CIPP-A Exam QuestionsBrowse all questions from this exam
Go to Exam

CIPP-A Exam - Question 11

SCENARIO – Please use the following to answer the next question:

Delilah is seeking employment in the marketing department of Good Mining Private Limited, an industry leader in drilling mines in Singapore. Delilah, while filling in the standard paper application form, is asked to provide details about emergency contacts, medical history, blood type and her insurance policy. These fields need to be filled in no matter which department Delilah applies to. The form also asks Delilah to expressly consent to the collection, use and disclosure of her personal data.

A week after submitting the form, Delilah is invited by Evan, the Director of Marketing at Good Mining, to coffee. Just before Delilah leaves, she gives her business card containing her current business contact information to Evan. Evan then uses the business card to add Delilah's details to Good Mining's business development database, which is kept on a local server. Good Mining uses the database to inform people about networking and client events that Good Mining organizes.

Why is Good Mining Private's standard form NOT compliant with Singapore's data protection law?

Show Answer
Correct Answer: D

Good Mining Private Limited's standard form is not compliant with Singapore's data protection law because it asks for details that are not relevant to the job Delilah is applying for. According to the Personal Data Protection Act (PDPA) in Singapore, organizations must only collect personal data that is necessary for the specific purpose it was collected for. Asking for emergency contacts, medical history, blood type, and insurance policy details is excessive and not pertinent to Delilah's job application for a position in the marketing department.

Discussion

2 comments
Sign in to comment
AlizadeOption: D
Mar 19, 2023

The reason why Good Mining Private's standard form is NOT compliant with Singapore's data protection law is option D, as it asks for details that are not relevant to the job Delilah is applying for. Singapore's Personal Data Protection Act (PDPA) requires that organizations only collect, use, and disclose personal data for purposes that are reasonable and relevant. Asking for information such as emergency contacts, medical history, blood type, and insurance policy is not necessary or relevant to Delilah's job application in the marketing department. Therefore, it is considered excessive collection of personal data, which is a violation of the PDPA. Additionally, the collection and use of Delilah's business card for purposes other than what was explicitly agreed to by Delilah, which was to contact her for coffee, may also be a violation of the PDPA.

BhimeshOption: D
Mar 31, 2024

D. It asks for details that are not relevant to the job Delilah is applying for.