Besides the Personal Data Protection Act (PDPA), which of the following is a potential source of privacy protection for Singapore citizens?
In Hong Kong, which of the following are exempt from personal data access requests until after the project to which the data is related has been concluded?
Under the General Data Protection Regulation (GDPR), European Union member states may be allowed to transfer personal data to the United States in some cases.
Which of the following could NOT be used as a legitimate means of doing this?
Which provision of Hong Kong's Personal Data (Privacy) Ordinance (PDPO) strengthens the purpose limitation principle (DPP3)?
SCENARIO -- Please use the following to answer the next QUESTION:
B-Star Limited is a Singapore based construction company with many foreign construction workers. B-Star's HR team maintains two databases. One (the "simple database") contains basic details from a standard in- processing form such as name, local address and mobile number. The other database (the "sensitive database") contains information collected by the HR Department as part of Annual Review Interviews. With the workers' cooperation, this database has expanded to include far-reaching sensitive information such as medical history, religious beliefs, ethnicity and educational levels of immediate family members. Carl left B- Star's employment yesterday, and has flown back home, rendering him unreachable. Today B-Star, without Carl's consent, wants to conduct research using Carl's medical records in the sensitive database.
Can B-Star legally conduct this research using Carl's medical data?
