Which of the following actions would ensure that privacy of customer data would be maintained? Shred confidential customer data if not required Keeping PC or laptop unlocked Keeping any confidential and sensitive data under lock and key All of the above At the day end, if you find your colleague has left the document containing customer/employee personal data, what would you do? pod4da4 © Leave the documents as it is © Inform the colleague the next day Lock it in your drawer and sensitise him/her the next day © Shred it 3, Improper handling of data can cause serious consequences to which of the following: Organisation ‘Customer Staff © Allof the above 4. A bank sends out annual statements through post to its customers detailing transactions on their deposit accounts during the previous year. The bank wishes to print the below on the envelope. Out of the below mentioned what can be printed on the envelope: 900 % Name F Account number % Address Date of Birth 5. A guardian approaches a bank for details of the minor. What should one do © Deny the request © Share the details directly @ Share the details after verifying the guardianship with banks records © Share the details after verifying the power of attorney given by the minor6. Mr, X an employee of the bank meets the client and collects the customer details. After hi dealing with the client, he would be proceeding on leave from the next day. What should Mr. X do: © Keep the document with himself Submit the documents after his return from the leave. Go to office and submit the documents to the appropriate authority before proceeding on leave Hand it over to his colleague to deposit in office 7. Can the performance related data of any employee be shared with other employees/outside parti 8, Mr, X was carrying a laptop containing large amount of customer data for some official purpose. On the way, the laptop was stolen. What could have prevented the loss of customer data. © Encryption of laptop © Not carrying the laptop with him © Insuring the laptop 8. An official of the Financial Intelligence Unit has sought for the transaction details of some listed customers, as they suspect some suspicion in the activities in these accounts. What should one do in such situations: ™ Provide the details at his official address after verifying the identity of the official Obtain prior consent from the customer before sharing such details [Deny the official the desired details % — Obtain concurrence from the concerned team before sharing the details 10. An employee of the Group Company seeks details of the bank customers, to oross sell their products. What should one do, in such a situation: | Share the customer details with the staff of the Group Company as the details are getting shared within the Group itself. © Deny sharing of the customer details with the staff of Group Company © Share the details of only those members who have opted for cross sell.11, Bank makes a service call to the customer. But, the customer was not available on the call. It was answered by his wife. Wife is not a joint account holder. Wife desires to know the account balance of the customer. What should be done in such a scenario: © Deny the request plainly | Inform the person who attended the call that since she is not the joint account holder details could not be shared with her. © | Accept the request on the basis of relationship and share the details with her. 12. Data privacy is protection of following under the possession of the organisation Customer Data Employee Data [Internal policies of the bank 13, An employee having an access to finacle receives a call from his friend enquiring about a transaction in his account. What should be done in such a scenario; © | Provide the details as he is a friend © | Turn down the request @ | Direct him to the phone banking team as the process of customer identification is a pre- requisite, 14, An employer is investigating allegations of harassment against one of its employees. The employee in question emails the HR department demanding that the investigation be discontinued and that any notes about it may be destroyed as he appeals that the allegation is untrue. In such a situation what should be done to keep the data accurate, As requested by employee, delete the records of investigation from the employee file Retain the record of investigation Retain the record of investigation and add a note to the file recording the employee’s insistence that allegations are untrue. @ O00 © Deny the employees request 15. Data Privacy is the responsibility of the of the organisation. © Customers © | Employees © | Competitors16. If you have to send personal data of customer through mail for official requirement, what needs to be ensured: ® Send password protected files © State the customer identification details in the subject heading © State the password in the body of the mail 17. Does sharing an existing customer's name and account balance with a prospective client amount to breach of data privacy. @ | Yes © No 18. One can share his/her password with: © Colleagues © superiors © I Team © None of the above 19, An employee in his individual capacity keeps a database of his friend and relatives including their name, address and date of birth on his office PC, In case of loss of data who can be held responsible © Employee hims © — Organisation © Botha & b above 20. An individual approaches the branch, praises the branch manager and staff for the manner in which the customers are treated. He shares an account number of his friend with the staff and demands an account statement from him. What should the branch staff do in such a situation: © Should share the details if the staff knows the individual personally © Should never share the details @ — Should share the details only if he provides a proper authorisation letter from the customer21, A well known film actor opens an account with the bank. The personnel processing the account opening form and account opening cheque wishes to share the good news with someone. With whom can he share these details: © Friends © Relatives © Colleagues from other department @ None of the above 22. Which of the following is personal data for corporates Published Annual Report of the corporate a — Intemal credit rating assigned by the bank Strategic decisions of corporate entities Financial Projections made by the corporate entity 23. Which of the following is not a Personal Data © Name and Address © Bank Account Number o Date of Birth @ None of the above 24, Tax authorities demand for the personal details of the employees viz, the employee's pay. In such a scenario what should the employer do: © — Obtain employee consent before sharing the details © Employer should not provide the details to anyone except the employee. © Employer can share the details as he is under the legal obligation to do so. 25. A relationship manager (RM) meets the prospective customer for the sale of a product. During the conversation, RM can give the following references: % The performance of the product Reference of another customer who has purchased the product % At best the total number of customers who have purchased the product 7 All of the above26. A customer has closed his relationship with the bank. In this case The bank has to delete all the information pertaining to the customer The bank can keep the entire details of the customer and can share it with others s required by the regulator and ma oS 7 © The bank can keep the basie detail ntain confidentiality 6 The bank can keep the basic details as required by the regulator and share it with others 27. A person approaches the branch and request for a bank statement of his friend. The branch official should provide the statement only after verifying: Authorisation letter 1D card of the person who approached the bank [Address proof TF Allofthe above 28. A person approaches a branch seeking information pertaining to a certain ac formal request letter. The branch official should provide the information to the official id of the person, if he is: unt with a An official from FIU % An official from tax authority The customers neighbour I The customers office colleague 29, Which of the following statements are correct © Share customer details with your colleagues Lock your drawers and cabinets when not in use Send customer details only through password protected files I Keep customer details on soft board 30, Identify the purpose of collecting the information Atthe time of collection ™ Before the collection F After the collection31. When can the disclosure be made without the consent of the customer Under compulsion of law T To the Group company % To the regulatory authority When itis in the public interest 32. Personal information is any identifiable information about © Customers © Employees ® Botha & b above 33. Which of the following is not a form of Privacy © Data Privacy © Physical Privacy © | Communication Privacy © None of the above 34, Following are the most common causes for Privacy Breach: Data Stolen Faulty business procedure Data Lost aaad Mistakenly disclosed information 35. While accepting customer's application and other service requests, one should make sure that: Handwriting is readable ¥ Manadatory fields are completed ¥ All necessary documents are obtained [None of the above36. Regulator has asked for a customer information. What would you do: © Deny the request © Share the information directly @ Share the information after seeking approval from compliance Share the information after seeking approval from the customer 37. Mr. Raj, a customer of the bank had defaulted in payment of his credit eard dues. He was not available on any of his contacts. The bank appointed an agency to identify Mr. Raj a customer of the bank. Finally the ageney was successful in identifying the customer. During the process, the agency obtained the personal details of 300 odd people. What should the agency do with the excess information of 300 people: © Destroy the excessive information © Retain the information © | Use this information for the purpose of selling products 38, Loss of the customer’s PAN Card copy by the bank, leads to data privacy loss of: © The Bank © The Customer © Botha & b above 39.A fellow employee calls up the phone banking or visits the branch mentioning that his colleague has met up with an accident, He shares the account number, the office address and employee ID of the vietim and seeks details on the account balance. What should the staff d © Deny the request © Share the details 40. Which of the following is a measure of Accuracy Cautious while entering/amending customer's/employees information in the system Cautious while adding any additional notes in customer's/employee fil ‘ary v © Not keeping it longer than neces Ensuring that the handwriting is readable while accepting the forms41, Which of these is a Privacy Principle % Accountability * Accuracy Consent © Limiting Retention 42. Think Privacy is a rigid customer/employee data protection standards which gives no option of sharing the data to anyone other than the customer/employee himself/herself. © Yes itis correct Yes it is correct, but it is only for customer's benefit No it is incorrect. Think privacy, is a principle based data protection standards which allow © sharing of data to third parties as per customer/employee autorisation and to the extent that, Jaw permits There is no connect between Think Privacy initiative of the bank and data protection standards 43, Once data is received by the bank, staff members as representatives of the bank can decide with whom it can be shared at their diseretion. No staff members as representatives of the bank do not have any choice es © Staff members as representatives can act purely on their superiors advise c employes Staff members as representatives can act purely on the custom consent Staff members as representatives can act only on the customers/employees consent, bank's policies and on the prevailing laws and regulations 44, Does KYC regulations provide unlimited rights to Banks to seek information about the customer to know more and more about the customer and privacy principles contradict this freedom, ° Yes know your customer regulations expect banks to know about the customer from all perspectives ¢__ Know your customer regulations have its own boundaries in seeking information from the customer viz, customer identity and customer address Know your customer regulations have its own boundaries in seeking information from the customer viz. customer identity and customer address. There is no contradiction with privacy principles but complements by stating that the information sought should be relevant and appropriate to the product or service provided. © Absolutely right! There is clear contradiction.45, Which of the following would lead to a Privacy Breach? © Compromise of customer name & gender © Compromise of Customer name, gender & Date of Birth © Botha & b above 46. Privacy principles can be applied only to individual customers. © Yes, it ean only be applied to individual customers © No, itean only be applied corporate customers « No, its applicable to individual customers and corporate customers, but it is more relevant in the case of individual customers © No, itis appl 47. (Think) Privacy manual of the bank is based on the Privacy and Data Protection Act 2007. able to individual and corporate customers alike. © Itis correct © There are no Privacy or Data protection Act enacted on our country. There is no Privacy or Data protection Act enacted in our country. But there are acts/regulations enacted in other countries and the bank’s privacy manual has taken inputs from it _ Itis correct and in addition the bank’s privacy manual has taken inputs from acts/regulations enacted in other countries, as well 48, What can be treated as personal information? [Any non identifiable information about an individual % Any identifiable information about an individual Information of corporates which is not available in public domain [Information of corporates whieh is available in public domain 49. What should one do, if the customer data left unattended on printers for a long period of time? © Destroy the data © Keep it with himself ce Try to identify the owner of the data and if ownership can’t be ascertained then destroy the data © Place the data on the common notice board so that, the owner can come and collect it50. Privacy breaeh is an unauthorised access to, : or of personal information ¥ Use % Consent Collection Disclosure FP Prudence 51, The organization has taken the customer details for the purpose of account opening and the jomer has not opted for cross selling. In such a scenario what can one do with the data: Use it for the purpose for which it is aequired [Give it to your group company so that they can give some good offers to the customer ¥ Do not give it to Group companies [Use the data to sell insurance product to the customer 52. Think Privacy campaign has been launched to increase employee awareness on © Data Privacy © Customer service © Banking Law © Fraud 53. Which of the following is breach of Data Privacy? Sharing the customer's account details with friends [Sharing copy of the corporate customer's published annual report with friends Leaving confidential details of customers in unlocked drawers _ Affixing customer's basic details on the soft board. 54. Is it right to discus areas like cafeteria, lifts, ete, stomer related personal information in pul © Yes © No55. Which of the following is breach of Data Privacy Sharing customer data with friends ¥ Sharing employee data with friends ring customer data with family ¥ Sharing employee data with family 56. Which of the following would lead to a Privacy Breach? Compromise of customer age, gender & address Compromise of Customer name, gender & Date of Birth Compromise of Name alone 57. In an organisation, Data Privacy is the responsibility of © Compliance Team © Department Head @ Each employee © Customers 58, Which of the following is a privacy breach _Affixing the list of telephone nos. of customers on soft board 7 Allowing tailgating in restricted access areas 1 Sharing the details of loan defaulters with loan recovery agency T Authorised access to or collection, use or disclosure of eustomers personal information 59. Your activity involves processing of customer data and you are in an area having restricted access, while leaving for hunch you must Leave the documents on your table © Keep the documents in unlocked drawers Keep the documents in locked drawer w Lock your computer60, Customers data acquired by the bank should be © Shared only with all the employees © Shared with all the employees as well as outsourced personnel @ Shared with only those employees who need it as a part of their job © None of the above 61. haring which of the following customer document will lead to breach of Data Privacy Copy of the Passport % Copy of the Driving License Copy of the PAN Card Copy of customer's medical report 62, What out of the following is not a privacy breach © Sharing copy of the passport of existing customer © Sharing copy of the passport of customers who have terminated the relationship © Discuss personal information of existing customers in public areas like café, Discuss personal information of customers who have terminated their relationship in public areas like café. © None of the above 63, A bank records information about some individuals who are shareholders of its corporate account holders, It collects and hold such information to comply with the duties of anti-money laundering regulations. Can the bank send marketing material to the individuals concerned inviting them to open personal accounts with the bank. © |¥es & |No 64. An employer receives several applications for a job vacancy. The employer is successful in recruiting the desired staff for the vacant positions. The organization holds the personal data/bio- data of unsuccessful applicants beyond a reasonable period. Is it right to hold such information. © Right @ | Wrong65, Bank is unable to locate its customer who has stopped making loan repayments. The customer has shifted his residence without notifying the bank of the new address. The bank engages a debt collection ageney to find the customer and seek repayment of debt. In this scenario, what can the bank do to share the details with the agency: © Can share the personal details of the customer after obtaining customer's consent © Can share the personal details of the customer after obtaining consent from the regulator © Can share the personal details of the customer without obtaining the consent of the customer a Cannot share the customer's personal details to the agency under any circumstances 66, In case of corporate, any information that is not available in the public domain but is shared with the ICICI Group will be treated on par with personal information © |True © | False 67. As per Data Privacy principles, it is always advisable to: Send emails that contain personal data in the subject heading Send password protected files to customers 1 Share the customer details with friends Lock your computer when not in use 68, Would sharing of customer personal information, after termination of the relationship amount to breach in privacy. © |Ves © |No 68. A relative ofthe customer approaches the branch for the account information of the customer. What is the right method © | To deny the relative of the customer the information © | Check the authorization letter and share the personal information @ | Chock the authorization letter, satisfy that it meets the bank's policy requirement and share the personal information 70. After the use of print outs containing customer/employee personal data what should one do © Throw it in the wastebin @ Shred the document © | Retain the paper to use the other side for reprinting