended; • The participant’s occupation The research institute replaces the participant’s name with a randomly generated tag in order to safeguard the participant’s anonymity. Without the name, the research institute cannot use the rest of the information to identify a specific individual. However, the research institute continues to hold the key that can reverse the randomization and reinstate the participant’s name. QUESTION: Are the personal hold by the Institute still seen as Personal Data?

    • Yes - All of them

    • Yes but only the participant’s name

    • No - participant’s name have been removed

    • I don't know

    Correct Answer
    A. Yes - All of them
    Explanation
    CORRECT RESPONSE: Yes - All of them

    In this case, all the participants’ information held by the research institute would still be personal data held by the research institute.

    For more information please contact us: [email protected]

    Rate this question:

  • 29. 

    Sarah signs up for a spa membership over the Internet. The terms and conditions for the Spa A membership outline and explain how Sarah’s personal data will be used and disclosed. For example, it states that Sarah’s address details will be used for sending her a Spa A membership card and other communications from the Spa A. Sarah clicks on the “Accept” button at the bottom of the terms and conditions, to indicate her acceptance of, and agreement to, the terms and conditions. In this case, the Spa A has obtained Sarah’s consent for collection, use and disclosure of her personal data in connection with the stated purposes. Jane signs up for another spa, Spa B over the internet. Spa B has terms and conditions with a provision which states that "when a member accepts the terms and conditions, he or she also consents to the collection, use and disclosure of his or her personal data for the purposes set forth in the Spa B’s data protection policy". However, no information is provided on where the Spa B’s data protection policy is located (even if it is available elsewhere on the spa’s website) and no means are provided for Jane to view the policy before signifying her agreement to the spa’s terms and conditions. QUESTION: Does the consent obtained from Jane by the two Spa A and Spa B valid under PDPA?

    • Yes for Spa A

    • Yes for Spa B

    • Yes for Spa A and Spa B

    • None of them

    Correct Answer
    A. Yes for Spa A
    Explanation
    CORRECT RESPONE: Only for Spa A

    In the case of Spa B, the spa is not considered to have notified Jane of its purposes, and any consent obtained from Jane would not be valid under the PDPA.

    For more information please contact us: [email protected]

    Rate this question:

  • 30. 

    After a business trip Charles returns to Singapore. Shortly thereafter, he receives a specified message from an overseas number. However, Charles discovers that the specified message was sent on behalf of his bank in Singapore which had outsourced part of its marketing operations to an overseas call centre and authorised the call centre to send the message. QUESTION: Does the sending of the specified message by the bank (through the overseas call center) will be subject to the application of the Do Not Call Provisions?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    The sending of the specified message by the bank (through the overseas call center) will be subject to the application of the Do Not Call Provisions.

    Rate this question:

  • 31. 

    Charles wishes to organize a birthday party for his son David. Charles books a private room within a fast food restaurant for the occasion and invites twenty of David’s friends and their parents. The private room is right by the general dining area and the interior can be seen by other patrons through the glass windows. The fast food restaurant management puts up a sign at the entrance of the private room which says “Reserved for Private Event: David’s 8th birthday party”. Charles keeps the door closed at all times and keeps an eye on it to ensure that only invited guests enter. The birthday party would not be considered open to the public because members of the public (who are not invited to attend) are unlikely to be able to gain access to the event. Mary similarly wishes to organize a birthday party for her daughter Jane. She invites twenty of Jane’s friends and parents to gather at the same fast food restaurant at a particular date and time but she does not book a private room or area within the restaurant. Her guests occupy a large area within the fast food restaurant’s general dining area. Members of the public are not invited to attend this party QUESTION: Is Mary's party considered a private party or open to the public?

    • Private party

    • Open to the public

    • I don't know

    Correct Answer
    A. Open to the public
    Explanation
    CORRECT RESPONSE:

    Mary’s birthday party would be considered open to the public even though she did not open attendance to the public, because members of the public may enter the general dining area of the restaurant and may seat themselves close to or even within the area where her party guests are seated. Therefore the personal information would be considered as Publicly available data.

    For more information please contact us: [email protected]

    Rate this question:

  • 32. 

    Jeff is strolling down the aisles in a shopping mall. It would be reasonably expected that his image would be captured by CCTVs installed for security reasons. Jeff subsequently enters a store to make a purchase. It would be reasonably expected for Jeff to be photographed by a photographer engaged by the store if the store did not put up notices on the presence of the photographer. QUESTION: Are we looking at two reasonable scenarios?

    • Yes for the CCTV, No for the photographer

    • No for the CCTV, Yes for the Photographer

    • No to both scenarios

    • Yes to both scenarios

    Correct Answer
    A. Yes for the CCTV, No for the photographer
    Explanation
    CORRECT RESPONSE: Yes for the CCTV, No for the photographer

    Personal data is observed by reasonably expected means if the individual whose personal data is being observed could reasonably expect their personal data to be collected in that particular manner at that location or event.

    For more information please contact us: [email protected]

    Rate this question:

  • 33. 

    A shopping center receives a request from an individual to view all CCTV footage of him recorded at the shopping center over the past year. QUESTION: Does the shopping center need to provide the requested personal data?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. No
    Explanation
    CORRECT RESPONSE: No obligation

    In this scenario, even if the shopping center is able to remove images of other individuals captured in the CCTV footage, reviewing all CCTV footage from the past year to find records of the individual making the request would require considerable time and effort. The burden of providing access would be unreasonable to the shopping center and likely disproportionate to the individual’s interests as the individual is making a general request for all CCTV footage. Hence the shopping center need not provide the requested personal data (if available) under the Access and Correction Obligation.

    For more information please contact us: [email protected]

    Rate this question:

  • 34. 

    A business wishes to sell its products to households within a certain area around its location. It engages a service provider to distribute flyers advertising its products to all residential addresses within the area without collecting or using the names or other personal data of individuals living at those addresses. QUESTION: Is the residential addresses seen as personal data?

    • Yes - Personal data

    • No - Not personal data

    • I don't know

    Correct Answer
    A. No - Not personal data
    Explanation
    CORRECT RESPONSE: No - Not Personal Data

    The residential addresses would not be personal data collected and used by the business.

    For more information please contact us: [email protected]

    Rate this question:

  • 35. 

    Charles wishes to offer his services as a real estate agent. He engages Mary to promote his services. In the contract between Charles and Mary, it is stated that, “Mary shall not send any message, whether in sound, text, visual or other form, to a Singapore telephone number to offer, advertise or promote Charles’ services unless expressly permitted in writing by Charles”. QUESTION: If Mary sends SMS messages to a Singapore telephone number to promote Charles’ services without Charles written permission, does she comply with the Do Not Call Provisions?

    • Yes

    • No

    • Not enough information

    Correct Answer
    A. No
    Explanation
    CORRECT RESPONSE: No

    If Mary sends SMS messages to a Singapore telephone number to promote Charles’ services without Charles written permission, Charles would not be deemed to have authorised that, as he had taken reasonable steps to prevent Mary from doing so.

    Rate this question:

  • 36. 

    The organisation ABC has been using the personal data of their customers to send them desktop calendars once every year. QUESTION: Does the organisation ABC have to obtain fresh consent after the appointed day?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. No
    Explanation
    CORRECT RESPONSE: No

    This would be considered a reasonable existing use So long as their customers have not indicated to ABC that they no longer wish to receive these calendars (i.e. withdrawing their consent for the purpose of receiving calendars once every year), ABC can continue to do so without obtaining fresh consent after the appointed day.

    Rate this question:

  • 37. 

    Sharon is signing up for a gym membership. She provides her business name card to the gym staff so that they can record her name and contact details in order to register her for the package. QUESTION: Does the information on Sharon's her business card considered as Personal Data?

    • Yes - The information were provided for her personal purposes

    • No - The information were from the business card

    • I don't know

    Correct Answer
    A. Yes - The information were provided for her personal purposes
    Explanation
    CORRECT RESPONSE: Yes - The information were provided for her personal purposes

    Sharon's her business card are considered as Personal Data.

    In this case, the information provided by Sharon would not be business contact information as she is providing it solely for her personal purposes.
    The PDPA would apply to the information contained in her business name card.

    For more information please contact us: [email protected]

    Rate this question:

  • 38. 

    Charles subscribes to the services of Operator X, a Singapore telecommunications service provider. He leaves Singapore and starts roaming on the network of an overseas telecommunications provider, Operator A. He receives a specified message from Operator A, a telecommunications service provider in the other country, about Operator A’s services. QUESTION: Will the operator A be subject to the application of the Do Not Call Provisions?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. No
    Explanation
    CORRECT RESPONSE: No

    The sending of this specified message will not be subject to the application of the Do Not Call Provisions.

    Rate this question:

  • 39. 

    An organization, ABC, is a market research firm that has been engaged to produce a report which illustrates the correlation between investment habits and income, profession and marital status of working Singaporeans aged 25- 40. ABC calls Sarah for the sole purpose of gathering information for the report. QUESTION: Does the ABC organization required to comply with the Do Not Call Provisions in relation to the sending of that message?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. No
    Explanation
    In Singapore, the Do Not Call (DNC) provisions under the Personal Data Protection Act (PDPA) regulate unsolicited marketing messages sent to individuals. However, if the call made by ABC organization to Sarah is solely for the purpose of gathering information for a research report and not for marketing purposes, then it does not fall under the scope of the DNC provisions. Therefore, ABC is not required to comply with the DNC provisions for this specific purpose.

    Rate this question:

  • 40. 

    Sarah wants to signs up for a spa package. The terms and conditions include a provision that the spa may share her personal data with third parties, including selling her personal data to third party marketing agencies. Sarah does not wish to consent to such a disclosure of her personal data and requests the spa not to disclose her personal data to third party marketing agencies. The spa refuses to act on her request and informs her that the terms and conditions are standard, and that all customers must agree to all the terms and conditions. Sarah is left either with the choice of accepting all the terms and conditions (i.e. giving consent for use and disclosure of her data as described) or not proceeding with the sign up. QUESTION: Would Sarah consents for the disclosure of her data to third party marketing agencies, be considered valid?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. No
    Explanation
    CORRECT RESPONSE: No

    In this case, even if Sarah consents for the disclosure of her data to third party marketing agencies, the consent would not be considered valid since it is beyond what is reasonable for the provision of the spa’s services to its customers, and the spa had required Sarah’s consent as a condition for providing its services.

    Instead of requiring Sarah to consent to the disclosure and sale of her personal data to third parties as a condition of providing the service, the spa should separately request Sarah’s consent to do so. That is, Sarah should be able to sign up for the spa package without having to consent to the disclosure and sale of her personal data to third parties. The spa is then free to ask Sarah if she would consent, and if she does, would be considered to have obtained valid consent.

    Rate this question:

  • 41. 

    A company is considering whether an existing employee, John, should be transferred to take on a different role in its IT department. One of the criteria for the transfer is the possession of certain qualifications and professional certifications. The company has information about John’s qualifications and professional certifications that was provided by John (which form part of his personal data) when he joined the company five years before. The company asks John to update them with any new qualifications or certifications he may have obtained in the last five years since joining the company but does not ask him to re-confirm the information about the qualifications he provided when he joined the company. QUESTION: Did the company made a reasonable effort to ensure that the personal data collected is accurate and complete?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    In this scenario, the company is likely to have met its obligation to update John’s personal data.

    Rate this question:

  • 42. 

    John calls an employee of ABCD Childcare Pte Ltd (“ABCD”), Mary, through her business contact number (which John obtained from ABCD’s website) to promote a product which he thinks ABCD would purchase for use at its childcare centers. While talking to Mary, John asks her if she has children and whether she would be interested to buy another product for her personal use. QUESTION: In such a situation, will John need to ensure that he complies with the Do Not Call Provisions?

    • Yes

    • No

    • No enough information

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    In such a situation, it was a B2B marketing message, however John would not be able to rely on this exception, and will need to ensure that he complies with the Do Not Call Provisions.

    Rate this question:

  • 43. 

    John wishes to offer his services as a real estate agent and engages Mary to market his services. John does not specify the manner of marketing to Mary. QUESTION who from John and Mary be considered the sender of any SMS messages, and will both be subject to the Do Not Call Provisions?

    • Only Mary

    • Only John

    • Mary and John

    • Not enough information

    Correct Answer
    A. Mary and John
    Explanation
    CORRECT RESPONSE: Mary and John

    John and Mary will both be considered the sender of any SMS messages sent to promote John’s services, and will both be subject to the Do Not Call Provisions.

    Rate this question:

  • 44. 

    A retailer has collected personal data from its customers for the purpose of delivering products purchased by the customers. The retailer subsequently mails a flyer to the customers which states that a customer would have consented to their personal data being used for a different purpose, namely for marketing, unless the customer writes back to the retailer to opt out by a certain date. QUESTION: Can the retailer use the collected personal data being for marketing purpose?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. No
    Explanation
    CORRECT RESPONSE: No

    In this case, the customer’s inaction does not signify consent since it may be due to other reasons not related to a desire to consent (e.g. not having opened the mailbox or read the flyer).

    Rate this question:

  • 45. 

    Sarah currently has a membership with a spa. Her spa wants to use her personal data for the purposes of sending her greeting cards and the spa’s annual newsletter in the post while her spa membership is still active. QUESTION: Does this purposes will be acceptable for using of personal data without requesting her consent?

    • YES

    • NO

    • Not enough information

    Correct Answer
    A. YES
    Explanation
    CORRECT RESPONSE: YES

    These purposes would fall within sub-paragraph (a) above, as part of the organisation’s servicing of the existing business relationship with the individual, for which consent would have been previously obtained.

