IAPP Exam CIPP/A Topic 1 Question 52 Discussion

Actual exam question for IAPP's CIPP/A exam

Question #: 52
Topic #: 1

[All CIPP/A Questions]

In which situation would a data intermediary based in Singapore be liable for breaches against the PDPA?

AWhen it fails to provide an individual access to his or her data.

BWhen it does not provide anonymous transactions with an individual.

CWhen it fails to inform an individual it is processing data from a controller.

DWhen it processes data contrary to the provisions established in the contract.

Show Suggested Answer

Suggested Answer: B

by Kanisha at Dec 23, 2023, 02:38 PM

Limited Time Offer

25%

Off

Get Premium CIPP/A Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Fletcher

5 days ago

I feel pretty confident about this. The key is understanding the role of a data intermediary and the PDPA requirements around processing data on behalf of a controller. I'll eliminate the options that don't fit that.

upvoted 0 times

...

Trinidad

9 days ago

Choreography sounds familiar, but I don't think that's where WS-Addressing is primarily used. It's probably more about message routing.

upvoted 0 times

...

Lai

9 days ago

Hmm, I'm not entirely sure about the differences between all these Facebook tools. I'll have to think this through carefully.

upvoted 0 times

...

Dorothy

19 days ago

I think the communication has to include significant disagreements, right? But I'm unsure if it matters if they were resolved.

upvoted 0 times

...

Delisa

5 months ago

I heard the data intermediary tried to process the data through a blender. Guess they didn't realize that's not how you 'process' information.

upvoted 0 times

Staci

4 months ago

D) When it processes data contrary to the provisions established in the contract.

upvoted 0 times

...

Rose

4 months ago

C) When it fails to inform an individual it is processing data from a controller.

upvoted 0 times

...

Tawny

4 months ago

A) When it fails to provide an individual access to his or her data.

upvoted 0 times

...

Matthew

5 months ago

Definitely D. The intermediary can't just do whatever it wants with the data - it has to stick to the agreed-upon contract.

upvoted 0 times

Alona

4 months ago

D) When it processes data contrary to the provisions established in the contract.

upvoted 0 times

...

Paola

4 months ago

C) When it fails to inform an individual it is processing data from a controller.

upvoted 0 times

...

Owen

4 months ago

A) When it fails to provide an individual access to his or her data.

upvoted 0 times

...

Mireya

5 months ago

Hmm, I'm torn between B and D. But I'll go with D since the intermediary needs to follow the contract terms.

upvoted 0 times

Melvin

4 months ago

Nathan: Definitely, breaching the contract could lead to liability under the PDPA.

upvoted 0 times

...

Carissa

4 months ago

Bulah: No, that's not one of the situations where they would be liable.

upvoted 0 times

...

Selma

4 months ago

User 3: So, it's not about anonymous transactions then?

upvoted 0 times

...

Bulah

4 months ago

User 2: Yeah, I agree. They could be liable if they process data contrary to the contract.

upvoted 0 times

...

Nathan

4 months ago

User 2: I agree, it's important for data intermediaries to adhere to the provisions established in the contract.

upvoted 0 times

...

Harris

4 months ago

User 1: I think it's D, because the intermediary has to follow the contract terms.

upvoted 0 times

...

Rene

5 months ago

User 1: I think D is the correct answer because the intermediary must follow the contract terms.

upvoted 0 times

...

Monroe

5 months ago

Option C seems like the right choice. The intermediary should inform the individual that it is processing their data on behalf of a controller.

upvoted 0 times

...

Skye

6 months ago

I think option D is the correct answer. The data intermediary is responsible for processing data in accordance with the provisions in the contract with the controller.

upvoted 0 times

...

Deandrea

6 months ago

I believe option A is also important. Providing access to one's own data is a fundamental right under the PDPA.

upvoted 0 times

...

Shoshana

6 months ago

I agree with Aretha. It's important for the data intermediary to be transparent about their data processing activities.

upvoted 0 times

...

Aretha

6 months ago

I think the data intermediary would be liable if they fail to inform an individual they are processing data from a controller.

upvoted 0 times

...

Denise

6 months ago

I'm not sure, but I think it could also be D) When it processes data contrary to the provisions established in the contract. That seems like a serious breach too.

upvoted 0 times

...

Leontine

6 months ago

I agree with Sherill. If the data intermediary in Singapore doesn't provide access to data, they should be liable for breaches against the PDPA.

upvoted 0 times

...

Sherill

6 months ago

I think the answer is A) When it fails to provide an individual access to his or her data.

upvoted 0 times

...