Personal Data Protection Act: Trivia Quiz

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Jlcreppy
J
Jlcreppy
Community Contributor
Quizzes Created: 1 | Total Attempts: 2,384
Questions: 64 | Attempts: 2,384

SettingsSettingsSettings
Personal Data Protection Act: Trivia Quiz - Quiz


How much do you know about Singapore's Personal Data Protection Act? Many people can access private data and choose to use it maliciously. This is why the PDP Act was put in place to control what can be shared under different circumstances and to whom. If you have some doubts about how well you understand the act and want to verify how true they are, you can check out this quiz.


Questions and Answers
  • 1. 

    Did you already hear about the PDPA (Personal Data Protection Act in Singapore? What can you explain to me about this new Act?

    • A.

      Yes I know about it

    • B.

      No, I don't know about it

    • C.

      Unsure about my knowledge

    Correct Answer
    A. Yes I know about it
    Explanation
    CORRECT RESPONSE: Yes - You should know about it According to the PDPA: "An organization is responsible for personal data in its possession or under its control." For more information please contact us: [email protected]

    Rate this question:

  • 2. 

    Does your organization have in place policies and procedures with regard to ensuring compliance with the Act?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes we have policies in place

    According to the PDPA:

    An organization shall develop and implement policies and practices that are necessary for the organization to meet the obligations of the organization under this Act.

    For more information please contact us: [email protected]

    Rate this question:

  • 3. 

    John Tan is a male Singaporean of 21 years of age. By themselves, general characteristics such as “male”, “Singaporean” and “21 years of age” are not able to identify a particular individual. John Tan fills up a membership form which asks for his full name, gender, nationality and age. QUESTION: Does the information provided by John considered as Personal Data?

    • A.

      Yes- All the data

    • B.

      Yes - Partially

    • C.

      No

    • D.

      I don't know

    Correct Answer
    A. Yes- All the data
    Explanation
    CORRECT RESPONSE: Yes- All the data

    In this case, all the information on the form, including the general characteristics, constitutes personal data of John Tan.

    For more information please contact us: [email protected]

    Rate this question:

  • 4. 

    QUESTION: From the list bellow which information could be seen as Personal data under the PDPA?: • Full name • NRIC or FIN number • Passport number • Photograph or video image of an individual • Mobile telephone number • Personal email address • Thumbprint • DNA profile • Name and residential address

    • A.

      Only Full name, NRIC, FIN number, Passport number, Email Address

    • B.

      All of the information

    • C.

      Name and residential address & telephone number

    • D.

      I don't know

    Correct Answer
    B. All of the information
    Explanation
    CORRECT RESPONSE: All of the information

    All the information can be seen as Personal data under the PDPA

    For more information please contact us: [email protected]

    Rate this question:

  • 5. 

    As part of a research study, a participant is requested to submit information to the research institute, comprising all of the following: • The participant’s name • A general description of the participant, e.g. 30 year old married Chinese female of AB+ blood type; • Educational institutions that the participant has attended; • The participant’s occupation The research institute replaces the participant’s name with a randomly generated tag in order to safeguard the participant’s anonymity. Without the name, the research institute cannot use the rest of the information to identify a specific individual. However, the research institute continues to hold the key that can reverse the randomization and reinstate the participant’s name. QUESTION: Are the personal hold by the Institute still seen as Personal Data?

    • A.

      Yes - All of them

    • B.

      Yes but only the participant’s name

    • C.

      No - participant’s name have been removed

    • D.

      I don't know

    Correct Answer
    A. Yes - All of them
    Explanation
    CORRECT RESPONSE: Yes - All of them

    In this case, all the participants’ information held by the research institute would still be personal data held by the research institute.

    For more information please contact us: [email protected]

    Rate this question:

  • 6. 

    A business wishes to sell its products to households within a certain area around its location. It engages a service provider to distribute flyers advertising its products to all residential addresses within the area without collecting or using the names or other personal data of individuals living at those addresses. QUESTION: Is the residential addresses seen as personal data?

    • A.

      Yes - Personal data

    • B.

      No - Not personal data

    • C.

      I don't know

    Correct Answer
    B. No - Not personal data
    Explanation
    CORRECT RESPONSE: No - Not Personal Data

    The residential addresses would not be personal data collected and used by the business.

    For more information please contact us: [email protected]

    Rate this question:

  • 7. 

    John picks up a photograph from his friend’s table which clearly shows the image of an individual. QUESTION: Is the picture considered as holding any personal data?

    • A.

      Yes - We can identify the person on the picture

    • B.

      No - The picture doesn't have any name

    • C.

      No - The picture below to a friend of John

    • D.

      I don't know

    Correct Answer
    A. Yes - We can identify the person on the picture
    Explanation
    CORRECT RESPONSE: Yes - We can identify the person on the picture

    John is holding the personal data of that individual even though he does not know his name.

    For more information please contact us: [email protected]

    Rate this question:

  • 8. 

    An adventure camp company records emergency contact information for all the participants in the adventure camp. This emergency contact information comprises the name, address and telephone number of the individual whom the organization will contact in the event of an emergency. Bernie’s emergency contact is her husband, Bernard, and she provides his contact details to the company as her emergency contact information. QUESTION: Does the company is holding any personal data about one or more individual?

    • A.

      Yes - Bernard's information only

    • B.

      Yes - Bernie and Bernard's information

    • C.

      No - Not considered as Personal Data

    • D.

      I don't know

    Correct Answer
    B. Yes - Bernie and Bernard's information
    Explanation
    CORRECT RESPONSE: Yes - Bernie and Bernard's information

    Bernard’s name, address and telephone number form part of the personal data of Bernie. As well as Bernie's data. The company is holding personal data about two individuals.

    When obtaining Bernard’s personal data from Bernie, the organization would need to consider if they are required to obtain Bernard’s consent or whether one or more of the exceptions provided in the PDPA may apply.

    In addition, since Bernard’s personal data also forms part of Bernie’s personal data (specifically, the details of her emergency contact), organizations would need to protect it as part of Bernie’s personal data.

    For more information please contact us: [email protected]

    Rate this question:

  • 9. 

    At the registration booth of a corporate seminar, Sharon drops her business name card into a glass bowl by the side of the registration booth as she wishes to be on the seminar organiser’s mailing list for future invitations to similar seminars. Sharon’s business name card contains her name, position, business telephone number, business address, business electronic mail address and business fax number. QUESTION 1: Does the company has to seek Sharon’s consent to contact her about future seminars through her business contact information? QUESTION 2: Does the seminar organizer is required to care for collected information, and provide access to and correction of the business contact information collected?

    • A.

      1) Yes, 2) Yes

    • B.

      1) Yes, 2) No

    • C.

      1) No, 2) Yes

    • D.

      1) No, 2) No

    • E.

      I don't know

    Correct Answer
    D. 1) No, 2) No
    Explanation
    CORRECT RESPONSE: Question 1) No, Question 2) No

    As Sharon did not provide her business name card solely for personal purposes, the information on it will be considered business contact information. Accordingly, the seminar organizer does not need to seek Sharon’s consent to contact her about future seminars through her business contact information.

    The seminar organizer is also not required to care for such information, or provide access to and correction of the business contact information collected.

    For more information please contact us: [email protected]

    Rate this question:

  • 10. 

    Sharon is signing up for a gym membership. She provides her business name card to the gym staff so that they can record her name and contact details in order to register her for the package. QUESTION: Does the information on Sharon's her business card considered as Personal Data?

    • A.

      Yes - The information were provided for her personal purposes

    • B.

      No - The information were from the business card

    • C.

      I don't know

    Correct Answer
    A. Yes - The information were provided for her personal purposes
    Explanation
    CORRECT RESPONSE: Yes - The information were provided for her personal purposes

    Sharon's her business card are considered as Personal Data.

    In this case, the information provided by Sharon would not be business contact information as she is providing it solely for her personal purposes.
    The PDPA would apply to the information contained in her business name card.

    For more information please contact us: [email protected]

    Rate this question:

  • 11. 

    Damien is a choral instructor who is the sole proprietor of a music studio. He decides to engage a real estate agent to assist him in searching for a suitable property unit as a second branch. Damien passes his contact details to the real estate agent so that the real estate agent can update him from time to time on property units which he might like. The real estate agent shares Damien’s contact details with his colleagues, so that more agents can assist Damien with his property search for his business. QUESTION: Does the real estate agent have the obligation to get Damien’s consent before sharing his contact information with is colleagues?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: No

    Damien’s consent to the sharing of his contact information is not required because it is business contact information.
    As Damien has provided his contact details for the purpose of a property search, this information is considered business contact information and can be passed on by the real estate agent subsequently without Damien’s prior consent.
    In turn, other persons can also collect, use and disclose Damien’s business contact information freely, without requiring Damien’s consent.

    For more information please contact us: [email protected]

    Rate this question:

  • 12. 

    A travel agency collects personal data from Tom about his wife, Jane, when Tom books a travel package for a family holiday. Tom is not subject to the Data Protection Provisions as he is acting in a personal or domestic capacity. QUESTION: Does the information about Jane, Tom's wife, personal Data, and need her approval for collecting it?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: YES

    The travel agency must comply with all the Data Protection Provisions with regard to both Tom and Jane’s personal data, unless one or more exceptions apply. In this case, the travel agency can collect Jane’s personal data without her consent as the exception 1(m) in the Second Schedule applies – that is, the travel agency does not need to seek Jane’s consent because her personal data was provided by Tom to the travel agency to provide a service for Tom’s personal and domestic purposes.

    However the travel agency must comply with all its other obligations under the Data Protection Provisions, for example, adopting reasonable security arrangements to comply with the Protection Obligation in respect of Tom’s and Jane’s personal data.

