Certified Information Privacy Professional – Asia (CIPP/A) — Question 47

Who is NOT potentially liable when an employee in a Singapore corporation or partnership breaches the PDPA?

Answer options

• A. A corporate officer responsible of setting up data processing.
• B. The employee following the management processes.
• C. The employee’s direct manager overseeing data handling.
• D. A partner of the partnership handling data related matters.

Correct answer: B

Explanation

The correct answer is B because the employee is acting under the authority of the management processes and is not independently liable. In contrast, corporate officers, direct managers, and partners have responsibilities that can lead to liability if they fail to ensure compliance with the PDPA.