1. Which of the following would lead to a Privacy Breach?

Both a and b above

2. As per Data Privacy principles, it is always advisable to

Send password protected files to customers

Lock your computer when not in use

3. Would sharing of customer personal information, after termination of the relationship amount to
breach in privacy.

Yes

4. Data privacy is protection of following under the possession of the organization

Customer Data

Employee Data

Internal policies of the bank

5. Which of the following actions would ensure that privacy of customer data would be maintained?

Shred confidential customer data if not required

Keeping any confidential and sensitive data under lock and key

6. An employee having an access to finacle receives a call from his friend enquiring about a transaction
in his account. What should be done in such a scenario

Direct him to the phone banking team as the process of customer identification is a pre-requisite.

7. Privacy principles can be applied only to individual customers.

No, its applicable to individual customers and corporate customers, but it is more relevant in the case of
individual customers

8. An employee in his individual capacity keeps a database of his friend and relatives including their
name, address and date of birth on his office PC. In case of loss of data who can be held responsible

Employee himself

9. Customers data acquired by the bank should be

Shared with only those employees who need it as a part of their job
10. Which of the following would lead to a Privacy Breach?

Compromise of customer age, gender and address

Compromise of Bank account name, gender and Date of Birth

11. While accepting customer`s application and other service requests, one should make sure that

Handwriting is readable

Manadatory fields are completed

All necessary documents are obtained

12. An employee of the Group Company seeks details of the bank customers, to cross sell their products.
What should one do, in such a situation

Share the details of only those members who have opted for cross sell.

13. Sharing which of the following customer document will lead to breach of Data Privacy

Copy of the Passport

Copy of the Driving License

Copy of the PAN Card

Copy of customer`s medical report

14. In case of corporate, any information that is not available in the public domain but is shared with the
ICICI Group will be treated on par with personal information.

True option

15. A customer has closed his relationship with the bank. In this case

The bank has to delete all the information pertaining to the customer (X)

16. A relationship manager (RM) meets the prospective customer for the sale of a product. During the
conversation, RM can give the following references

ALL

17. Privacy breach is an unauthorised access to, __________, __________ or ___________ of personal
information

Consent
Collection

Disclosure

18. What can be treated as personal information?

Any non identifiable information about an individual

Information of corporates which is not available in public domain

19. Think Privacy campaign has been launched to increase employee awareness on

Data Privacy

20. (Think) Privacy manual of the bank is based on the Privacy and Data Protection Act 2007.

There are no Privacy or Data protection Act enacted on our country. (X)

There is no Privacy or Data protection Act enacted in our country. But there are acts/regulations
enacted in other countries and the bank`s privacy manual has taken inputs from it

21. One can share his/her password with

None of the above

22. Can the performance related data of any employee be shared with other employees/outside parties.

No

23. Tax authorities demand for the personal details of the employees viz, the employee`s pay. In such a
scenario what should the employer do

Employer can share the details as he is under the legal obligation to do so.-----

24. A guardian approaches a bank for details of the minor. What should one do

Share the details after verifying the guardianship with banks records

25. Mr. X was carrying a laptop containing large amount of customer data for some official purpose. On
the way, the laptop was stolen. What could have prevented the loss of customer data.

Encryption of laptop

26. Which of the following is breach of Data Privacy?

Sharing customer data with friends

Sharing employee data with friends

Sharing customer data with family

Sharing employee data with family

27. Which of the following is personal data for corporate

Published Annual Report of the corporate

Internal credit rating assigned by the bank

Strategic decisions of corporate entities

Financial Projections made by the corporate entity

28. What should one do, if the customer data is left unattended on printers for a long period of time?

Try to identify the owner of the data and if ownership can`t be ascertained then destroy the data

29. Your activity involves processing of customer data and you are in an area having restricted access,
while leaving for lunch you must

Keep the documents in locked drawer

Lock your computer

30. A person approaches the branch and request for a bank statement of his friend. The branch official
should provide the statement only after verifying

Authorisation letter

ID card of the person who approached the bank

31. When can the disclosure be made without the consent of the customer

Under compulsion of law

To the regulatory authority

When it is in the public interest

32. Which of the following statements are correct

Lock your drawers and cabinets when not in use

Send customer details only through password protected files

33. Personal information is any identifiable information about ___________.

Both a and b above

34. Data Privacy is the responsibility of the ______________of the organisation.

Employees

35. Which of the following is not a form of Privacy

None of the above

36. Which of the following is a privacy breach

Affixing the list of telephone nos. of customers on soft board

Allowing tailgating in restricted access areas

37. A person approaches a branch seeking information pertaining to a certain account with a formal
request letter. The branch official should provide the information to the official id of the person, if he is

An official from FIU

An official from tax authority

38. Regulator has asked for a customer information. What would you do

Share the information after seeking approval from compliance

39. Once data is received by the bank, staff members as representatives of the bank can decide with
whom it can be shared at their discretion.

Staff members as representatives can act only on the customers/employees consent, bank`s policies and
on the prevailing laws and regulations

40. Which of the following is personal data for corporate

Published Annual Report of the corporate

Internal credit rating assigned by the bank

Strategic decisions of corporate entities

Financial Projections made by the corporate entity

41. Which of the following is a measure of Accuracy

ALL

42. At the day end, if you find your colleague has left the document containing customer/employee
personal data, what would you do?

Lock it in your drawer and sensitise him/her the next day

43. A relative of the customer approaches the branch for the account information of the customer.
What is the right method

Check the authorization letter, satisfy that it meets the bank`s policy requirement and share the
personal information

44. A customer has closed his relationship with the bank. In this case

The bank can keep the basic details as required by the regulator and maintain confidentiality

45. A well known film actor opens an account with the bank. The personnel processing the account
opening form and account opening cheque wishes to share the good news with someone. With whom
can he share these details

None of the above

46. Is it right to discuss customer related personal information in public areas like cafeteria, lifts, etc.

No

47. If you have to send personal data of customer through mail for official requirement, what needs to
be ensured

Send password protected files

48. Identify the purpose of collecting the information

At the time of collection

49. Loss of the customer`s PAN Card copy by the bank, leads to data privacy loss of

Both a and b above (X)

50. Improper handling of data can cause serious consequences to which of the following

All of the above

51. Does sharing an existing customer`s name and account balance with a prospective client amount to
breach of data privacy.

Yes

52. Following are the most common causes for Privacy Breach

ALL

53. In an organisation, Data Privacy is the responsibility of

Each employee
54. After the use of print outs containing customer/employee personal data what should one do

Shred the document

55. Customers data acquired by the bank should be

Shared with only those employees who need it as a part of their job

56. An official of the Financial Intelligence Unit has sought for the transaction details of some listed
customers, as they suspect some suspicion in the activities in these accounts. What should one do in
such situations

Provide the details at his official address after verifying the identity of the official

Obtain prior consent from the customer before sharing such details

57. Bank makes a service call to the customer. But, the customer was not available on the call. It was
answered by his wife. Wife is not a joint account holder. Wife desires to know the account balance of
the customer. What should be done in such a scenario

Inform the person who attended the call that since she is not the joint account holder details could not
be shared with her

58. Identify the purpose of collecting the information

ALL

59. Mr. X an employee of the bank meets the client and collects the customer details. After his dealing
with the client, he would be proceeding on leave from the next day. What should Mr. X do

Go to office and submit the documents to the appropriate authority before proceeding on leave

60.