Here are some videos that we made to educate our target market regarding data privacy laws, compliance, PDPO, specifically in Hong Kong.
View all 10 infographics here: livekentac-my.sharepoint.com/…/Validata Infographics
Quiz
1. What is personal data/PII? (Personally Identifiable information)
A. Any data that alone, or in combination with other information, can identify an individual.
B. Historical information published about a monument.
C. Any information of an employee.
D. Information or data that is stored in a vault.
2 When collecting a customer’s personal information, you must:
A. Not collect personal information indiscriminately.
B. Not deceive or mislead individuals about the purposes for collecting personal.
C. Limit the amount and type of information you collect to what is needed for the identified purposes.
D. All of the above
3. The largest privacy and data breach affected how many people:
A. 100 People
B. 3 billion
C. 20,000
D. 500 million
4. What are examples of PII?
A. Name
B. Email
C. Source Code
D. All of the above
5. Phishing is only done through email.
A. True
B. False
6. PCPD applies to which types of individuals or organizations:
A. Any organization that processes personal data
B. All data controllers and processors established in the EU and organizations that target EU resident
C. Data controllers operating in the EU
D. All of the above
7. Which of these is not a wise idea when it comes to password security?
A. Using a password manager to securely store your login information.
B. Writing your passwords down on a sticky note that you keep near your computer.
C. Changing your passwords on a regular basis, such as every three-to-six months.
D. Creating unique, long, complex passwords for each and every online account you have.
8. Organizations should protect personal information by which of the following methods:
A. Physical measures, for example, shredding documents and locking desk drawers.
B. Organizational measures, for example, security clearances and limiting access on a “need-to-know” basis.
C. Technological measures, for example, the use of passwords and encryption.
D. All of the above
9. What is its main purpose?
A. To protect people’s personal information.
B. To help police, doctors, the army, etc., to get information.
C. To help everyone find information.
D. All of the above.
10. Who are data users?
A. Data users use data for their own advantage breaking the Law.
B. Data users file, store the data, e.g., Doctors and Bankers.
C. Data users use the data in databases.
D. All of the above.
11. Who are the targets of modern-day hackers?
A. Banks and finance companies who process a lot of payments.
B. Any organization or individual is liable to be the victim of hackers.
C. Companies which hold a lot of proprietary information.
D. Companies which hold credit card numbers of customers.
12. What is the best way to validate a legitimate email vs. a phishing email?
A. Bad spelling, poor syntax, and grammar are some of the tell-tale signs of a fake email.
B. Look at the email headers to see where it really came from.
C. Look for poorly replicated logos.
D. Contact the sender on some other medium besides email to verify whether they sent you the email.
13. How often should you backup your data?
A. Once a week.
B. Once a month.
C. In accordance with your organisation’s backup policy and the criticality of the data in question.
D. Once a fortnight.
14. Where should you store the encryption passphrase for your laptop?
A. On a sticker underneath your laptop’s battery as it’s not visible to anyone using the laptop.
B. On a sticky note attached to the base of your laptop.
C. In a password-protected Word file stored on your laptop.
D. Use the password management tool supplied/authorized by your organization.
15. Which one of the following would be classified as sensitive personal data?
A. Address
B. CCTV Video
C. Name
D. Religion
16. After you have finished using someone’s personal data, what should you do with it?
A. Pass it on to someone else.
B. Give it back to the owner.
C. Securely delete or destroy it.
D. Throw it out.
17. What is the person (or office) who has the powers to enforce the Data Protection Act called?
A. Information Commissioner
B. Data Controller
C. Data Subject
D. Data User
Data Privacy
Q1. What year was the Personal Data (Privacy) Ordinary (CAP 486) legislation passed?
A. 1995
B. 1996
C. 2002
D. 1993
Q2. What day, month and year did the Personal Data (Privacy) Ordinary (CAP 486) legislation come into force?
A. 20 December 1996
B. 20 December 2002
C. 20 December 1993
D. 20 December 1995
Q3: Are privacy and data protection recognised by the Basic Law?
A. Yes. The Basic Law is the key constitutional document of Hong Kong. The right to privacy is recognised in Article 30 of the Basic Law, and in Section 8, Article 14 of the Hong Kong Bill of Rights Ordinance.
B. No.
Q4: What is the primary legislation on personal data protection?
A. Personal Data (Privacy) Ordinance, Cap 486 (the “Ordinance”).
B. General Data Protection Regulation
C. The Personal Data Protection Act (PDPA)
D. The Data Protection Act 2018 (HK)
Q5: How many Data Protection Principles (DPP) does the Ordinance set out?
A. 5
B. 6
C. 3
D. 8
Q6: Which codes of practice regulate personal data protection? (Select two)
A. Code of Practice on the Identity Card Number and Other Personal Identifiers
B. Code of Practice on Human Resource Management
C. Code of Practice on Businesses in Hong Kong
D. Code of Practice on Computer chips
Q7: Is there a national data protection authority?
A. True. The Office of the Privacy Commissioner is an independent statutory body set up to oversee the enforcement of the Ordinance.
B. False.
Q8: Below are the key terms relating to personal data in Hong Kong. Select the one that is not a key term.
A. Personal Data
B. Processing
C. Data User
D. Data Subject
E. SMEs
Q9: Before personal data is collected and used, is it required to provide notice to the data subject?
True. Before collecting personal data, all practicable steps must be taken to ensure that the data subject is informed of: whether the supply of the data is voluntary or obligatory, the purposes for which the data are to be used, and the classes of persons to whom the data may be transferred.
False
Q10: Is there a general restriction on what personal data can be collected?
True. Personal data can only be collected if it is collected for a lawful purpose directly related to a function or activity of the data user, and that the collection is necessary for or directly related to that purpose. Also, the personal data collected by the data user must not be excessive in relation to that purpose.
False
Q11: Which of these are not an exemption to the use restrictions of personal data?
A. Domestic purposes
B. Emergency situations
C. Health
D. News
E. Statistics and research
F. Legal proceedings
G. Due diligence
H. To gain an advantage in the stock market
Q12: Are privacy-by-design and privacy-by-default mandatory?
True.
False. Privacy-by-design and privacy-by-default are not mandatory.
Q13: Must data protection officers (DPOs) be appointed by law?
True
False. There is no statutory requirement to appoint a data protection officer
Q14: Are data protection impact assessments (DPIAs) mandatory?
True
False. DPIAs are not mandatory.
Q15: Is there any obligation to register databases?
True
False, there is currently no legal requirement to register databases in respect of collection or use of personal data.
Q16: Are concepts such as controller and data processor defined in Hong Kong law?
True
False