    For more information please contact us: [email protected]

    Rate this question:

  • 13. 

    Organisation ABC is a market research firm that has been engaged by Organisation XYZ. The written contract specifies that ABC has been engaged to collect personal data on behalf of XYZ and produce a report, exclusively for the use of XYZ, which illustrates the correlation between investment habits and income, profession and marital status of at least 1000 working Singaporeans aged 25-40. In addition to types of investments made, income, profession and marital status, the contract specifies that ABC has to collect the NRIC number and residential address of each person surveyed. The contract neither specifies the methods or processes ABC should undertake to collect the data and produce the report, nor the specific individuals that ABC are to survey. However, all raw data collected is to be given to XYZ and ABC is not permitted to keep any copies of the data or use it for any other purpose. In this situation, ABC may still be considered a data intermediary of XYZ insofar as it is processing personal data for the sole purpose of producing the report for XYZ. QUESTION: Does the ABC company has any obligation under Personal Data Protection Act (PDPA), since it doesn't keep any copy of the data, and ABC is the company that is processing the data?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: YES

    ABC company has to comply with PDPA.
    As ABC is XYZ’s data intermediary, XYZ has the same obligations under the PDPA in respect of the personal data processed by ABC. Hence, it may wish to include additional requirements in its contract to ensure that ABC fulfils XYZ’s obligations under the PDPA.

    For more information please contact us: [email protected]

    Rate this question:

  • 14. 

    An individual wishes to obtain certain services from a telecom service provider, Operator X and is required by the telecom service provider to agree to its terms and conditions for provision of the services. Operator X can stipulate as a condition of providing the services that the individual agrees to the collection, use and disclosure of specified items of personal data by the organisation for the purpose of supplying the services. Such items of personal data may include the name and address of the individual as well as personal data collected in the course of providing the services such as the individual’s location data. The individual provides consent for those specified items of personal data but subsequently withdraws that consent. The withdrawal of consent results in Operator X being unable to provide services to the individual. This would in turn entail an early termination of the service contract. QUESTION: Can an organisation prohibit an individual from withdrawing his consent to the collection, use or disclosure of personal data about the individual himself?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: No - The Operator X must not prohibit an individual from withdrawing his consent

    Operator X should inform the individual of the consequences of the early termination, e.g. that the individual would incur early termination charges.

    For more information please contact us: [email protected]

    Rate this question:

  • 15. 

    Andy had previously given his consent to Y Electronics to collect, use and disclose his contact details (which form part of his personal data) for the purpose of providing him with marketing information and promotional offers on computers and other IT products. Y Electronics discloses Andy’s contact details to its outsourced marketing agent and some other third party companies offering computers and other IT products, in each case, for the purpose of marketing computers and other IT products to Andy. Andy changes his mind and submits a notice to withdraw the consent he gave to Y Electronics. Y Electronics is required to notify Andy of the consequences of his withdrawal, in this case, simply that Y Electronics and its marketing agents will cease to send information on computer and IT products to Andy and will not disclose Andy’s personal data to any third party after Andy’s withdrawal of consent. Y Electronics is also required to cease using Andy’s contact details for marketing computer and IT products and to instruct its outsourced marketing agent about the withdrawal of consent (so that it will cease sending marketing information to Andy). QUESTION: Despite the withdrawal request from Andy, can the Organizations retain personal data in its documents and records inaccordance with the Data Protection Provisions?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes the organization can retain the information

    The withdrawal of consent also does not affect Y Electronics’ ability to retain Andy’s personal data that it requires for legal or business purposes. For example, Y Electronics may still retain Andy’s personal data in its database for the purpose of servicing an ongoing warranty, or records of his purchases that are necessary for audit purposes.

    For more information please contact us: [email protected]

    Rate this question:

  • 16. 

    Andy had previously given his consent to Y Electronics to collect, use and disclose his contact details (which form part of his personal data) for the purpose of providing him with marketing information and promotional offers on computers and other IT products. Y Electronics discloses Andy’s contact details to its outsourced marketing agent and some other third party companies offering computers and other IT products, in each case, for the purpose of marketing computers and other IT products to Andy. Andy changes his mind and submits a notice to withdraw the consent he gave to Y Electronics. Y Electronics is required to notify Andy of the consequences of his withdrawal, in this case, simply that Y Electronics and its marketing agents will cease to send information on computer and IT products to Andy and will not disclose Andy’s personal data to any third party after Andy’s withdrawal of consent. Y Electronics is also required to cease using Andy’s contact details for marketing computer and IT products and to instruct its outsourced marketing agent about the withdrawal of consent (so that it will cease sending marketing information to Andy). QUESTION: Does Y Electronics required to inform the third party companies to which it disclosed Andy’s contact details about the withdrawal?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: No the organization can retain the information

    Y Electronics will not be required to inform the third party companies to which it disclosed Andy’s contact details, and Andy will have to approach those companies to withdraw consent if he wishes to do.

    For more information please contact us: [email protected]

    Rate this question:

  • 17. 

    Alan is a member of an online social network that is open to the public. His membership profile which is publicly searchable lists his name, date of birth and the university at which he is currently enrolled. Alan also regularly updates his profile picture. The data (including pictures of him) which Alan has shared on this online social network is very likely to be personal data that is publicly available, since any other user of the social network would be able to gain access to the data, even if they accessed his profile page by accident and any member of public may join the online social network. Bob is a member of the same social network. However, Bob’s membership profile is only accessible by a few users who are personally known to him and to whom he has granted permission to access his profile. Bob has also placed restrictions on the re-posting of his profile. QUESTION: Which profile(s) is/are most likely to be under the Personal Data Protection Act?

    • A.

      Bob's profile

    • B.

      Alan's profile

    • C.

      Neither profile

    • D.

      Both profile

    • E.

      I don't know

    Correct Answer
    A. Bob's profile
    Explanation
    CORRECT RESPONSE: Bob's profile

    The personal data on Bob’s membership profile is less likely to be considered publicly available since access to the data is strictly limited.

    For more information please contact us: [email protected]

    Rate this question:

  • 18. 

    Jeff is strolling down the aisles in a shopping mall. It would be reasonably expected that his image would be captured by CCTVs installed for security reasons. Jeff subsequently enters a store to make a purchase. It would be reasonably expected for Jeff to be photographed by a photographer engaged by the store if the store did not put up notices on the presence of the photographer. QUESTION: Are we looking at two reasonable scenarios?

    • A.

      Yes for the CCTV, No for the photographer

    • B.

      No for the CCTV, Yes for the Photographer

    • C.

      No to both scenarios

    • D.

      Yes to both scenarios

    Correct Answer
    A. Yes for the CCTV, No for the photographer
    Explanation
    CORRECT RESPONSE: Yes for the CCTV, No for the photographer

    Personal data is observed by reasonably expected means if the individual whose personal data is being observed could reasonably expect their personal data to be collected in that particular manner at that location or event.

    For more information please contact us: [email protected]

    Rate this question:

  • 19. 

    Charles wishes to organize a birthday party for his son David. Charles books a private room within a fast food restaurant for the occasion and invites twenty of David’s friends and their parents. The private room is right by the general dining area and the interior can be seen by other patrons through the glass windows. The fast food restaurant management puts up a sign at the entrance of the private room which says “Reserved for Private Event: David’s 8th birthday party”. Charles keeps the door closed at all times and keeps an eye on it to ensure that only invited guests enter. The birthday party would not be considered open to the public because members of the public (who are not invited to attend) are unlikely to be able to gain access to the event. Mary similarly wishes to organize a birthday party for her daughter Jane. She invites twenty of Jane’s friends and parents to gather at the same fast food restaurant at a particular date and time but she does not book a private room or area within the restaurant. Her guests occupy a large area within the fast food restaurant’s general dining area. Members of the public are not invited to attend this party QUESTION: Is Mary's party considered a private party or open to the public?

    • A.

      Private party

    • B.

      Open to the public

    • C.

      I don't know

    Correct Answer
    B. Open to the public
    Explanation
    CORRECT RESPONSE:

    Mary’s birthday party would be considered open to the public even though she did not open attendance to the public, because members of the public may enter the general dining area of the restaurant and may seat themselves close to or even within the area where her party guests are seated. Therefore the personal information would be considered as Publicly available data.

    For more information please contact us: [email protected]

    Rate this question:

  • 20. 

    A fashion retailer is conducting a membership drive. It states in the membership registration form that "the purposes for which it may use the details provided by individuals who register including providing them with updates on new products and promotions and any other purpose that it deems fit." QUESTION: IS this statement an reasonable notification to the individual of the purposes for which his or her personal data will be collected, used and disclosed?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: Not reasonable

    In this case, providing updates on new products and promotions may be a reasonable purpose but the fashion retailer’s unqualified reference to ‘any other purpose that it deems fit’ would not be considered reasonable. (As noted in the section on the “Notification Obligation”, this may also be an inadequate notification to the individual of the purposes for which his or her personal data will be collected, used and disclosed.)

    For more information please contact us: [email protected]

    Rate this question:

  • 21. 

    Sarah signs up for a spa membership over the Internet. The terms and conditions for the Spa A membership outline and explain how Sarah’s personal data will be used and disclosed. For example, it states that Sarah’s address details will be used for sending her a Spa A membership card and other communications from the Spa A. Sarah clicks on the “Accept” button at the bottom of the terms and conditions, to indicate her acceptance of, and agreement to, the terms and conditions. In this case, the Spa A has obtained Sarah’s consent for collection, use and disclosure of her personal data in connection with the stated purposes. Jane signs up for another spa, Spa B over the internet. Spa B has terms and conditions with a provision which states that "when a member accepts the terms and conditions, he or she also consents to the collection, use and disclosure of his or her personal data for the purposes set forth in the Spa B’s data protection policy". However, no information is provided on where the Spa B’s data protection policy is located (even if it is available elsewhere on the spa’s website) and no means are provided for Jane to view the policy before signifying her agreement to the spa’s terms and conditions. QUESTION: Does the consent obtained from Jane by the two Spa A and Spa B valid under PDPA?

    • A.

      Yes for Spa A

    • B.

      Yes for Spa B

    • C.

      Yes for Spa A and Spa B

    • D.

      None of them

    Correct Answer
    A. Yes for Spa A
    Explanation
    CORRECT RESPONE: Only for Spa A

    In the case of Spa B, the spa is not considered to have notified Jane of its purposes, and any consent obtained from Jane would not be valid under the PDPA.

    For more information please contact us: [email protected]

    Rate this question:

  • 22. 

    An individual wishes to sign up for certain services with a service provider over the telephone. The service provider may request for the individual’s consent to the collection and use of his personal data for the service provider’s purposes and obtain the personal data from the individual over the telephone. QUESTION: Is the individual’s verbal consent by phone enough since the organization is recording the telephone conversation between the organization and the individual?

    • A.

      Yes - This will be enough

    • B.

      No - This won't be sufficient

    • C.

      I don't know

    Correct Answer
    B. No - This won't be sufficient
    Explanation
    CORRECT RESPONSE: No - This won't be sufficient

    The voice recording of the individual is considered as Personal Data.

    Where recording the telephone conversation results in the collection of additional personal data, such as the voice recording of the individual, the organization must also notify the individual of the collection and seek his consent.

    It would be good practice for the service provider to subsequently contact the individual and confirm his consent in writing, for example, by sending an email to the individual setting out the personal data provided by the individual and recording his consent to collection, use and disclosure by the service provider for the service provider’s purposes (which may be set out in its terms and conditions and/or other information provided in the email).

    For more information please contact us: [email protected]

    Rate this question:

  • 23. 

    A real estate agency places a guest book at the reception counter in a show flat and requests individuals who visit the show flat to provide their name and contact details in the guest book. However, the purposes for collecting the individuals’ personal data are not stated anywhere in or near the guest book. QUESTION: Does the real estate may be considered to have provided appropriate notification in this scenario?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: No

    Individuals could have provided their personal data for a variety of different reasons – e.g. for the purpose of being contacted in relation to their visit to the show flat, to receive information about other properties marketed by the agency, or for other purposes.
    In addition, different individuals who provide their personal data in this manner may have different purposes in mind. The real estate agency should specify the purposes in order to provide appropriate notification to the individuals from whom it would be collecting personal data.

    For more information please contact us: [email protected]

    Rate this question:

  • 24. 

    A supermarket conducts a survey of shoppers on its premises to find out ways to improve customer experience. It collects personal data such as the names and contact details of the shoppers. It clearly and legibly states at the top of the survey form, “Your personal data may be used by the supermarket or its appointed survey company for analysis of survey responses, or to contact survey respondents for follow-up queries on the survey responses.” QUESTION: Could we  consider the supermarket to have provided appropriate notification in this scenario?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    As a best practice, organizations should ensure that the notification is provided in a form that is readily accessible and easy for the individual to comprehend. The notification should also be clear and concise, and provide appropriate information on the purposes for which consent is sought.

    For more information please contact us: [email protected]

    Rate this question:

  • 25. 

    A supermarket conducts a survey of shoppers on its premises, with the additional intent of marketing new products to the survey respondents. However, this supermarket only indicates on the survey form, “Your personal data may be used by the supermarket or its appointed survey company for analysis of survey responses, or to contact survey respondents for follow-up queries on the survey responses” and does not make any mention of its marketing purposes. It further attempts to pass off the marketing of new products as following up on survey responses. QUESTION: Is this supermarket to be considered as having provided the required information on its purposes?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: No

    This supermarket is unlikely to be considered as having provided the required information on its purposes in this scenario.
    Any consent obtained in such circumstances is invalid and the collection, use or disclosure of personal data relying upon such invalid consent would be a contravention of the Data Protection Provisions.

    For more information please contact us: [email protected]

    Rate this question:

  • 26. 

    An electronics store sells products online through its website. It informs individuals purchasing products through its website of the purposes for which it will be collecting, using and disclosing personal data, including that the contact details provided by the customers will be disclosed to other companies in its corporate group and its outsourced marketing company for the purpose of marketing their products to the individual from time to time. QUESTION: Does the store provide appropriate enough details of its purposes for the individual to determine the reasons for collecting, using or disclosing personal data?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    In this case, the electronics store would be considered to have stated a sufficiently specific purpose.
    In stating its purposes, an organization should provide appropriate and specific details of its purposes for the individual to determine the reasons for which the organization will be collecting, using or disclosing his personal data.

    For more information please contact us: [email protected]

    Rate this question:

  • 27. 

    Sarah makes an access request to her spa, requesting information relating to how her personal data has been used or disclosed. The request was made on 5th February 2013. QUESTION: How much information the spa is required to provide?

    • A.

      All history from the first record

    • B.

      One year history

    • C.

      As much as the spa estimates appropriate

    • D.

      No obligation to disclose information

    Correct Answer
    B. One year history
    Explanation
    CORRECT RESPONSE: One year history

    The spa is only required to provide information on how her personal data has been used or disclosed with the past year – that is, the period from 6th February 2012 to the date of the request, 5th February 2013.

    For more information please contact us: [email protected]

    Rate this question:

  • 28. 

    A shopping center receives a request from an individual to view all CCTV footage of him recorded at the shopping center over the past year. QUESTION: Does the shopping center need to provide the requested personal data?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: No obligation

    In this scenario, even if the shopping center is able to remove images of other individuals captured in the CCTV footage, reviewing all CCTV footage from the past year to find records of the individual making the request would require considerable time and effort. The burden of providing access would be unreasonable to the shopping center and likely disproportionate to the individual’s interests as the individual is making a general request for all CCTV footage. Hence the shopping center need not provide the requested personal data (if available) under the Access and Correction Obligation.

    For more information please contact us: [email protected]

    Rate this question:

  • 29. 

    A shop in the shopping center receives a request from an individual to view a photograph of him taken by the official photographer at a private event held recently that the individual was invited to. The individual provides the shop with sufficient information to determine when the event was held. QUESTION: Does the company has to provide access to the photo?

    • A.

      Yes has to provide access to the photo

    • B.

      No obligation to provide access to the photo

    • C.

      I don't know

    Correct Answer
    A. Yes has to provide access to the photo
    Explanation
    CORRECT RESPONSE: Yes

    The provision of access in this case would be reasonable and the shop should provide the photo which the individual requested.

    The burden or expense of providing access would be reasonable to the organization.

    For more information please contact us: [email protected]

    Rate this question:

  • 30. 

    Nick will be attending an adventure camp for his company’s team-building purposes. The adventure camp operator obtains relevant health check-up records from his company to determine whether Nick is sufficiently fit to participate in the adventure activities. The records were from eight years ago when Nick first joined the company. QUESTION: Should the adventure camp company request for an update of the health check-up records?

    • A.

      Yes - This is their responsibility

    • B.

      No - It is Nick's or his company's responsibility

    • C.

      I don't know

    Correct Answer
    A. Yes - This is their responsibility
    Explanation
    CORRECT RESPONSE: Yes they have to request for an update

    In this scenario, the adventure camp company should consider requesting that Nick or his company updates his health check-up records.

    For more information please contact us: [email protected]

    Rate this question:

  • 31. 

    A retailer intends to ask an individual for his name and residential address in order to arrange the delivery of certain products purchased from the retailer by the individual. The retailer may specify that it would like to collect, use and disclose the personal data as necessary for the purpose of delivering the goods bought by the individual. QUESTION: Does the retailer have the obligation to provide detail relating to how the personal data will be stored?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: No

    The retailer need not specify activities relating to exactly how the personal data will be stored and used by the retailer,
    for example, that it will be entered into the retailer’s customer database, printed on delivery notes and packaging of the items to be delivered, transmitted to the delivery agent and so on.

    Rate this question:

  • 32. 

    A retailer has collected personal data from its customers for the purpose of delivering products purchased by the customers. The retailer subsequently mails a flyer to the customers which states that a customer would have consented to their personal data being used for a different purpose, namely for marketing, unless the customer writes back to the retailer to opt out by a certain date. QUESTION: Can the retailer use the collected personal data being for marketing purpose?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: No

    In this case, the customer’s inaction does not signify consent since it may be due to other reasons not related to a desire to consent (e.g. not having opened the mailbox or read the flyer).

    Rate this question:

  • 33. 

    Retailer B puts up a sign informing customers who are interested to join their membership programme to obtain an application form from a shelf next to the counter, fill it out, and drop the completed form into an unmanned box next to the shelf. A line in the form with an accompanying tick box states clearly “tick here if you do not wish your personal data to be provided to Company Z to market Company Z’s products”. The last field of the form requires the customer to provide his signature. The customer signed the form without putting a tick in the tick box and drops the completed form into the box. QUESTION: Can the retailer use the customer’s personal data for marketing purposes?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    In this case, the customer is more likely to have given his consent to the disclosure of his personal data to Company Z for Company Z’s marketing purposes.

    Rate this question:

  • 34. 

    Sarah wants to signs up for a spa package. The terms and conditions include a provision that the spa may share her personal data with third parties, including selling her personal data to third party marketing agencies. Sarah does not wish to consent to such a disclosure of her personal data and requests the spa not to disclose her personal data to third party marketing agencies. The spa refuses to act on her request and informs her that the terms and conditions are standard, and that all customers must agree to all the terms and conditions. Sarah is left either with the choice of accepting all the terms and conditions (i.e. giving consent for use and disclosure of her data as described) or not proceeding with the sign up. QUESTION: Would Sarah consents for the disclosure of her data to third party marketing agencies, be considered valid?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: No

    In this case, even if Sarah consents for the disclosure of her data to third party marketing agencies, the consent would not be considered valid since it is beyond what is reasonable for the provision of the spa’s services to its customers, and the spa had required Sarah’s consent as a condition for providing its services.

    Instead of requiring Sarah to consent to the disclosure and sale of her personal data to third parties as a condition of providing the service, the spa should separately request Sarah’s consent to do so. That is, Sarah should be able to sign up for the spa package without having to consent to the disclosure and sale of her personal data to third parties. The spa is then free to ask Sarah if she would consent, and if she does, would be considered to have obtained valid consent.

    Rate this question:

  • 35. 

    A fashion retailer makes it a condition for every customer who wants to participate in the lucky draw it is administering to provide his mobile telephone number for the purpose of being contacted in future for promotions. QUESTION: Can the fashion retailer has the right the participant to the lucky draw to provide their mobile telephone number?

    • A.

      Yes it can

    • B.

      No it cannot

    • C.

      I don't know

    Correct Answer
    A. Yes it can
    Explanation
    CORRECT RESPONSE: Yes

    As the lucky draw is not tied to a provision of a product or service, the fashion retailer can require that customers who want to participate in the lucky draw provide their mobile telephone numbers.

    Rate this question:

  • 36. 

    Sarah makes a visit to a spa for a facial treatment. After the treatment is completed, she makes her way to the cashier to make payment. The cashier tells her that the facial will cost her $49.99. She hands over her credit card to the cashier for the purpose of making payment. QUESTION: Does the cashier need to ask for Sarah’s consent to collect, use or disclose her personal data required to process the payment?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: No

    The cashier need not ask for Sarah’s consent to collect, use or disclose her credit card number and any other related personal data (e.g. name on credit card) required to process the payment transaction.

    Sarah would be deemed to have consented to the collection, use and disclosure of her credit card number and other related personal data for processing of the payment as she voluntarily provided the personal data and it is reasonable that Sarah would provide the personal data to pay for her facial. Sarah’s deemed consent would extend to all other parties involved in the payment processing chain who collect or use Sarah’s personal data.
    These parties could include, for example, Sarah’s bank, the spa’s bank and its processers and the payment system provider.

    Rate this question:

  • 37. 

    Sarah calls a taxi operator’s hotline to book a taxi. The customer service officer asks for her name and number in order to inform her of the taxi number, which Sarah provides voluntarily. QUESTION: With her response did Sarah have consented to the taxi company using her name and number?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    Sarah is deemed to have consented to the taxi company using her name and number to call or text her when her taxi arrives.

    Rate this question:

  • 38. 

    Sarah needs to got the airport. A taxi operator runs a limousine service and wanted to use Sarah’s information to market this service to her. The customer service officer asks for her name and number in order to inform her of the taxi number for booking a taxi. QUESTION: Can the taxi company use Sarah's personal data for marketing purpose?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: No

    Sarah would not be deemed to have consented to the use of her personal data for this purpose.
    This is because Sarah provided her personal data for the purpose of booking a taxi for a single trip, and not for the purpose of receiving marketing information about the limousine service.

    Rate this question:

  • 39. 

    Sarah goes for a medical check-up at a clinic. For the purposes of the check-up, the clinic will be conducting a series of tests which include measuring her height and weight. Sarah is aware that such tests will be conducted as the clinic has provided this information on the registration form that Sarah filled out and submitted prior to the tests. QUESTION: Is it consider that Sarah did consented to the collection of her personal data?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    Sarah will be deemed to have consented to the collection of her personal data by submitting to the tests even though she did not directly provide the data to the clinic.

    Rate this question:

  • 40. 

    A company is considering whether an existing employee, John, should be transferred to take on a different role in its IT department. One of the criteria for the transfer is the possession of certain qualifications and professional certifications. The company has information about John’s qualifications and professional certifications that was provided by John (which form part of his personal data) when he joined the company five years before. The company asks John to update them with any new qualifications or certifications he may have obtained in the last five years since joining the company but does not ask him to re-confirm the information about the qualifications he provided when he joined the company. QUESTION: Did the company made a reasonable effort to ensure that the personal data collected is accurate and complete?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    In this scenario, the company is likely to have met its obligation to update John’s personal data.

    Rate this question:

  • 41. 

    A dance school has collected personal data of its tutors and students. It retains and uses such data (with the consent of the individuals), even if a tutor or student is no longer with the dance school, for the purpose of maintaining an alumni network. QUESTION: Is this a valid purpose to retain the personal data?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: No

    As the dance school is retaining the personal data for a valid purpose, it is not required to cease to retain the data under the Retention Limitation Obligation.

    Rate this question:

  • 42. 

    A retailer retains billing information, including personal data, collected from its customers beyond the Point of Sale for the purposes of accounting and billing administration. QUESTION: Is a valid purpose for retaining the personal data?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    As the retailer is retaining the personal data for a valid purpose, it is not required to cease to retain the data under the Retention Limitation Obligation.

    Rate this question:

  • 43. 

    A retailer has entered into a contract with a data aggregator under which it has agreed to sell certain personal data about its customers to the aggregator. The personal data involved includes the customers’ names, contact details and certain information on products they have purchased from the retailer. QUESTION: On the  appointed day, does the contract the data aggregator is valid?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    However, the retailer did not obtain the consent of the customers to disclose their personal data.
    With effect from the appointed day, the retailer must comply with the Data Protection Provisions and cannot assert its contractual obligations to the aggregator as a reason that it does not need to obtain the consent of its customers.

    Rate this question:

  • 44. 

    The organisation ABC has been using the personal data of their customers to send them desktop calendars once every year. QUESTION: Does the organisation ABC have to obtain fresh consent after the appointed day?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: No

    This would be considered a reasonable existing use So long as their customers have not indicated to ABC that they no longer wish to receive these calendars (i.e. withdrawing their consent for the purpose of receiving calendars once every year), ABC can continue to do so without obtaining fresh consent after the appointed day.

    Rate this question:

  • 45. 

    Organisation XYZ has been selling databases containing personal data. This would be considered a disclosure of personal data and not a reasonable existing use under Section 19. QUESTION: After the appointed day, does XYZ needs to ensure that consent has been obtained before selling these databases again?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    After the appointed day, XYZ needs to ensure that consent has been obtained before selling these databases again.

    Rate this question:

  • 46. 

    Charles subscribes to the services of Operator X, a Singapore telecommunications service provider. He leaves Singapore and starts roaming on the network of an overseas telecommunications provider, Operator A. He receives a specified message from Operator A, a telecommunications service provider in the other country, about Operator A’s services. QUESTION: Will the operator A be subject to the application of the Do Not Call Provisions?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    B. No
    Explanation
    CORRECT RESPONSE: No

    The sending of this specified message will not be subject to the application of the Do Not Call Provisions.

    Rate this question:

  • 47. 

    Charles subscribes to the services of Operator X, a Singapore telecommunications service provider. He leaves Singapore and starts roaming on the network of an overseas telecommunications provider, Operator A. while Charles is still in the other country, Charles receives a specified message, from his insurance agent who was in Singapore when the message was sent. QUESTION: Does The sending of the specified message by Charles’ insurance agent will be subject to the application of the Do Not Call Provisions?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    The sending of the specified message by Charles’ insurance agent will be subject to the application of the Do Not Call Provisions. The insurance agent is in Singapore.

    Rate this question:

  • 48. 

    After a business trip Charles returns to Singapore. Shortly thereafter, he receives a specified message from an overseas number. However, Charles discovers that the specified message was sent on behalf of his bank in Singapore which had outsourced part of its marketing operations to an overseas call centre and authorised the call centre to send the message. QUESTION: Does the sending of the specified message by the bank (through the overseas call center) will be subject to the application of the Do Not Call Provisions?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    The sending of the specified message by the bank (through the overseas call center) will be subject to the application of the Do Not Call Provisions.

    Rate this question:

  • 49. 

    An organisation, ABC, is a market research firm that has been engaged to produce a report which illustrates the correlation between investment habits and income, profession and marital status of working Singaporeans aged 25- 40. ABC calls Sarah for the sole purpose of gathering information for the report. QUESTION: Does the ABC organisation required to comply with the Do Not Call Provisions in relation to the sending of that message?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE: Yes

    As the sole purpose of ABC’s call is to conduct market research or a market survey, the call falls within an exclusion in the Eighth Schedule and ABC is not considered to have sent a specified message. The organisation will be required to comply with the Do Not Call Provisions in relation to the sending of that message.

    Rate this question:

  • 50. 

    ABC also calls John to gather information for the report. After John finishes answering all the questions related to the report, ABC asks if John would consider purchasing one of ABC’s market reports. In this case, ABC’s call is not for the sole purpose of market research or market survey as one of the purposes of the call is to offer goods or services to John. QUESTION: Does the organisation required to comply with the Do Not Call Provisions in relation to the sending of that message?

    • A.

      Yes

    • B.

      No

    • C.

      I don't know

    Correct Answer
    A. Yes
    Explanation
    CORRECT RESPONSE:

    ABC would be considered to have sent a specified message to John.
    The organisation will be required to comply with the Do Not Call Provisions in relation to the sending of that message.

    Rate this question:

Related Topics

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.