Certified Information Privacy Professional – Asia (CIPP/A) — Question 67

In which situation would a data intermediary based in Singapore be liable for breaches against the PDPA?

Answer options

• A. When it fails to provide an individual access to his or her data.
• B. When it does not provide anonymous transactions with an individual.
• C. When it fails to inform an individual it is processing data from a controller.
• D. When it processes data contrary to the provisions established in the contract.

Correct answer: D

Explanation

The correct answer is D because if the data intermediary processes data in a manner that violates the contractual agreements, it is directly liable. Options A, B, and C pertain to different aspects of data handling and do not reflect direct breaches of contract or specific responsibilities outlined by the PDPA.