Certified Information Privacy Professional – Asia (CIPP/A) — Question 23

All of the following are guidelines the PDPC gives about anonymised data EXCEPT?

Answer options

• A. Anonymised data is not personal data.
• B. Any data that has been anonymised bears the same risks for re-identification.
• C. Data that has been anonymised satisfies the "cease to retain" requirement of Section 25.
• D. Organizations should consider the risk of re-identification if it intends to publish or disclose anonymised data.

Correct answer: C

Explanation

The correct answer is C because the PDPC guidelines state that anonymised data does not meet the 'cease to retain' requirement of Section 25, as it can still pose risks for re-identification. Options A, B, and D are true and reflect the PDPC's stance on the nature and risks associated with anonymised data.