1.

Which of the following actions would ensure that privacy of customer data would be
maintained?
Shred confidential customer data if not required
Keeping PC or laptop unlocked
Keeping any confidential and sensitive data under lock and key
All of the above
2. At the day end, if you find your colleague has left the document containing
customer/employee personal data, what would you do?
Leave the documents as it is
Inform the colleague the next day
Lock it in your drawer and sensitise him/her the next day
Shred it
3. Improper handling of data can cause serious consequences to which of the following:

Organisation
Customer
Staff
All of the above
4. A bank sends out annual statements through post to its customers detailing transactions on
their deposit accounts during the previous year. The bank wishes to print the below on the
envelope. Out of the below mentioned what can be printed on the envelope:

Name
Account number
Address
Date of Birth
5. A guardian approaches a bank for details of the minor. What should one do

Deny the request

Share the details directly
Share the details after verifying the guardianship with banks records
Share the details after verifying the power of attorney given by the minor
6. Mr. X an employee of the bank meets the client and collects the customer details. After his
dealing with the client, he would be proceeding on leave from the next day. What should Mr. X
do:

Keep the document with himself

Submit the documents after his return from the leave.
Go to office and submit the documents to the appropriate authority before proceeding on
leave
Hand it over to his colleague to deposit in office
7. Can the performance related data of any employee be shared with other employees/outside
parties.

Yes
No
8. Mr. X was carrying a laptop containing large amount of customer data for some official
purpose. On the way, the laptop was stolen. What could have prevented the loss of customer
data.

Encryption of laptop
Not carrying the laptop with him
Insuring the laptop
9. An official of the Financial Intelligence Unit has sought for the transaction details of some
listed customers, as they suspect some suspicion in the activities in these accounts. What should
one do in such situations:

Provide the details at his official address after verifying the identity of the official
Obtain prior consent from the customer before sharing such details
Deny the official the desired details
Obtain concurrence from the concerned team before sharing the details
10. An employee of the Group Company seeks details of the bank customers, to cross sell their
products. What should one do, in such a situation:

Share the customer details with the staff of the Group Company as the details are getting
shared within the Group itself.
Deny sharing of the customer details with the staff of Group Company
Share the details of only those members who have opted for cross sell.
11. Bank makes a service call to the customer. But, the customer was not available on the call. It
was answered by his wife. Wife is not a joint account holder. Wife desires to know the account
balance of the customer. What should be done in such a scenario:

Deny the request plainly

Inform the person who attended the call that since she is not the joint account holder details
could not be shared with her.
Accept the request on the basis of relationship and share the details with her.
12. Data privacy is protection of following under the possession of the organisation

Customer Data
Employee Data
Internal policies of the bank
13. An employee having an access to finacle receives a call from his friend enquiring about a
transaction in his account. What should be done in such a scenario:

Provide the details as he is a friend

Turn down the request
Direct him to the phone banking team as the process of customer identification is a pre-
requisite.
14. An employer is investigating allegations of harassment against one of its employees. The
employee in question emails the HR department demanding that the investigation be
discontinued and that any notes about it may be destroyed as he appeals that the allegation is
untrue. In such a situation what should be done to keep the data accurate.

As requested by employee, delete the records of investigation from the employee file
Retain the record of investigation
Retain the record of investigation and add a note to the file recording the employee’s
insistence that allegations are untrue.
Deny the employees request
15. Data Privacy is the responsibility of the ______________of the organisation.

Customers
Employees
Competitors
16. If you have to send personal data of customer through mail for official requirement, what
needs to be ensured:

Send password protected files

State the customer identification details in the subject heading
State the password in the body of the mail
17. Does sharing an existing customer’s name and account balance with a prospective client
amount to breach of data privacy.

Yes
No
18. One can share his/her password with:

Colleagues
Superiors
IT Team
None of the above
19. An employee in his individual capacity keeps a database of his friend and relatives including
their name, address and date of birth on his office PC. In case of loss of data who can be held
responsible:

Employee himself
Organisation
Both a & b above
20. An individual approaches the branch, praises the branch manager and staff for the manner in
which the customers are treated. He shares an account number of his friend with the staff and
demands an account statement from him. What should the branch staff do in such a situation:

Should share the details if the staff knows the individual personally
Should never share the details
Should share the details only if he provides a proper authorisation letter from the customer
21. A well known film actor opens an account with the bank. The personnel processing the
account opening form and account opening cheque wishes to share the good news with someone.
With whom can he share these details:

Friends
Relatives
Colleagues from other department
None of the above
22. Which of the following is personal data for corporates

Published Annual Report of the corporate

Internal credit rating assigned by the bank
Strategic decisions of corporate entities
Financial Projections made by the corporate entity
23. Which of the following is not a Personal Data

Name and Address

Bank Account Number
Date of Birth
None of the above
24. Tax authorities demand for the personal details of the employees viz, the employee’s pay. In
such a scenario what should the employer do:

Obtain employee consent before sharing the details

Employer should not provide the details to anyone except the employee.
Employer can share the details as he is under the legal obligation to do so.
25. A relationship manager (RM) meets the prospective customer for the sale of a product.
During the conversation, RM can give the following references:

The performance of the product

Reference of another customer who has purchased the product
At best the total number of customers who have purchased the product
All of the above
26. A customer has closed his relationship with the bank. In this case

The bank has to delete all the information pertaining to the customer
The bank can keep the entire details of the customer and can share it with others
The bank can keep the basic details as required by the regulator and maintain confidentiality
The bank can keep the basic details as required by the regulator and share it with others
27. A person approaches the branch and request for a bank statement of his friend. The branch
official should provide the statement only after verifying:

Authorisation letter
ID card of the person who approached the bank
Address proof
All of the above
28. A person approaches a branch seeking information pertaining to a certain account with a
formal request letter. The branch official should provide the information to the official id of the
person, if he is:

An official from FIU

An official from tax authority
The customers neighbour
The customers office colleague
29. Which of the following statements are correct

Share customer details with your colleagues

Lock your drawers and cabinets when not in use
Send customer details only through password protected files
Keep customer details on soft board
30. Identify the purpose of collecting the information

At the time of collection

Before the collection
After the collection
31. When can the disclosure be made without the consent of the customer

Under compulsion of law

To the Group company
To the regulatory authority
When it is in the public interest
32. Personal information is any identifiable information about ___________.

Customers
Employees
Both a & b above
33. Which of the following is not a form of Privacy

Data Privacy
Physical Privacy
Communication Privacy
None of the above
34. Following are the most common causes for Privacy Breach:

Data Stolen
Faulty business procedure
Data Lost
Mistakenly disclosed information
35. While accepting customer's application and other service requests, one should make sure that:

Handwriting is readable
Manadatory fields are completed
All necessary documents are obtained
None of the above
36. Regulator has asked for a customer information. What would you do:

Deny the request

Share the information directly
Share the information after seeking approval from compliance
Share the information after seeking approval from the customer
37. Mr. Raj, a customer of the bank had defaulted in payment of his credit card dues. He was not
available on any of his contacts. The bank appointed an agency to identify Mr. Raj a customer of
the bank. Finally the agency was successful in identifying the customer. During the process, the
agency obtained the personal details of 300 odd people. What should the agency do with the
excess information of 300 people:

Destroy the excessive information

Retain the information
Use this information for the purpose of selling products
38. Loss of the customer’s PAN Card copy by the bank, leads to data privacy loss of:

The Bank
The Customer
Both a & b above
39.A fellow employee calls up the phone banking or visits the branch mentioning that his
colleague has met up with an accident. He shares the account number, the office address and
employee ID of the victim and seeks details on the account balance. What should the staff do:

Deny the request

Share the details
40. Which of the following is a measure of Accuracy

Cautious while entering/amending customer's/employees information in the system

Cautious while adding any additional notes in customer's/employee files.
Not keeping it longer than necessary
Ensuring that the handwriting is readable while accepting the forms
41. Which of these is a Privacy Principle

Accountability
Accuracy
Consent
Limiting Retention
42. Think Privacy is a rigid customer/employee data protection standards which gives no option
of sharing the data to anyone other than the customer/employee himself/herself.

Yes it is correct
Yes it is correct, but it is only for customer’s benefit
No it is incorrect. Think privacy, is a principle based data protection standards which allow
sharing of data to third parties as per customer/employee autorisation and to the extent that
law permits.
There is no connect between Think Privacy initiative of the bank and data protection
standards
43. Once data is received by the bank, staff members as representatives of the bank can decide
with whom it can be shared at their discretion.

No staff members as representatives of the bank do not have any choice

Staff members as representatives can act purely on their superiors advise
Staff members as representatives can act purely on the customers/employees consent
Staff members as representatives can act only on the customers/employees consent, bank’s
policies and on the prevailing laws and regulations
44. Does KYC regulations provide unlimited rights to Banks to seek information about the
customer to know more and more about the customer and privacy principles contradict this
freedom.

Yes know your customer regulations expect banks to know about the customer from all
perspectives
Know your customer regulations have its own boundaries in seeking information from the
customer viz. customer identity and customer address
Know your customer regulations have its own boundaries in seeking information from the
customer viz. customer identity and customer address. There is no contradiction with
privacy principles but complements by stating that the information sought should be
relevant and appropriate to the product or service provided.
Absolutely right! There is clear contradiction.
45. Which of the following would lead to a Privacy Breach?

Compromise of customer name & gender

Compromise of Customer name, gender & Date of Birth
Both a & b above
46. Privacy principles can be applied only to individual customers.

Yes, it can only be applied to individual customers

No, it can only be applied corporate customers
No, its applicable to individual customers and corporate customers, but it is more relevant in
the case of individual customers
No, it is applicable to individual and corporate customers alike.
47. (Think) Privacy manual of the bank is based on the Privacy and Data Protection Act 2007.

It is correct
There are no Privacy or Data protection Act enacted on our country.
There is no Privacy or Data protection Act enacted in our country. But there are
acts/regulations enacted in other countries and the bank’s privacy manual has taken inputs
from it
It is correct and in addition the bank’s privacy manual has taken inputs from acts/regulations
enacted in other countries, as well.
48. What can be treated as personal information?

Any non identifiable information about an individual

Any identifiable information about an individual
Information of corporates which is not available in public domain
Information of corporates which is available in public domain
49. What should one do, if the customer data is left unattended on printers for a long period of
time?

Destroy the data

Keep it with himself
Try to identify the owner of the data and if ownership can't be ascertained then destroy the
data
Place the data on the common notice board so that, the owner can come and collect it
50. Privacy breach is an unauthorised access to, __________, __________ or ___________ of
personal information

Use
Consent
Collection
Disclosure
Prudence
51. The organization has taken the customer details for the purpose of account opening and the
customer has not opted for cross selling. In such a scenario what can one do with the data:

Use it for the purpose for which it is acquired

Give it to your group company so that they can give some good offers to the customer
Do not give it to Group companies
Use the data to sell insurance product to the customer
52. Think Privacy campaign has been launched to increase employee awareness on

Data Privacy
Customer service
Banking Law
Fraud
53. Which of the following is breach of Data Privacy?

Sharing the customer's account details with friends

Sharing copy of the corporate customer's published annual report with friends
Leaving confidential details of customers in unlocked drawers
Affixing customer's basic details on the soft board.
54. Is it right to discuss customer related personal information in public areas like cafeteria, lifts,
etc.

Yes
No
55. Which of the following is breach of Data Privacy?

Sharing customer data with friends

Sharing employee data with friends
Sharing customer data with family
Sharing employee data with family
56. Which of the following would lead to a Privacy Breach?

Compromise of customer age, gender & address

Compromise of Customer name, gender & Date of Birth
Compromise of Name alone
57. In an organisation, Data Privacy is the responsibility of

Compliance Team
Department Head
Each employee
Customers
58. Which of the following is a privacy breach

Affixing the list of telephone nos. of customers on soft board

Allowing tailgating in restricted access areas
Sharing the details of loan defaulters with loan recovery agency
Authorised access to or collection, use or disclosure of customers personal information
59. Your activity involves processing of customer data and you are in an area having restricted
access, while leaving for lunch you must

Leave the documents on your table

Keep the documents in unlocked drawers
Keep the documents in locked drawer
Lock your computer
60. Customers data acquired by the bank should be

Shared only with all the employees

Shared with all the employees as well as outsourced personnel
Shared with only those employees who need it as a part of their job
None of the above
61. haring which of the following customer document will lead to breach of Data Privacy

Copy of the Passport

Copy of the Driving License
Copy of the PAN Card
Copy of customer's medical report
62. What out of the following is not a privacy breach

Sharing copy of the passport of existing customer

Sharing copy of the passport of customers who have terminated the relationship
Discuss personal information of existing customers in public areas like café.
Discuss personal information of customers who have terminated their relationship in public
areas like café.
None of the above
63. A bank records information about some individuals who are shareholders of its corporate
account holders. It collects and hold such information to comply with the duties of anti-money
laundering regulations. Can the bank send marketing material to the individuals concerned
inviting them to open personal accounts with the bank.

Yes
No
64. An employer receives several applications for a job vacancy. The employer is successful in
recruiting the desired staff for the vacant positions. The organization holds the personal data/bio-
data of unsuccessful applicants beyond a reasonable period. Is it right to hold such information.

Right
Wrong
65. Bank is unable to locate its customer who has stopped making loan repayments. The
customer has shifted his residence without notifying the bank of the new address. The bank
engages a debt collection agency to find the customer and seek repayment of debt. In this
scenario, what can the bank do to share the details with the agency:

Can share the personal details of the customer after obtaining customer's consent
Can share the personal details of the customer after obtaining consent from the regulator
Can share the personal details of the customer without obtaining the consent of the customer
Cannot share the customer's personal details to the agency under any circumstances
66. In case of corporate, any information that is not available in the public domain but is shared
with the ICICI Group will be treated on par with personal information.

True
False
67. As per Data Privacy principles, it is always advisable to:

Send emails that contain personal data in the subject heading

Send password protected files to customers
Share the customer details with friends
Lock your computer when not in use
68. Would sharing of customer personal information, after termination of the relationship amount to
breach in privacy.

Yes
No
69. A relative of the customer approaches the branch for the account information of the customer. What is the right
method:

To deny the relative of the customer the information

Check the authorization letter and share the personal information

Check the authorization letter, satisfy that it meets the bank’s policy requirement and share the personal
information
70. After the use of print outs containing customer/employee personal data what should one do

Throw it in the wastebin

Shred the document
Retain the paper to use the other side for reprinting