[Dec-2021] Dumps Brief Outline Of The CIPP-A Exam - Test4Cram [Q37-Q54]

[Dec-2021] Dumps Brief Outline Of The CIPP-A Exam - Test4Cram

CIPP-A Training & Certification Get Latest Certified Information Privacy Professional 

NEW QUESTION 37
In enforcement cases, what is Singapore's Personal Data Protection Commission (PDPC) obligated to do?

• A. Publish the name of an organization named in a complaint.
• B. Intervene in civil actions to provide assistance to complainants.
• C. Provide the complainant with a way to appeal a decision.
• D. Publish the decisions it makes regarding complaints.

Answer: C

NEW QUESTION 38
SCENARIO - Please use the following to answer the next QUESTION:
Dracarys Inc. is a large multinational company with headquarters in Seattle, Washington, U.S.A.
Dracarys began as a small company making and selling women's clothing, but rapidly grew through its early innovative use of online platforms to sell its products. Dracarys is now one of the biggest names in the industry, and employs staff across the globe, and in Asia has employees located in both Singapore and Hong Kong.
Due to recent management restructuring they have decided, on the advice of external consultants, to open an office in India in order to centralize its call center as well as its internal human resource functions for the Asia region. Dracarys would like to centralize the following human resource functions in India:
1. The recruitment process;
2. Employee assessment and records management;
3. Employee benefits administration, including health insurance.
Dracarys will have employees on the ground in India managing the systems for the functions listed above. They have been presented with a variety of vendor options for these systems, and are currently assessing the suitability of these vendors for their needs.
The CEO of Dracarys is concerned about the behavior of her employees, especially online. After having proprietary company information being shared with competitors by former employees, she is eager to put certain measures in place to ensure that the activities of her employees, while on Dracarys' premises or when using any of Dracarys' computers and networks are not detrimental to the business.
Dracarys' external consultants are also advising the company on how to increase earnings. Dracary's management refuses to reduce production costs and compromise the quality of their garments, so the consultants suggested utilizing customer data to create targeted advertising and thus increase sales.
What must Dracarys confirm about the vendor in India in order to centralize elements of its Human Resource function?

• A. That the vendor files requests for transfer of personal data out of India through the offices of the privacy commissioners of Hong Kong and Singapore.
• B. That the vendor adheres to the same sector privacy rules followed by Dracarys headquarters based in Seattle regarding the transfer of personal data.
• C. That the vendor submits for approval from Dracarys a privacy notice explaining how personal data will be protected under the Indian Information Technology Act.
• D. That the vendor is bound by legally enforceable obligations to provide the personal data a standard of protection that is at least comparable to the protection under the Singapore PDPA.

Answer: C

NEW QUESTION 39
Hong Kong's Personal Data (Privacy) Ordinance (PDPO) was primarily inspired by which of the following?

• A. South Korea's Public Agency Data Protection Act.
• B. Macau's Personal Data Protection Act.
• C. Europe's Data Protection Directive (Directive 95/46/EC).
• D. Asia's APEC Privacy Framework.

Answer: C

NEW QUESTION 40
Which of the following topics was NOT addressed in India's Information Technology Act 2000 (IT Act)?

• A. Censorship limitations.
• B. Electronic transactions.
• C. Digital signatures.
• D. Cybersecurity procedures.

Answer: D

NEW QUESTION 41
Which of the following principles of the OECD guidelines and Council of European Convention principles does Singapore's PDPA incorporate?

• A. Additional protections for sensitive personal data.
• B. The ability to opt-out from direct marketing.
• C. The right of deletion of data on request.
• D. Disclosures to third parties included in access requests.

Answer: B

NEW QUESTION 42
On what group does Singapore's PDPA impose disclosure restrictions that Hong Kong and India do not?

• A. Government officials.
• B. Children under 13.
• C. The clergy.
• D. The deceased.

Answer: A

NEW QUESTION 43
In Singapore, a potential employer can collect all of the following data on an individual in the pre-employment phase EXCEPT?

• A. Information from a background check.
• B. Information about the individual's children.
• C. The individual's university attendance records.
• D. Postings from social media websites.

Answer: A

NEW QUESTION 44
How are the scope of Singapore's Personal Data Protection Act and the scope of India's IT Rules similar?

• A. They only apply to the private sector.
• B. They apply to controllers and processors alike.
• C. They impose obligations on individuals acting in a domestic capacity.
• D. They allow exemptions for military personnel.

Answer: B

NEW QUESTION 45
According to India's IT Rules 2011, a body corporate operating in India is required to appoint what kind of authority?

• A. A Grievance Officer.
• B. A Data Protection Officer.
• C. A Chief Risk Officer.
• D. A Chief Technology Officer.

Answer: A

NEW QUESTION 46
In Hong Kong, which of the following are exempt from personal data access requests until after the project to which the data is related has been concluded?

• A. News organizations.
• B. Non-profit groups.
• C. Financial institutions.
• D. Hospital administrators.

Answer: A

NEW QUESTION 47
Under what circumstances are smart identity cards required of Hong Kong citizens?

• A. When seeking government services.
• B. When making substantial purchases.
• C. When using public transit systems.
• D. When opening bank accounts.

Answer: A

NEW QUESTION 48
Who is NOT potentially liable when an employee in a Singapore corporation or partnership breaches the PDPA?

• A. A partner.
• B. The employer.
• C. A corporate officer.
• D. The employee.

Answer: C

NEW QUESTION 49
Which concept is NOT an element of Cross Border Privacy Rules (CBPR)?

• A. Self-assessment against CBPR Question:naire.
• B. Enforcement by Accountability Agents.
• C. Dispute resolution via the Accountability Agent's compliance program.
• D. Consultation with Privacy Enforcement (PE) Authority.

Answer: A

NEW QUESTION 50
SCENARIO - Please use the following to answer the next QUESTION:
Delilah is seeking employment in the marketing department of Good Mining Private Limited, an industry leader in drilling mines in Singapore. Delilah, while filling in the standard paper application form, is asked to provide details about emergency contacts, medical history, blood type and her insurance policy. These fields need to be filled in no matter which department Delilah applies to. The form also asks Delilah to expressly consent to the collection, use and disclosure of her personal data.
A week after submitting the form, Delilah is invited by Evan, the Director of Marketing at Good Mining, to coffee. Just before Delilah leaves, she gives her business card containing her current business contact information to Evan. Evan then uses the business card to add Delilah's details to Good Mining's business development database, which is kept on a local server. Good Mining uses the database to inform people about networking and client events that Good Mining organizes.
Why is Good Mining Private's standard form NOT compliant with Singapore's data protection law?

• A. It does not contain the contact information for the HR manager.
• B. It asks for details that are not relevant to the job Delilah is applying for.
• C. It asks for Delilah's consent to use and disclose her personal data.
• D. It is not available in an electronic format.

Answer: B

NEW QUESTION 51
Which control is NOT included in the requirements established by the Monetary Authority of Singapore (MAS) for financial institutions in order to deter money-laundering and financial aid to terrorism (AML/CFT)?

• A. Identifying and knowing customers.
• B. Monitoring and reporting suspicious financial transactions.
• C. Conducting regular reviews of customer accounts.
• D. Sharing personal information with the PDPC.

Answer: A

Explanation:
Reference:
https://www.mas.gov.sg/-/media/MAS/Regulations-and-Financial-Stability/Regulatory-and-Supervisory-Framework/Anti_Money-Laundering_Countering-the-Financing-of-Terrorism/Guidance-for- Effective-AML-CFT-Transaction-Monitoring-Controls.pdf (page 3)
https://www.mas.gov.sg/-/media/MAS/Regulations-and-Financial-Stability/Regulatory-and-Supervisory-Framework/Anti_Money-Laundering_Countering-the-Financing-of-Terrorism/Guidance-for- Effective-AML-CFT-Transaction-Monitoring-Controls.pdf (page 3)

NEW QUESTION 52
In which situation would a data intermediary based in Singapore be liable for breaches against the PDPA?

• A. When it processes data contrary to the provisions established in the contract.
• B. When it does not provide anonymous transactions with an individual.
• C. When it fails to provide an individual access to his or her data.
• D. When it fails to inform an individual it is processing data from a controller.

Answer: A

NEW QUESTION 53
The "due diligence" exemption in Hong Kong's PDPO was meant to apply to?

• A. Direct marketers acting in the best interest of their company.
• B. Companies researching the viability of business mergers.
• C. Third-party data processors located in foreign countries.
• D. Service providers hosting customer information in the cloud.

Answer: C

NEW QUESTION 54
......

Certification Training for CIPP-A Exam Dumps Test Engine: https://www.test4cram.com/CIPP-A_real-exam-dumps.html

Certified Information Privacy Professional CIPP-A Real Exam Questions and Answers FREE Updated: https://drive.google.com/open?id=1o7yeO9V31nrTp2unnVA6vksslhwsakXJ