Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPP-A All Questions

View all questions & answers for the CIPP-A exam
Go to Exam

Exam CIPP-A topic 1 question 93 discussion

Actual exam question from IAPP's CIPP-A
Question #: 93
Topic #: 1
[All CIPP-A Questions]

In what way are Singapore residents protected following a data breach in ways that India and Hong Kong residents are not?

  • A. The affected individuals must be informed when significant harm is likely to occur.
  • B. The relevant authority must be informed of such data breach following its discovery.
  • C. The company must have in place a data breach response plan including third-parties.
  • D. The breach must be reported to the relevant authority within 72 hours of the discovery.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Bhimesh at March 27, 2024, 1:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bhimesh
8 months ago
Selected Answer: A
Singapore - Under the current Act A data breach constitutes a “notifiable data breach” if: it results in, or is likely to result in, significant harm to the affected individuals (including one that compromises personal data prescribed under the Personal Data Protection (Notification of Data Breaches) Regulations 2021); or it is of a significant scale (i.e. one that affects 500 or more individuals). Hongkong - There is no statutory definition of a data breach under the Ordinance. India - “In the event of an info sec breach, the body corporate … shall be required to demonstrate [to agency] that they have implemented security control measures as per their documented info sec program and policies.” Under the DPDP Act, in the event of a personal data breach, Data Fiduciary is required to inform each affected Data Principal
upvoted 1 times
Bhimesh
8 months ago
Section 43A of the Information Technology Act, 2000 ("IT Act") required a body corporate that possesses, deals with or handles any "sensitive personal data or information" in a computer resource which it owns, controls or operates, to maintain "reasonable security practices and procedures". The terms "sensitive personal data or information", and "reasonable security practices and procedures" were not sufficiently defined. Exemption For Outsourcing Entities: The obligations under Rules 5 and 6 of the Data Privacy Rules (i.e., relating to the manner in which companies can collect and disclose "sensitive personal data or information") do not apply to Indian companies which collect, store, deal with or handle "sensitive personal data or information" under a contractual obligation with a legal entity.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel