Scribd
Upload
96 views3 pages

ITE4103 Tutorial06 Privacy

This tutorial focuses on data protection and privacy, highlighting the importance of ethical and legal standards for IT professionals. It includes true/false questions, multiple-choice questions, and long-answer questions related to the Personal Data (Privacy) Ordinance and responsibilities of data users. Students are expected to understand data privacy issues and how to comply with relevant principles when handling personal data.

Uploaded by

khkoo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
96 views3 pages

ITE4103 Tutorial06 Privacy

This tutorial focuses on data protection and privacy, highlighting the importance of ethical and legal standards for IT professionals. It includes true/false questions, multiple-choice questions, and long-answer questions related to the Personal Data (Privacy) Ordinance and responsibilities of data users. Students are expected to understand data privacy issues and how to comply with relevant principles when handling personal data.

Uploaded by

khkoo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

ITE4103 IT Professionalism Tutorial 6

HONG KONG INSTITUTE OF VOCATIONAL EDUCATION


Tutorial 6: Data Protection and Privacy Koo Kwok Ho (210336497)
/ 40
Module Intended Learning Outcome (#2):
On completion of the module, students are expected to be able to:
 exercise appropriate judgments as IT practitioners according to the codes of conduct of leading professional bodies of related disciplines in
various ethical and legal aspects related to IT professions
Lesson Intended Learning Outcome:
On completion of this tutorial, students are expected to be able to understand:
 Data protection and privacy issues
Section A: True and False (enter T/F in brackets) (6 marks)
(F) 1 Cyber stalking is a serious computer crime as people are hurt directly.
(T 2 The first step of cyber-stalking usually involve data-gathering by using some kinds of PIT
)
( F ) 3 Under UEMO, there are four Do-Not-Call registers.
( F) 4 Misuse of privacy only involves violation of confidentiality of information
(T 5 Most Cookies used by browsers contains non-personal data, thus not a threat to privacy
)
( F ) 6 In PDPO context, IT Professional is usually the data user, and his clients are known as data object.

Section B: Multiple Choice Questions (20 marks)


(1) Which is not a common technology in privacy invasion for location tracking?
(a) GPS
(b) NFC
(c) Smart Card
(d) Road Tagging
(e) All above are common PITs
(2) Which is not a Do-not-call registers operated by OFCA?
(a) Fax Register
(b) Email Register
(c) Short Messages Register
(d) Telephone Register
(3) Suppose you want to do an on-line survey about secondary students’ online computer game playing habit. You should
not ask for the name of the school from which the student is studying, or it may violate a principle under the Personal
Data (Privacy) Ordinance. Which Principle below will it violate?
(a) Principle 1: Information collected should be adequate but not excessive.
(b) Principle 2: Information should be kept for a reasonable period of time.
(c) Principle 3: Information collected should be used for the purpose it is intended.
(d) Principle 4: Information should be safely kept.
(e) None of (a), (b), (c) or (d).
(4) The mandate(s) of The Office of the Privacy Commissioner for Personal Data is (are):
(a) To enforce the Personal Data (Privacy) Ordinance.
(b) Educate the public about personal data privacy.
(c) To moderate any dispute regarding personal data privacy between two parties.
(d) All of (a), (b) and (c).
(e) None of (a), (b) or (c).
(5) When we collect personal data from a user on the Internet, it should be done in a legal and fair manner. It means:
(a) We should not mislead or cheat the information from the user.
(b) We must tell the user who we are.
(c) We must tell the user what purpose the collected data will be used for.
(d) All of (a), (b) and (c).
(e) None of (a), (b) or (c).
(6) When a company advertises a job vacancy for people to apply, the name of the company must be known to let the
applicants. This is an example to demonstrate the Principle about:
(a) Security.
(b) Use.
(c) Fairness.
(d) Competent.

©VTC 2018 Page 1 of 3


ITE4103 IT Professionalism Tutorial 6

(7) After collecting data from the data subject, the data should not be kept longer than necessary by the data user. The
maximum length of time one should keep the data:
(a) 6 months.
(b) 1 year.
(c) 2 years.
(d) Same as required by the tax law.
(e) None of the above

(8) Suppose that I conduct a lucky draw on the Internet for prizes and participants have to fill in their names and
addresses. After the winners are drawn and prizes given out, can I use the information to send out my product
promotion material to all the participants?
(a) Yes, I can use it.
(b) Yes, I can use it if I tell the participants before they enter the draw and get their consent.
(c) No, I cannot do that because it will violate Principle 3 of the PDPO.
(d) No, I cannot do that because it will violate Principle 4 of the PDPO.

(9) I am a system administrator and I am responsible for the users’ personal data. This includes:
(a) The security of its storage from not being stolen or illegally duplicated.
(b) The safety of the data from physical damage, e.g. water, fire or typhoon.
(c) The safety of data is out of my system at that time.
(d) Both (a), (b) and (c).
(e) None of above.
(10) Principle 4 deals with the security of the personal data collected. This includes which one below?
(a) The data is not duplicated without authorization.
(b) The data is not changed without authorization.
(c) The data is not read without authorization.
(d) All of (a), (b) and (c)
(e) None of (a), (b) or (c).

Q 1 2 3 4 5 6 7 8 9 10
Ans e b a d d c e b d d

Section C: Long Question (14 marks)


1. a) You are the system administrator of an online IT system. One user sends you an email to request the details of his
or her personal information stored in your system. Assume you had authenticated the user’s identity, what you
should do to comply with Principle 6 of Personal Data (privacy) Ordinance? (4 marks)
1. Confirm Data Holdings: First, ascertain whether your system holds personal data
about the requesting individual. Principle 6 ensures the individual's right to know about
the personal data you have on them.

2. Provide Access: If your system does hold their personal data, you must provide the
individual access to this data. This involves sharing the personal information you have
stored about them, in a format that is understandable and accessible.

3. Correction Requests: Should there be any inaccuracies in the personal data you've
provided, the individual has the right to request corrections. You are required to make
these corrections to ensure the data is accurate and up-to-date, reflecting the true and
current state of the individual's personal information.

4. Handle Requests Promptly: The ordinance requires that these requests for access or
correction are handled within a reasonable timeframe. Ensure your processes are
efficient to meet this requirement.

©VTC 2018 Page 2 of 3


ITE4103 IT Professionalism Tutorial 6

5. Ensure Security: While processing these requests, maintain the security and
confidentiality of the individual's personal data. Any access or correction process must
not compromise the data's security.

6. Communicate Clearly: Inform the individual about the outcome of their request,
including any corrections made or reasons if a request cannot be fulfilled.

7. Document Compliance: Keep records of the request and your response to demonstrate
compliance with the PDPO.

b) After checking his/her information. The user discovers there are errors in his telephone number and photo. What
you should do to comply with the principle of Personal Data (privacy) Ordinance? (4 marks)
By complying the principle of Personal Data (privacy) Ordinance and according
to
Principle 6, I should correct the telephone number and the photo immediately,
otherwise I should stop using it if it cannot be corrected.
c) You want to employ an assistant system administrator to help you. But you are worry about the security of the user
data. List THREE requirements/capabilities for your assistant. (6 marks)
Under the Principle 4 of the PDPO, I (i.e. data user) am responsible for the security of
the data. The people that handle the data should be a person with
1. competence (with knowledge and skill to handle the tasks)
2. integrity (keep confidentiality of user data)
3. prudence (follow the security policy of the company with care)
- end -

©VTC 2018 Page 3 of 3

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy