What does IPP 1 (Collection) require?

Personal information must only be collected if it is necessary, lawful, fair, and not intrusive. Individuals should know why their data is being collected.

Give an example of complying with IPP 1.

A school collects student names and grades for records but does not collect unnecessary information like family income.

What does IPP 2 (Use and Disclosure) require?

Personal information can only be used or shared for the original purpose it was collected unless the individual consents.

Give an example of an IPP 2 breach.

A council collects emails for registration and then gives them to an advertising company without consent.

What does IPP 4 (Data Security) state?

Organisations must protect data from misuse, loss, or unauthorised access and destroy or de-identify information when no longer needed.

Provide an example of complying with IPP 4.

Encrypting databases, using strong passwords, and limiting access to authorised staff only.

What does IPP 5 (Openness) require?

Organisations must be open about how they manage personal data and have a clear, publicly available privacy policy.

Give an example of IPP 5 in practice.

A company’s website includes a privacy policy explaining what data is collected, how it is stored, and who can access it.

What does IPP 8 (Anonymity) ensure?

Individuals should have the option to remain anonymous or use a pseudonym when possible.

Give an example of IPP 8 in practice.

An online feedback form allows users to submit comments without providing their name or email address.

What does IPP 10 (Sensitive Information) regulate?

Sensitive data such as racial, political, or health information must only be collected with consent and when absolutely necessary.

Give an example of IPP 10 compliance.

A government health survey requests consent before collecting information about medical history or religion.

Exam Tip – Data Collection

IPP 1: Only collect necessary and relevant data.

Exam Tip – Data Use

IPP 2: Use and disclose data only for its original purpose.

Exam Tip – Security

IPP 4: Protect data using encryption, passwords, and access controls.

Exam Tip – Transparency

IPP 5: Always include a public privacy policy for openness.

Exam Tip – Anonymous Data

IPP 8: Allow anonymous responses in surveys where possible.

Exam Tip – Sensitive Data

IPP 10: Collect sensitive information only with consent and purpose.

Help

Options

focusNode

Didn't know it?
click below

Knew it?
click below

Don't Know

Remaining cards (0)

Know

retry

shuffle

restart

0:00

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

Normal Size Small Size show me how

Stack #4559047

Question	Answer
What does IPP 1 (Collection) require?	Personal information must only be collected if it is necessary, lawful, fair, and not intrusive. Individuals should know why their data is being collected.
Give an example of complying with IPP 1.	A school collects student names and grades for records but does not collect unnecessary information like family income.
What does IPP 2 (Use and Disclosure) require?	Personal information can only be used or shared for the original purpose it was collected unless the individual consents.
Give an example of an IPP 2 breach.	A council collects emails for registration and then gives them to an advertising company without consent.
What does IPP 4 (Data Security) state?	Organisations must protect data from misuse, loss, or unauthorised access and destroy or de-identify information when no longer needed.
Provide an example of complying with IPP 4.	Encrypting databases, using strong passwords, and limiting access to authorised staff only.
What does IPP 5 (Openness) require?	Organisations must be open about how they manage personal data and have a clear, publicly available privacy policy.
Give an example of IPP 5 in practice.	A company’s website includes a privacy policy explaining what data is collected, how it is stored, and who can access it.
What does IPP 8 (Anonymity) ensure?	Individuals should have the option to remain anonymous or use a pseudonym when possible.
Give an example of IPP 8 in practice.	An online feedback form allows users to submit comments without providing their name or email address.
What does IPP 10 (Sensitive Information) regulate?	Sensitive data such as racial, political, or health information must only be collected with consent and when absolutely necessary.
Give an example of IPP 10 compliance.	A government health survey requests consent before collecting information about medical history or religion.
Exam Tip – Data Collection	IPP 1: Only collect necessary and relevant data.
Exam Tip – Data Use	IPP 2: Use and disclose data only for its original purpose.
Exam Tip – Security	IPP 4: Protect data using encryption, passwords, and access controls.
Exam Tip – Transparency	IPP 5: Always include a public privacy policy for openness.
Exam Tip – Anonymous Data	IPP 8: Allow anonymous responses in surveys where possible.
Exam Tip – Sensitive Data	IPP 10: Collect sensitive information only with consent and purpose.

Created by: LiamJ84

"Know" box contains:
Time elapsed:
Retries: