Personal Data Protection Act: Trivia Quiz

64 Questions | By Jlcreppy | Last updated: Mar 22, 2022 | Total Attempts: 1935

Questions

Settings

Create your own Quiz

Personal Data Protection Act: Trivia Quiz - Quiz

How much do you know about Singapore's Personal Data Protection Act? Many people can access private data and choose to use it maliciously. This is why the PDP Act was put in place to control what can be shared under different circumstances and to whom. If you have some doubts about how well you understand the act and want to verify how true they are, you can check out this quiz.

Questions and Answers

1.

Did you already hear about the PDPA (Personal Data Protection Act in Singapore? What can you explain to me about this new Act?
- A.
  
  Yes I know about it
- B.
  
  No, I don't know about it
- C.
  
  Unsure about my knowledge
2.

Does your organization have in place policies and procedures with regard to ensuring compliance with the Act?
- A.
  
  Yes
- B.
  
  No
- C.
  
  I don't know
3.

John Tan is a male Singaporean of 21 years of age. By themselves, general characteristics such as “male”, “Singaporean” and “21 years of age” are not able to identify a particular individual. John Tan fills up a membership form which asks for his full name, gender, nationality and age. QUESTION: Does the information provided by John considered as Personal Data?
- A.
  
  Yes- All the data
- B.
  
  Yes - Partially
- C.
  
  No
- D.
  
  I don't know
4.

QUESTION: From the list bellow which information could be seen as Personal data under the PDPA?: • Full name • NRIC or FIN number • Passport number • Photograph or video image of an individual • Mobile telephone number • Personal email address • Thumbprint • DNA profile • Name and residential address
- A.
  
  Only Full name, NRIC, FIN number, Passport number, Email Address
- B.
  
  All of the information
- C.
  
  Name and residential address & telephone number
- D.
  
  I don't know
5.

As part of a research study, a participant is requested to submit information to the research institute, comprising all of the following: • The participant’s name • A general description of the participant, e.g. 30 year old married Chinese female of AB+ blood type; • Educational institutions that the participant has attended; • The participant’s occupation The research institute replaces the participant’s name with a randomly generated tag in order to safeguard the participant’s anonymity. Without the name, the research institute cannot use the rest of the information to identify a specific individual. However, the research institute continues to hold the key that can reverse the randomization and reinstate the participant’s name. QUESTION: Are the personal hold by the Institute still seen as Personal Data?
- A.
  
  Yes - All of them
- B.
  
  Yes but only the participant’s name
- C.
  
  No - participant’s name have been removed
- D.
  
  I don't know
6.

A business wishes to sell its products to households within a certain area around its location. It engages a service provider to distribute flyers advertising its products to all residential addresses within the area without collecting or using the names or other personal data of individuals living at those addresses. QUESTION: Is the residential addresses seen as personal data?
- A.
  
  Yes - Personal data
- B.
  
  No - Not personal data
- C.
  
  I don't know
7.

John picks up a photograph from his friend’s table which clearly shows the image of an individual. QUESTION: Is the picture considered as holding any personal data?
- A.
  
  Yes - We can identify the person on the picture
- B.
  
  No - The picture doesn't have any name
- C.
  
  No - The picture below to a friend of John
- D.
  
  I don't know
8.

An adventure camp company records emergency contact information for all the participants in the adventure camp. This emergency contact information comprises the name, address and telephone number of the individual whom the organization will contact in the event of an emergency. Bernie’s emergency contact is her husband, Bernard, and she provides his contact details to the company as her emergency contact information. QUESTION: Does the company is holding any personal data about one or more individual?
- A.
  
  Yes - Bernard's information only
- B.
  
  Yes - Bernie and Bernard's information
- C.
  
  No - Not considered as Personal Data
- D.
  
  I don't know
9.

At the registration booth of a corporate seminar, Sharon drops her business name card into a glass bowl by the side of the registration booth as she wishes to be on the seminar organiser’s mailing list for future invitations to similar seminars. Sharon’s business name card contains her name, position, business telephone number, business address, business electronic mail address and business fax number. QUESTION 1: Does the company has to seek Sharon’s consent to contact her about future seminars through her business contact information? QUESTION 2: Does the seminar organizer is required to care for collected information, and provide access to and correction of the business contact information collected?
- A.
  
  1) Yes, 2) Yes
- B.
  
  1) Yes, 2) No
- C.
  
  1) No, 2) Yes
- D.
  
  1) No, 2) No
- E.
  
  I don't know
10.

Sharon is signing up for a gym membership. She provides her business name card to the gym staff so that they can record her name and contact details in order to register her for the package. QUESTION: Does the information on Sharon's her business card considered as Personal Data?
- A.
  
  Yes - The information were provided for her personal purposes
- B.
  
  No - The information were from the business card
- C.
  
  I don't know
11.

Damien is a choral instructor who is the sole proprietor of a music studio. He decides to engage a real estate agent to assist him in searching for a suitable property unit as a second branch. Damien passes his contact details to the real estate agent so that the real estate agent can update him from time to time on property units which he might like. The real estate agent shares Damien’s contact details with his colleagues, so that more agents can assist Damien with his property search for his business. QUESTION: Does the real estate agent have the obligation to get Damien’s consent before sharing his contact information with is colleagues?
- A.
  
  Yes
- B.
  
  No
- C.
  
  I don't know
12.

A travel agency collects personal data from Tom about his wife, Jane, when Tom books a travel package for a family holiday. Tom is not subject to the Data Protection Provisions as he is acting in a personal or domestic capacity. QUESTION: Does the information about Jane, Tom's wife, personal Data, and need her approval for collecting it?
- A.
  
  Yes
- B.
  
  No
- C.
  
  I don't know
13.

Organisation ABC is a market research firm that has been engaged by Organisation XYZ. The written contract specifies that ABC has been engaged to collect personal data on behalf of XYZ and produce a report, exclusively for the use of XYZ, which illustrates the correlation between investment habits and income, profession and marital status of at least 1000 working Singaporeans aged 25-40. In addition to types of investments made, income, profession and marital status, the contract specifies that ABC has to collect the NRIC number and residential address of each person surveyed. The contract neither specifies the methods or processes ABC should undertake to collect the data and produce the report, nor the specific individuals that ABC are to survey. However, all raw data collected is to be given to XYZ and ABC is not permitted to keep any copies of the data or use it for any other purpose. In this situation, ABC may still be considered a data intermediary of XYZ insofar as it is processing personal data for the sole purpose of producing the report for XYZ. QUESTION: Does the ABC company has any obligation under Personal Data Protection Act (PDPA), since it doesn't keep any copy of the data, and ABC is the company that is processing the data?
- A.
  
  Yes
- B.
  
  No
- C.
  
  I don't know
14.

An individual wishes to obtain certain services from a telecom service provider, Operator X and is required by the telecom service provider to agree to its terms and conditions for provision of the services. Operator X can stipulate as a condition of providing the services that the individual agrees to the collection, use and disclosure of specified items of personal data by the organisation for the purpose of supplying the services. Such items of personal data may include the name and address of the individual as well as personal data collected in the course of providing the services such as the individual’s location data. The individual provides consent for those specified items of personal data but subsequently withdraws that consent. The withdrawal of consent results in Operator X being unable to provide services to the individual. This would in turn entail an early termination of the service contract. QUESTION: Can an organisation prohibit an individual from withdrawing his consent to the collection, use or disclosure of personal data about the individual himself?
- A.
  
  Yes
- B.
  
  No
- C.
  
  I don't know
15.

Andy had previously given his consent to Y Electronics to collect, use and disclose his contact details (which form part of his personal data) for the purpose of providing him with marketing information and promotional offers on computers and other IT products. Y Electronics discloses Andy’s contact details to its outsourced marketing agent and some other third party companies offering computers and other IT products, in each case, for the purpose of marketing computers and other IT products to Andy. Andy changes his mind and submits a notice to withdraw the consent he gave to Y Electronics. Y Electronics is required to notify Andy of the consequences of his withdrawal, in this case, simply that Y Electronics and its marketing agents will cease to send information on computer and IT products to Andy and will not disclose Andy’s personal data to any third party after Andy’s withdrawal of consent. Y Electronics is also required to cease using Andy’s contact details for marketing computer and IT products and to instruct its outsourced marketing agent about the withdrawal of consent (so that it will cease sending marketing information to Andy). QUESTION: Despite the withdrawal request from Andy, can the Organizations retain personal data in its documents and records inaccordance with the Data Protection Provisions?
- A.
  
  Yes
- B.
  
  No
- C.
  
  I don't know
16.

Andy had previously given his consent to Y Electronics to collect, use and disclose his contact details (which form part of his personal data) for the purpose of providing him with marketing information and promotional offers on computers and other IT products. Y Electronics discloses Andy’s contact details to its outsourced marketing agent and some other third party companies offering computers and other IT products, in each case, for the purpose of marketing computers and other IT products to Andy. Andy changes his mind and submits a notice to withdraw the consent he gave to Y Electronics. Y Electronics is required to notify Andy of the consequences of his withdrawal, in this case, simply that Y Electronics and its marketing agents will cease to send information on computer and IT products to Andy and will not disclose Andy’s personal data to any third party after Andy’s withdrawal of consent. Y Electronics is also required to cease using Andy’s contact details for marketing computer and IT products and to instruct its outsourced marketing agent about the withdrawal of consent (so that it will cease sending marketing information to Andy). QUESTION: Does Y Electronics required to inform the third party companies to which it disclosed Andy’s contact details about the withdrawal?
- A.
  
  Yes
- B.
  
  No
- C.
  
  I don't know
17.

Alan is a member of an online social network that is open to the public. His membership profile which is publicly searchable lists his name, date of birth and the university at which he is currently enrolled. Alan also regularly updates his profile picture. The data (including pictures of him) which Alan has shared on this online social network is very likely to be personal data that is publicly available, since any other user of the social network would be able to gain access to the data, even if they accessed his profile page by accident and any member of public may join the online social network. Bob is a member of the same social network. However, Bob’s membership profile is only accessible by a few users who are personally known to him and to whom he has granted permission to access his profile. Bob has also placed restrictions on the re-posting of his profile. QUESTION: Which profile(s) is/are most likely to be under the Personal Data Protection Act?
- A.
  
  Bob's profile
- B.
  
  Alan's profile
- C.
  
  Neither profile
- D.
  
  Both profile
- E.
  
  I don't know
18.

Jeff is strolling down the aisles in a shopping mall. It would be reasonably expected that his image would be captured by CCTVs installed for security reasons. Jeff subsequently enters a store to make a purchase. It would be reasonably expected for Jeff to be photographed by a photographer engaged by the store if the store did not put up notices on the presence of the photographer. QUESTION: Are we looking at two reasonable scenarios?
- A.
  
  Yes for the CCTV, No for the photographer
- B.
  
  No for the CCTV, Yes for the Photographer
- C.
  
  No to both scenarios
- D.
  
  Yes to both scenarios
19.

Charles wishes to organize a birthday party for his son David. Charles books a private room within a fast food restaurant for the occasion and invites twenty of David’s friends and their parents. The private room is right by the general dining area and the interior can be seen by other patrons through the glass windows. The fast food restaurant management puts up a sign at the entrance of the private room which says “Reserved for Private Event: David’s 8th birthday party”. Charles keeps the door closed at all times and keeps an eye on it to ensure that only invited guests enter. The birthday party would not be considered open to the public because members of the public (who are not invited to attend) are unlikely to be able to gain access to the event. Mary similarly wishes to organize a birthday party for her daughter Jane. She invites twenty of Jane’s friends and parents to gather at the same fast food restaurant at a particular date and time but she does not book a private room or area within the restaurant. Her guests occupy a large area within the fast food restaurant’s general dining area. Members of the public are not invited to attend this party QUESTION: Is Mary's party considered a private party or open to the public?
- A.
  
  Private party
- B.
  
  Open to the public
- C.
  
  I don't know
20.

A fashion retailer is conducting a membership drive. It states in the membership registration form that "the purposes for which it may use the details provided by individuals who register including providing them with updates on new products and promotions and any other purpose that it deems fit." QUESTION: IS this statement an reasonable notification to the individual of the purposes for which his or her personal data will be collected, used and disclosed?
- A.
  
  Yes
- B.
  
  No
- C.
  
  I don't know
21.

Sarah signs up for a spa membership over the Internet. The terms and conditions for the Spa A membership outline and explain how Sarah’s personal data will be used and disclosed. For example, it states that Sarah’s address details will be used for sending her a Spa A membership card and other communications from the Spa A. Sarah clicks on the “Accept” button at the bottom of the terms and conditions, to indicate her acceptance of, and agreement to, the terms and conditions. In this case, the Spa A has obtained Sarah’s consent for collection, use and disclosure of her personal data in connection with the stated purposes. Jane signs up for another spa, Spa B over the internet. Spa B has terms and conditions with a provision which states that "when a member accepts the terms and conditions, he or she also consents to the collection, use and disclosure of his or her personal data for the purposes set forth in the Spa B’s data protection policy". However, no information is provided on where the Spa B’s data protection policy is located (even if it is available elsewhere on the spa’s website) and no means are provided for Jane to view the policy before signifying her agreement to the spa’s terms and conditions. QUESTION: Does the consent obtained from Jane by the two Spa A and Spa B valid under PDPA?
- A.
  
  Yes for Spa A
- B.
  
  Yes for Spa B
- C.
  
  Yes for Spa A and Spa B
- D.
  
  None of them
22.

An individual wishes to sign up for certain services with a service provider over the telephone. The service provider may request for the individual’s consent to the collection and use of his personal data for the service provider’s purposes and obtain the personal data from the individual over the telephone. QUESTION: Is the individual’s verbal consent by phone enough since the organization is recording the telephone conversation between the organization and the individual?
- A.
  
  Yes - This will be enough
- B.
  
  No - This won't be sufficient
- C.
  
  I don't know
23.

A real estate agency places a guest book at the reception counter in a show flat and requests individuals who visit the show flat to provide their name and contact details in the guest book. However, the purposes for collecting the individuals’ personal data are not stated anywhere in or near the guest book. QUESTION: Does the real estate may be considered to have provided appropriate notification in this scenario?
- A.
  
  Yes
- B.
  
  No
- C.
  
  I don't know
24.

A supermarket conducts a survey of shoppers on its premises to find out ways to improve customer experience. It collects personal data such as the names and contact details of the shoppers. It clearly and legibly states at the top of the survey form, “Your personal data may be used by the supermarket or its appointed survey company for analysis of survey responses, or to contact survey respondents for follow-up queries on the survey responses.” QUESTION: Could we consider the supermarket to have provided appropriate notification in this scenario?
- A.
  
  Yes
- B.
  
  No
- C.
  
  I don't know
25.

A supermarket conducts a survey of shoppers on its premises, with the additional intent of marketing new products to the survey respondents. However, this supermarket only indicates on the survey form, “Your personal data may be used by the supermarket or its appointed survey company for analysis of survey responses, or to contact survey respondents for follow-up queries on the survey responses” and does not make any mention of its marketing purposes. It further attempts to pass off the marketing of new products as following up on survey responses. QUESTION: Is this supermarket to be considered as having provided the required information on its purposes?
- A.
  
  Yes
- B.
  
  No
- C.
  
  I don't know