Skip to Content
From Monday 12 September 2020, OVIC's website will no longer be supported in Internet Explorer (IE).
We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.

How much do you know about privacy?

Take OVIC’s privacy quiz


Question 1

The largest data breach involving personal information affected how many individuals?

Correct!

In 2013, Yahoo was subject to a hack that exposed its entire user database at the time - approximately 3 billion accounts. The breach disclosed names, email addresses, telephone numbers, dates of birth, and security questions and answers. Check out OVIC’s guidance on how to prepare for and respond to the privacy implications of data breaches involving personal information.

Incorrect!

In 2013, Yahoo was subject to a hack that exposed its entire user database at the time - approximately 3 billion accounts. The breach disclosed names, email addresses, telephone numbers, dates of birth, and security questions and answers. Check out OVIC’s guidance on how to prepare for and respond to the privacy implications of data breaches involving personal information.

Question 2

When using a web browser with private or incognito mode enabled, my browsing behaviour or actions are anonymous.

Correct!

Using private or incognito mode on a browser merely prevents your browsing history, cookies, passwords, or temporary files from being locally stored on your own device. It does not necessarily mask your identity or browsing activity from third parties such as the websites you visit or internet service providers.

Incorrect!

Using private or incognito mode on a browser merely prevents your browsing history, cookies, passwords, or temporary files from being locally stored on your own device. It does not necessarily mask your identity or browsing activity from third parties such as the websites you visit or internet service providers.

Question 3

In what year did Victoria’s first state privacy laws commence operation?

Correct!

The Information Privacy Act 2000 (Vic) commenced operation on 1 September 2001, establishing a regime for the responsible collection and handling of personal information in the Victorian public sector. That Act was later repealed and replaced by the current Privacy and Data Protection Act 2014 (Vic). The Health Records Act 2001 (Vic) commenced 1 March 2002, establishing a regime for the protection of health information.

Incorrect!

The Information Privacy Act 2000 (Vic) commenced operation on 1 September 2001, establishing a regime for the responsible collection and handling of personal information in the Victorian public sector. That Act was later repealed and replaced by the current Privacy and Data Protection Act 2014 (Vic). The Health Records Act 2001 (Vic) commenced 1 March 2002, establishing a regime for the protection of health information.

Question 4

When a Victorian public sector organisation collects personal information, a comprehensive written collection notice must always be provided.

Correct!

Information Privacy Principle 1.3 requires organisations to take reasonable steps to provide individuals with certain information when collecting their personal information. It does not specify the method or format in which that information must be provided. Notice can be provided in writing, verbally or any other means that conveys the required information. Organisations should choose the most appropriate and transparent method or methods.

Incorrect!

Information Privacy Principle 1.3 requires organisations to take reasonable steps to provide individuals with certain information when collecting their personal information. It does not specify the method or format in which that information must be provided. Notice can be provided in writing, verbally or any other means that conveys the required information. Organisations should choose the most appropriate and transparent method or methods.

Question 5

Privacy in Victoria is best described by which statement:

Correct!

In Victoria, section 13 of the Charter of Human Rights and Responsibilities Act 2006 (Vic) protects individuals’ right to not have their privacy interfered with. The Privacy and Data Protection Act 2014 (Vic) and Health Records Act 2001 (Vic) establish a framework for the collection, use and disclosure of personal information and health information by public sector organisations.

Incorrect!

In Victoria, section 13 of the Charter of Human Rights and Responsibilities Act 2006 (Vic) protects individuals’ right to not have their privacy interfered with. The Privacy and Data Protection Act 2014 (Vic) and Health Records Act 2001 (Vic) establish a framework for the collection, use and disclosure of personal information and health information by public sector organisations.

Question 6

The European Union General Data Protection Regulation can apply to the activities of Victorian public sector organisations.

Correct!

While the General Data Protection Regulation is an EU law, it imposes obligations on organisations anywhere in the world, provided certain criteria are met. Victorian public sector organisations that operate in the EU or handle personal information of EU residents should review whether they have obligations under the GDPR.

Incorrect!

While the General Data Protection Regulation is an EU law, it imposes obligations on organisations anywhere in the world, provided certain criteria are met. Victorian public sector organisations that operate in the EU or handle personal information of EU residents should review whether they have obligations under the GDPR.

Question 7

What percentage of Australians read and are confident they understand privacy policies on websites?

Correct!

According to the 2020 Australian Community Attitudes to Privacy Survey, only 1 in 5 Australians (20%) read and are confident they understand privacy policies on internet sites. The main reasons why Australians do not read privacy policies include the length and difficulty of the policies. Australians want to see standard, simple language (87% support) and a plain English summary at the start of every privacy policy (86% support). There is also support (73%) for the use of icons as indicators that certain activities are undertaken.

Incorrect!

According to the 2020 Australian Community Attitudes to Privacy Survey, only 1 in 5 Australians (20%) read and are confident they understand privacy policies on internet sites. The main reasons why Australians do not read privacy policies include the length and difficulty of the policies. Australians want to see standard, simple language (87% support) and a plain English summary at the start of every privacy policy (86% support). There is also support (73%) for the use of icons as indicators that certain activities are undertaken.

Question 8

Which of the following make the list of most commonly used passwords in Australia?

Correct!

According to NordPass’s annual research, in 2021 the most common Australian passwords were made up of simple names, consecutive numbers and, sequential keys on a keyboard. Check out the list on NordPass’s website.

Incorrect!

According to NordPass’s annual research, in 2021 the most common Australian passwords were made up of simple names, consecutive numbers and, sequential keys on a keyboard. Check out the list on NordPass’s website.

Question 9

Using artificial intelligence techniques to infer information about individuals can amount to the collection of personal information.

Correct!

Organisations that infer personal information are collecting the inferred information (this process is sometimes referred to as ‘collection by creation’). Information Privacy Principle 1.1 prohibits organisations from collecting unnecessary personal information. This means that organisations cannot infer personal information unless that information is necessary for their functions or activities. Check out OVIC’s blog post on artificial intelligence inferences and collection.

Incorrect!

Organisations that infer personal information are collecting the inferred information (this process is sometimes referred to as ‘collection by creation’). Information Privacy Principle 1.1 prohibits organisations from collecting unnecessary personal information. This means that organisations cannot infer personal information unless that information is necessary for their functions or activities. Check out OVIC’s blog post on artificial intelligence inferences and collection.

Question 10

Privacy Awareness Week was an initiative started by the Asia Pacific Privacy Authorities forum in what year?

Correct!

Privacy Awareness Week is an initiative started in 2006 by the Asia Pacific Privacy Authorities forum. Since then, it has been held every year to promote and raise awareness for numerous privacy issues and the importance of protecting personal information.

Incorrect!

Privacy Awareness Week is an initiative started in 2006 by the Asia Pacific Privacy Authorities forum. Since then, it has been held every year to promote and raise awareness for numerous privacy issues and the importance of protecting personal information.

Back to top
Back to Top