    In determining if personal data can be used or disclosed for a particular purpose without obtaining fresh consent, an organisation should determine:

    a) whether the purpose is within the scope of the purposes for which the individual concerned had originally been informed, for example, if it would fall within the organisation’s servicing of the existing business relationship with the individual;

    Rate this question:

  • 46. 

    Sarah provides the personal data of her friend Jane to the sales consultant at her spa as part of a members referral programme the spa is running. Before recording Jane’s personal data, the sales consultant asks Sarah a few questions to determine if Jane had been informed of the purposes for which her personal data is being disclosed to and used by the spa, and if Jane had provided her consent. After obtaining verbal confirmation from Sarah in the affirmative to those questions, the sales consultant proceeded to collect Jane’s personal data. Question: Does the sales consultant is likely to have exercised appropriate due diligence in this situation?

    • Yes

    • No

    • Not enough information to tell

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: YES

    The sales consultant is likely to have exercised appropriate due diligence in this situation.

    As a best practice, when contacting Jane for the first time, the sales consultant should inform Jane that her personal data was disclosed by Sarah and verify that Jane had provided consent to do so.

    Rate this question:

  • 47. 

    Andy had previously given his consent to Y Electronics to collect, use and disclose his contact details (which form part of his personal data) for the purpose of providing him with marketing information and promotional offers on computers and other IT products. Y Electronics discloses Andy’s contact details to its outsourced marketing agent and some other third party companies offering computers and other IT products, in each case, for the purpose of marketing computers and other IT products to Andy. Andy changes his mind and submits a notice to withdraw the consent he gave to Y Electronics. Y Electronics is required to notify Andy of the consequences of his withdrawal, in this case, simply that Y Electronics and its marketing agents will cease to send information on computer and IT products to Andy and will not disclose Andy’s personal data to any third party after Andy’s withdrawal of consent. Y Electronics is also required to cease using Andy’s contact details for marketing computer and IT products and to instruct its outsourced marketing agent about the withdrawal of consent (so that it will cease sending marketing information to Andy). QUESTION: Despite the withdrawal request from Andy, can the Organizations retain personal data in its documents and records inaccordance with the Data Protection Provisions?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes the organization can retain the information

    The withdrawal of consent also does not affect Y Electronics’ ability to retain Andy’s personal data that it requires for legal or business purposes. For example, Y Electronics may still retain Andy’s personal data in its database for the purpose of servicing an ongoing warranty, or records of his purchases that are necessary for audit purposes.

    For more information please contact us: [email protected]

    Rate this question:

  • 48. 

    Alan is a member of an online social network that is open to the public. His membership profile which is publicly searchable lists his name, date of birth and the university at which he is currently enrolled. Alan also regularly updates his profile picture. The data (including pictures of him) which Alan has shared on this online social network is very likely to be personal data that is publicly available, since any other user of the social network would be able to gain access to the data, even if they accessed his profile page by accident and any member of public may join the online social network. Bob is a member of the same social network. However, Bob’s membership profile is only accessible by a few users who are personally known to him and to whom he has granted permission to access his profile. Bob has also placed restrictions on the re-posting of his profile. QUESTION: Which profile(s) is/are most likely to be under the Personal Data Protection Act?

    • Bob's profile

    • Alan's profile

    • Neither profile

    • Both profile

    • I don't know

    Correct Answer
    A. Bob's profile
    Explanation
    CORRECT RESPONSE: Bob's profile

    The personal data on Bob’s membership profile is less likely to be considered publicly available since access to the data is strictly limited.

    For more information please contact us: [email protected]

    Rate this question:

  • 49. 

    Damien is a choral instructor who is the sole proprietor of a music studio. He decides to engage a real estate agent to assist him in searching for a suitable property unit as a second branch. Damien passes his contact details to the real estate agent so that the real estate agent can update him from time to time on property units which he might like. The real estate agent shares Damien’s contact details with his colleagues, so that more agents can assist Damien with his property search for his business. QUESTION: Does the real estate agent have the obligation to get Damien’s consent before sharing his contact information with is colleagues?

    • Yes

    • No

    • I don't know

    Correct Answer
    A. No
    Explanation
    CORRECT RESPONSE: No

    Damien’s consent to the sharing of his contact information is not required because it is business contact information.
    As Damien has provided his contact details for the purpose of a property search, this information is considered business contact information and can be passed on by the real estate agent subsequently without Damien’s prior consent.
    In turn, other persons can also collect, use and disclose Damien’s business contact information freely, without requiring Damien’s consent.

    For more information please contact us: [email protected]

    Rate this question:

Quiz Review Timeline (Updated): Jul 4, 2024 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Jul 04, 2024
    Quiz Edited by
    ProProfs Editorial Team
  • Jun 12, 2013
    Quiz Created by
    Jlcreppy
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.