You are working from a Red Snapper Office. As part of your role, you also visit clients’ business premises.
The clients are a public authority in the justice sector.
In a RSG location, you notice left on a joint office printer a list of this client’s employee’s details, including their names, addresses, dates of birth.
These details are part of an equality questionnaire that RSG has been commissioned to collect on behalf of this client.
You are one of the last people in the office – but one permanent RSG manager is still in this office.
Part of the questionnaire details religious beliefs, sexuality and a medical history, including mental health issues.
You notice that the first form concerns a person you know personally who works for one of our clients and is based on information that is at least three years out of date
You also see that all of the documents have been marked OFFICIAL SENSITIVE.
Quiz Summary
0 of 23 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 23 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 23
1. Question
1. The information on the forms is classified as personal data under the Data Protection Act (DPA).
Select one:CorrectIncorrect -
Question 2 of 23
2. Question
2. The information on the forms is classified as sensitive personal data under the DPA.
Select one:CorrectIncorrect -
Question 3 of 23
3. Question
3. As this is in our secure office location it will be safe – and you have no duty to deal with the situation.
Select one:CorrectIncorrect -
Question 4 of 23
4. Question
4. As a permanent RSG manager is in the office, this is their responsibility not yours.
Select one:CorrectIncorrect -
Question 5 of 23
5. Question
5. It would be okay to put the forms in an envelope and leave it in the in-tray of the person who you think printed it.
Select one:CorrectIncorrect -
Question 6 of 23
6. Question
6. You should hand the forms to the RSG manager.
Select one:CorrectIncorrect -
Question 7 of 23
7. Question
7. The manager should shred the documents immediately.
Select one:CorrectIncorrect -
Question 8 of 23
8. Question
8. The manager should securely lock the documents away.
Select one:CorrectIncorrect -
Question 9 of 23
9. Question
9. You should ring your friend and tell them to contact RSG, as you have noticed their information is out of date.
Select one:CorrectIncorrect -
Question 10 of 23
10. Question
10. The Data Protection Act places a responsibility on data subjects (in this case, your friend) to ensure their information is up to date.
Select one:CorrectIncorrect -
Question 11 of 23
11. Question
11. The next day you are asked to personally take these forms to the client’s office.
Is this allowed under the Protective Marking Scheme?
Select one:CorrectIncorrect -
Question 12 of 23
12. Question
12. You are required to check that all of the boxes have been filled in. It is okay for you to do this whilst on the train to the client’s offices.
Select one:CorrectIncorrect -
Question 13 of 23
13. Question
13. You go to the client’s office and hand the envelope into the general shared reception area.
It would be acceptable practice for you to ask that they send it to the client’s own reception desk on another floor.
Select one:CorrectIncorrect -
Question 14 of 23
14. Question
14. Later in the client’s office you notice a group of the client’s employees crowded around a desk reading and commenting on the personal data – picking out particularly some of the medical histories and making comments engendering laughter.
As this is in a secure environment, although they might be breaching policies etc. it is not a RSG issue.
So, you would not be required to take any action.
Select one:CorrectIncorrect -
Question 15 of 23
15. Question
15. You should approach the laughing employees and require them to desist.
Select one:CorrectIncorrect -
Question 16 of 23
16. Question
16. You should seek out a manager of the client’s and report what you had observed.
Select one:CorrectIncorrect -
Question 17 of 23
17. Question
17. You should report this activity to the Information Commissioner’s Office (ICO) as a breach of the DPA.
Select one:CorrectIncorrect -
Question 18 of 23
18. Question
18. You are asked to personally post these documents to the client’s head office.
They are still marked Official Sensitive, so you consider amending them and remove Official Sensitive marking, as they are just routine.
Is this allowable?
Select one:CorrectIncorrect -
Question 19 of 23
19. Question
That concludes the questions on the sensitive documents scenario.
Now test your knowledge of other Information Security Principles at RSG…
19.The Data Protection Act (DPA) does not apply to RSG as we are not a Public Authority.
Select one:CorrectIncorrect -
Question 20 of 23
20. Question
20. You are allowed to use your own personal digital equipment such as Android devices and USBs to copy and transport RSG data.
Select one:CorrectIncorrect -
Question 21 of 23
21. Question
21. You receive a suspicious email in your RSG email account. You should open it, but not the attachment to see if you know who it is from.
Select one:CorrectIncorrect -
Question 22 of 23
22. Question
22. If you receive an unexpected email, you should delete it and remember who sent it for the next time.
(This is daily activity so just stay personally aware).
Select one:CorrectIncorrect -
Question 23 of 23
23. Question
23. Information Security Management is a RSG management issue only.
Select one:CorrectIncorrect
