In the Asia-Pacific Economic Cooperation (APEC) Privacy Framework, what exception is allowed to the Access and Correction principle?

A. Paper-based records.

B. Publicly-available information.

C. Foreign intelligence.

D. Unreasonable expense.

What term is defined by the European Commission to mean any data that relates to an identified or identifiable individual?

A. Personally identifiable information.

B. Sensitive information.

C. Personal data.

D. Identified data.

What personal information is considered sensitive in almost all countries with privacy laws?

A. Marital status.

B. Health information.

C. Employment history.

D. Criminal convictions.

Which jurisdiction was the first to consider IP addresses to be personal information?

A. India.

B. Hong Kong.

C. The United States.

D. The European Union.

SCENARIO

SCENARIO

How is the transparency of the complaint process treated in both Hong Kong and Singapore?

A. A complainant must alert all individuals potentially affected by the complaint.

B. Investigations into complaints in Hong Kong and Singapore are open to the public.

C. The Hong Kong and Singapore Commissioner may require the complainants to identify themselves before carrying out any investigation into the complaint.

D. The Hong Kong and Singapore commissioners are obliged to start investigations when receiving a complaint and inform the respondent of the personal details of the complainant.

SCENARIO

How are the scope of Singapore's Personal Data Protection Act and the scope of India's IT Rules similar?

A. They only apply to the private sector.

B. They allow exemptions for military personnel.

C. They apply to controllers and processors alike.

D. They impose obligations on individuals acting in a domestic capacity.

Which of the following topics was NOT addressed in India's Information Technology Act 2000 (IT Act)?

A. Digital signatures.

B. Censorship limitations.

C. Electronic transactions.

D. Cybersecurity procedures.

Which European-influenced safeguard was NOT included in Hong Kong or Singapore's personal data protection acts, but was subsequently adopted as a consideration in regulatory guidelines?

A. Controls on automated decision making.

B. Additional protection for sensitive personal data.

C. Legitimate interest as a legal basis for processing.

D. Notice requirements when data is collected from third parties.

Which of the following is NOT a way that the Singapore government can monitor its citizens?

A. Through the national identity card system.

B. Through the electronic road pricing system.

C. Through a personal computer registration system.

D. Through an online service that holds an individual's medical records.

In 2015, Section 66A of India's IT Act was ruled unconstitutional.

What did this section previously prohibit?

A. Publishing images with sexually explicit content.

B. Tampering with computer source documents.

C. Publishing private images of others.

D. Sending offensive messages.

What clarification did India make in a 2011 Press Note regarding their Sensitive Personal Data Rules?

A. That the rules apply to data subjects located outside of India.

B. That the rules apply to persons or companies collecting sensitive data within India.

C. That the data processor must provide notice to the data subject before data is processed.

D. That sensitive personal data or information includes passwords, financial information, medical records, and biometric information.

Which Indian institution is vested with powers under the Credit Information Companies (Regulation) Act of 2005?

A. The Reserve Bank of India.

B. The National Housing Bank.

C. The Oriental Bank of Commerce.

D. The Securities and Exchange Board of India.