U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IAPP CIPP/A Exam - Topic 1 Question 49 Discussion

Which provision of Hong Kong's Personal Data (Privacy) Ordinance (PDPO) strengthens the purpose limitation principle (DPP3)?
A) Notice; because the data subject must be provided with the purpose of the collection.
B) Public domain; because the data subjects must agree to the purpose before their information is made publicly available.
C) Prescribed consent; because the data subject must give express consent to their personal information being used for additional purposes.
D) Finality; because the purpose for collection of personal information from the subject must be directly related to a function of the collector.

IAPP CIPP/A Exam - Topic 1 Question 49 Discussion

Actual exam question for IAPP's CIPP/A exam
Question #: 49
Topic #: 1
[All CIPP/A Questions]

Which provision of Hong Kong's Personal Data (Privacy) Ordinance (PDPO) strengthens the purpose limitation principle (DPP3)?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Ronny at Oct 21, 2023, 08:09 AM

Limited Time Offer

25%

Off

Get Premium CIPP/A Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Magnolia
7 months ago
Not sure if D is the best choice, seems a bit vague to me.
upvoted 0 times
...
Jamal
7 months ago
Wait, I didn’t know about the finality requirement! That’s interesting.
upvoted 0 times
...
Jonell
7 months ago
A is important too, but it’s not the strongest for purpose limitation.
upvoted 0 times
...
Natalya
7 months ago
I think C makes more sense, consent is crucial!
upvoted 0 times
...
Mattie
8 months ago
D is the right answer! Finality is key for DPP3.
upvoted 0 times
...
Marjory
8 months ago
I thought finality was key in ensuring the purpose is clear, so could it be D? I need to double-check my notes on this.
upvoted 0 times
...
Alethea
8 months ago
I feel like notice is important too, but I can't recall if that directly relates to the purpose limitation principle.
upvoted 0 times
...
Malcom
8 months ago
I remember something about consent being crucial, so maybe it's C? That sounds familiar from our practice questions.
upvoted 0 times
...
Portia
8 months ago
I think DPP3 is about how data should only be used for the purpose it was collected for, but I'm not sure which option really emphasizes that.
upvoted 0 times
...
Janella
8 months ago
Okay, I've reviewed the options a few times now. I'm leaning towards "prescribed consent" as the best answer, since that directly gives the data subject control over additional uses of their personal information.
upvoted 0 times
...
Lawrence
8 months ago
I think the "finality" provision is the key here. The requirement that the purpose be directly related to the collector's function seems like a strong way to uphold the purpose limitation principle.
upvoted 0 times
...
Leana
8 months ago
I'm a bit confused on the difference between "public domain" and "prescribed consent." I'll need to re-read those sections of the law to understand how they relate to the purpose limitation principle.
upvoted 0 times
...
Leslie
8 months ago
The notice requirement makes sense to me as a way to strengthen the purpose limitation principle. If the data subject is informed of the purpose, that should help ensure the data is only used for that purpose.
upvoted 0 times
...
Tamar
8 months ago
This seems like a tricky question. I'll need to carefully review the provisions of the PDPO to determine which one strengthens the purpose limitation principle.
upvoted 0 times
...
Merri
9 months ago
Okay, the key detail here is that it's encrypting "one letter at a time." That points to a stream cipher, so I'm going to go with A.
upvoted 0 times
...
Kerry
9 months ago
Hmm, I'm a bit unsure about this one. I'll need to review my notes on user research methods to make sure I pick the right option.
upvoted 0 times
...
Brittney
9 months ago
Hmm, I'm a bit unsure about this one. The diagram seems simple enough, but I'm not sure which of these options is the best next step in refining the model.
upvoted 0 times
...
Caprice
9 months ago
Okay, I've got it. Using third-party confirmations to support management's representations is a standard audit procedure, not an example of professional skepticism. The other options involve more critical thinking and challenging of management's assertions.
upvoted 0 times
...

Save Cancel