DCPP-01 Online Practice Questions and Answers

With reference to APEC privacy framework, when personal information is to be transferred to another person or organization, whether domestically or internationally, "the ______________ should obtain the consent of the individual and exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with APEC information privacy principles".

A. Personal Information Owner

B. Personal Information Controller

C. Personal Information Processor

D. Personal Information Auditor

A ministry under government of India plans to collect citizens' information related to their education, medical condition, economic status, caste and religion. As per the privacy requirements mentioned under Sec 43A of IT (Amendment) Act, 2008, the citizens' `Consent' would be mandatory for which of the following elements before their collection?

A. Educational records

B. Medical condition

C. Caste and religion

D. Sec 43A may not be applicable

XYZ is a successful startup that acquired a respectable size and scale of operations in last 3 years, handling business process services for small and medium scale enterprises, largely in US and Europe. They are at the stage of closing a deal with a new banking client and working out the details of privacy related obligations in contract. Ensuring effective enforcement of which of the below listed privacy principles is client's accountability, even after outsourcing its loan approval process to XYZ?

I. Notice

II. Choice and Consent

III. Collection Limitation

IV.

Use Limitation

V.

Access and Correction

VI. Security

VII. Disclosure to third Party

Please select the correct set of principles from below listed options:

A. None of the above, since they are outsourcing the work to XYZ who will carry the liability going forward

B. All except V and VI

C. All except III

D. All of the above listed privacy principles

Which of the following categories of information are generally protected under privacy laws?

A. Personally Identifiable Information (PII)

B. Sensitive Personal Information (SPI)

C. Trademark, copyright and patent information

D. Organizations' confidential business information

The Information Technology (Reasonable Security Practices And Procedures and Sensitive Data or Information) Rules, 2011, provide the consumer with which of the following rights?

A. Right to Access and Correction

B. Right to Erasure

C. Right to Data Portability

D. Right to restrict processing

E. All of the above

Company A collects and stores information from people X and Y on behalf of company B. Which of the following statements are true?

A. A is the data controller since it collects data directly from X and Y

B. B is the data controller while A is the sub processor as B has outsourced the data collection and processing to A

C. B is the data controller that uses A as data processor to collect and process data of data subjects X and Y

D. Both A and B are data controllers since both need to maintain highest principles of data protection

As a privacy assessor, what would most likely be the first artifact you would ask for while assessing an organization which claims that it has implemented a privacy program?

A. Privacy risk management framework

B. Records of privacy specific training imparted to the employees handling personal information

C. Personal information management policy

D. Records of deployed privacy notices and statements

With respect to privacy notice, what are the responsibilities of data controller?

A. Providing the notice before or during data collection

B. Identifying and communication the purposes for which data will be collected, used, and disclosed

C. Providing notice after the data collection

D. Providing notice at every instance of data processing

A privacy lead assessor assessing your company for DSCI's privacy certification gets to know that your payroll process has been outsourced to a third party service provider. So, he/she is reviewing your contract with that service provider to ascertain which privacy related clauses are incorporated in the contract.

What could be the possible reasons for reviewing the contract?

A. Possible violation of `Collection Limitation'

B. Possible violation of `Use Limitation'

C. Risk of data subjects directly reaching to service provider

D. Data security controls in third party provider's environment

Anonymity networks and platforms for Privacy Preferences Project (P3P) are generally _________.

A. Privacy-enhancing tools and technologies to mask data

B. Web based privacy-enhancing technologies

C. Network based privacy-enhancing technologies

D. Both "Privacy-enhancing tools and technologies to mask data" and "Web based privacy-enhancing technologies"