THE ABC OF POPI – ASSESSMENT

Upon obtaining a competency mark of 60%, you will receive a certificate of completion. You may attempt the assessment three times should a competency mark not be attained.

Time limit: 0

Assessment Summary

0 of 36 Questions completed

Questions:

Information

You have already completed the assessment before. Hence you can not start it again.

Assessment is loading…

You must sign in or sign up to start the assessment.

You must first complete the following:

Results

Assessment complete. Results are being recorded.

Results

0 of 36 Questions answered correctly

Time has elapsed

You have reached 0 of 0 point(s), (0)

Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)

Categories

Not categorized 0%
POPI 0%

Current
Review
Answered
Correct
Incorrect

Question 1 of 36

1. Question
The Regulator may allow/approve processing when the information is in the public interest.
- True
- False
Question 2 of 36

2. Question
Where processing is necessary for a contract with an individual, you do not need to get separate consent.
- True
- False
Question 3 of 36

3. Question
What is meant by “restrict processing” in the following sentence?

There are situations where you are legally required to restrict processing the personal information of a data-subject.
- The Personal Information must be withheld from circulation
- The Personal Information must be destroyed or deleted

Question 4 of 36

4. Question

Match the term to the definition.

Sort elements

Data Subject
Responsible Party
Operator
Consent

the person to whom the personal information relates

This is the public or private body or any other person, alone or in conjunction with others that determines the purpose of and the means for processing personal information

is the person who processes the information or the responsible party in terms of a contract or mandate without becoming under the direct authority of that party

any voluntary, specific and informed expression of will in terms of which a data subject agrees to the processing of personal information relating to him or her

Question 5 of 36

5. Question

Complete the sentences by matching the missing words

Sort elements

the right to privacy
the right to access

The Protection of Personal Information Act (POPI) gives effect……………..

The Promotion of Access to Information Act (PAIA) gives effect to …………….. of information

Question 6 of 36

6. Question
To whom does POPI apply?
- Any person who processes personal information for a Responsible Party in terms of a mandate or agreement, without coming under the direct authority of the Responsible Party
- Any public or private body or any other person which, unaided or in combination with others, regulates the purpose of and means for processing personal information (Responsible Party). The "Responsible Party" of every company is accountable for ensuring and enforcing its own compliance
- POPI applies to data processors or responsible parties who are either domiciled in the Republic of South Africa or who are domiciled elsewhere but "makes use of automated or non-automated means" in South Africa
- All of the above
Question 7 of 36

7. Question
What is ‘personal information’?
- Information relating to an identifiable, existing juristic person (e.g. a company)
- Information relating to an identifiable, living, natural person
- All of the above
Question 8 of 36

8. Question
Choose the correct statement
- Data Subjects have the right to sue Responsible Parties and under specific circumstances, the Information Officer of the Responsible Party may be imprisoned
- The only case in which consent is required is when processing special types of data and the data of children.
- Data processed by a public body relating to national security, law enforcement, or the justice system are protected by POPI
Question 9 of 36

9. Question
Select the missing condition
1) Accountability
2) Processing limitation
3) Purpose specification
4) Further processing limitation
5) Information quality
6) ………………………….
7) Security safeguards
8) Data subject participation
- Stability
- Fitness and propriety
- Proportionality
- Openness
Question 10 of 36

10. Question
Which of the 8 Conditions requires you to have a Privacy Policy?
- Condition 2
- Condition 4
- Condition 6
- Condition 8
Question 11 of 36

11. Question
The first thing a responsible party must do if they believe their security has been comprimised is to notify the Regulator and the data subject as soon as reasonably possible
- True
- False
Question 12 of 36

12. Question
What security safeguards would be regarded as appropriate?
- De-Identification
- Audit Logging to track track activitiies that occurs within the software and the hardware, like changes to admin passwords and anything that might have been downloaded
- Strong encryption algorithms that automatically protect all data stored on all hard drives and PCs
- All of the above
Question 13 of 36

13. Question
What is the main goal of the POPI Act?
- To protect employees when disclosing any improper conduct of the employer or other employees without the fear of suffering an occupational detriment.
- To allow access to any information held by the State, and any information held by private bodies that is required for the exercise and protection of any rights
- To ensure fair, competitive and responsible markets that work well for consumers and promote ethical business practices
- To protect data subjects from security breaches, theft, and discrimination
Question 14 of 36

14. Question
Choose the correct statement regarding the roles and responsibilities of the Information Officer?
- To create and enforce plans that will help meet the needs of customers.
- To ensure a company functions in a legal and ethical manner while meeting its business goals.
- To conduct a PIIA to ensure that adequate measures and standards exist in order to comply the conditions for the lawful processing of personal information
- Responsible for managing and overseeing the activities relating to the rendering of any financial service
Question 15 of 36

15. Question
Who will be the contact person for the Information Regulator?
- Law Enforcement officer
- Chief Executive officer
- Information officer
- Complaints officer
Question 16 of 36

16. Question
POPI is not applicable to:
- Journalistic purposes subject to conditions
- Processing of de-identified information that cannot be re-identified (truly anonymous
- Exemptions granted by the Regulator
- All of the above
Question 17 of 36

17. Question
Special Personal Information includes
- Contact details
- Date of Birth
- Religious Beliefs
- Full Name and Surname
Question 18 of 36

18. Question
Sensitive Personal Information includes
- Id Number of Spouse
- Address
- Date of birth
- Banking Details
Question 19 of 36

19. Question
If Personal Information has been collected from any source other than the subject, it is your responsibility to:
- Thank them in writing
- inform the subject of this and the purpose of this
- Inform the subject of the source from which you got the information
- B and C
- All of the above
Question 20 of 36

20. Question
The POPI process can be broken down into 3 main parts, what are they?
- Client Forms, Filing and Printing
- Input, Storage and Output
- Collection, Storage and Destruction
- Collection, Preservation and Third-Party Access
Question 21 of 36

21. Question
With reference to POPIA – Complete the sentences by choosing the missing word.

Information of deceased persons, or juristic persons that are no longer in existence is not ………………………..as defined, and so would fall outside the scope of the Act
- Sensitive Personal Information
- Personal Information
- Public Information
- Classified Information
Question 22 of 36

22. Question
What are common examples of a breach? Choose all that apply.
- Collecting personal information with the necessary consent
- Sending personal information to people who are not supposed to have it
- Complying with an enforcement notice issued by the Information Regulato 5
- Breach of security safeguards (network with personal information is hacked).
- Loss of personal information due to inadequate security safeguards
Question 23 of 36

23. Question
Are employers allowed to install CCTV’s cameras in the workplace?
- Yes. The employer is allows to monitor employees without them knowing.
- Yes, but there must be notice given to people on entering your premises.
- No, You have a right to privacy in the workplace
Question 24 of 36

24. Question
You are allowed to process the special information of a person where…..
- the data subject has deliberately made the information public
- the contact information for the data subject appear on a possible client data base list received from a third party
Question 25 of 36

25. Question
You are allowed to request specific information on health status so that you can comply with your obligation in respect of the Occupational Health and Safety Act 85 of 1993. You ……….. need your staff’s consent for this.
- do not
- do not

Question 26 of 36

26. Question

Match

Sort elements

A risk treatment plan
A framework should
A risk assessment should

consists of everything you are going to need and implement in your organisation to ensure ongoing compliance

should identify the appropriate management action, resources, responsibilities and priorities for managing personal information security risks.

identify those risks which need urgent attention and those which don't.

Question 27 of 36

27. Question
In which cases are you allowed to transfer data to a third party who is in a foreign country without consent from the data subject
- Where the transfer is for the benefit of the data subject, and it is not reasonably practicable to obtain the consent of the data subject but if it were, the person would likely give consent
- Where the transfer is necessary for you to perform in terms of a contract with the person
- necessary for the performance of a contract between you and a third party which is in the interests of the data subject
- All of the above
Question 28 of 36

28. Question
Where you are required to keep records for a particular period, the data subject……….. compel you to delete his or her information before the time period has elapsed.
- can
- can not
Question 29 of 36

29. Question
Which of the following statements is correct?
- The POPI Act covers any processing of personal information of people and businesses in South Africa, regardless of whether the organisation concerned is based in South Africa.
- The POPI Act only applies to organisations based within South Africa
- The POPI Act applies to organisations outside of South Africa
Question 30 of 36

30. Question
Which of the following statements about consent under the POPI Act is correct?
- Prospective customers must provide consent, or “opt in”before receiving any electronic direct
- lt must be easy to withdraw consent
- Consent must be provided freely and on an informed basis
- Ensure that you obtain the necessary consent before sharing bank account details
- All of the above
Question 31 of 36

31. Question
You are not allowed to further process personal information without consent even if it is necessary to prevent a serious and imminent threat to public safety or public health or the life or health of another person.
- True
- False
Question 32 of 36

32. Question
Complete the following statement.

Where a Responsible Party wants to offer online information services to children under 18 on the basis of consent, it can’t do this unless…
- the content of the services offered is child friendly
- it has the consent of their parent or legal guardian
- the child has given their written consent
Question 33 of 36

33. Question
The right to restrict automated processing doesn’t apply if……
- the processing is necessary for the performance of a contract
- if the processing is for research purposes
Question 34 of 36

34. Question
Choose the incorrect statement

Where you accidentally receive information not intended for you…..
- must permanently delete the copy you received without opening any attachments
- you must inform the sender of their mistake,
- you are required to identify and contact the person the data belongs to. (data subject)
Question 35 of 36

35. Question
The maximum administrative fine that can be issued under POPIA is
- R 1 Million
- R 10 Million
- R 100 Million
Question 36 of 36

36. Question
The Information Officer should be at an executive level or equivalent position, being an employee of the private body at a level of management or above.
- True
- False