Summer Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

DCPP-01 Sample Questions Answers

Questions 4

A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.

For the outsourced work of its customers’ data processing, in order to initiate data transfer to another organizations outside EU, which is the most appropriate among the following?

Options:

A.

The vendor (data importer) in the third country, and not the exporter is responsible to put in place suitable model contractual clauses, and hence the exporter does not need to take any action.

B.

Since the data is processed by the vendor outside the EU, the EU directive does not apply and hence there are no legal concerns

C.

The data exporter needs to initiate model contractual clauses after obtaining approvals from data protection commissioner and have the vendor be a signatory on the same as data importer

D.

The data importer need to notify about the transfer to data protection commissioner in the destination country and exporter need to similarly notify in the EU country of origin

Buy Now
Questions 5

What does PHI stand for, as per HIPAA/ HITECH?

Options:

A.

Personal heuristic information

B.

Public health information

C.

Protected health information

D.

Personal health information

Buy Now
Questions 6

Under which of the following conditions can a company in India may transfer sensitive personal information (SPI) to any other company or a person in India, or located in any other country?

Options:

A.

Transfer of information is allowed to those who ensure the same level of data protection that is adhered to by the company as provided for under the Indian laws

B.

The transfer of information is allowed only after taking approval of Chief Information Commissioner of India

C.

The transfer of information is allowed only after taking approval of DeitY (Department of Electronics & Information Technology) in India

D.

The transfer may be allowed only if it is necessary for the performance of the lawful contract or where the data subject has consented to data transfer

Buy Now
Questions 7

A country should allow its citizens to access specific information owned by the government in order to bring transparency in the government administration processes. This is the basis for formulation of which of the following rights in India?

Options:

A.

Right to Privacy Act

B.

Right to Information Act

C.

Right to Freedom of Speech and Expression

D.

Right to Social Security

Buy Now
Questions 8

Which among the following can be classified as the most important purpose for enactment of data protection/ privacy regulations across the globe?

Options:

A.

Protect the constitution

B.

Penalize the organizations and impose fines for failure to protect privacy

C.

Ensure peace in the society

D.

Protect individual rights

Buy Now
Questions 9

Rising economic value of personal information has stressed the need for a comprehensive __________ legislation in India.

Options:

A.

Right to Internet

B.

Privacy

C.

Right to Information

D.

Dispute resolution

Buy Now
Questions 10

In India, who among the following would be the authorized legal entities to monitor and intercept communication of individuals?

Options:

A.

“Intermediaries” as defined under the IT (Amendment) Act, 2008

B.

Telecom Service Providers

C.

Intelligence and Law Enforcement Agencies

D.

Directorate of Revenue Intelligence (DRI)

Buy Now
Questions 11

Company A collects and stores information from people X & Y on behalf of company B. Which of the following statements are true?

Options:

A.

A is the data controller since it collects data directly from X & Y

B.

B is the data controller while A is the sub processor as B has outsourced the data collection and processing to A

C.

B is the data controller that uses A as data processor to collect and process data of data subjects X and Y

D.

Both A & B are data controllers since both need to maintain highest principles of data protection

Buy Now
Questions 12

Which type of data qualify as Sensitive Personal Data or Information under Section 43A of IT (Amendment) Act, 2008?

Options:

A.

Sexual orientation

B.

Political affiliation

C.

Religion and caste

D.

Call Data Records (CDRs)

Buy Now
Questions 13

Which of the following laid foundation for the development of OECD privacy principles for the promotion of free international trade and trans border data flows?

Options:

A.

Fair information Privacy Practices of US, 1974

B.

EU Data Protection Directive

C.

Safe Harbor Framework

D.

WTO’s Free Trade Agreement

Buy Now
Questions 14

Which of the following does not fall under the category of Personal Financial Information (PFI)?

Options:

A.

Credit card number with expiry date

B.

Bank account Information

C.

Loan account Information

D.

Income tax return file acknowledgement number

Buy Now
Questions 15

Which of the following statements is true in respect of the India specific government projects such as Aadhaar, National Population Register (NPR), etc. that can have privacy implications?

Options:

A.

Collection of biometrics in India is a statutory requirement

B.

Proper and adequate notification is not provided to data subjects before and during the collection of their personal information

C.

Data subjects are not limited in their ability to exercise control over the ways their personal information is being used, once it has been shared by them as part of the projects

D.

Citizens are being given the choice to opt out from submitting their biometric details and are allowed to complete the environment without submitting their biometrics

Buy Now
Questions 16

Which of the following doesn’t contribute, or contributes the least, to the growing data privacy challenges in today’s digital age?

Options:

A.

Social media

B.

Mass surveillance

C.

Use of secure wireless connections

D.

Increase in digitization of personal information

Buy Now
Questions 17

Which of the following statement about Personally Identifiable Information (PII) is true?

Options:

A.

PII is necessarily a single data element, not a combination of data elements, which can uniquely identify an individual

B.

PII is a subset of Sensitive Personal Information

C.

PII is any information about a legal entity including details of its registration or any information that may allow its easy identification

D.

None of the above

Buy Now
Questions 18

According to RTI Act, under which conditions can a government department refuse to release information?

Options:

A.

National security adversely affected by such information

B.

This information is detrimental to the stability of the ruling party in government

C.

Detrimental effect on the public image of government agencies

D.

In the absence of a public interest, such information may adversely impact the privacy of its officials

Buy Now
Questions 19

The Qatar Concerning Privacy and Protection of Personal Data Act, 2016 addresses different types of personal data, including:

Options:

A.

Only manual processing of personal data

B.

Only electronic processing of personal data

C.

The electronic or manual processing of personal information

D.

None of the above

Buy Now
Questions 20

Who should be designated as a grievance officer in IT (Amendment) Act, 2008 to redress grievance(s) from information providers?

Options:

A.

An individual sharing his/her information

B.

A third party agency collects personal information

C.

An organization that determines the means and purposes of data processing

D.

Processor of data

Buy Now
Questions 21

It is essential for an entity to comply with US requirements if it operates a website designed for kids or a website for general audiences that gathers information from individuals known to be under 13 years old. Which of the below regulations is applicable?

Options:

A.

Gramm-Leach-Bliley Act, 1999

B.

Child online protection Act, 1998

C.

Personal Information Protection and Electronic Documents Act (PIPEDA)

D.

Sarbanes-Oxley Act, 2000

Buy Now
Questions 22

Which of the following does not fall under the category of Sensitive Personal Data or Information as defined in the Information Technology (Reasonable Security Practices and Procedures and Sensitive Data or Information) Rules, 2011?

Options:

A.

Religious Beliefs

B.

Medical records and history

C.

Sexual orientation

D.

Password

Buy Now
Questions 23

From the below listed options, identify the new privacy principle that is being advocated in proposed EU General Data Protection Regulation?

Options:

A.

Right to be informed prior to sharing of data

B.

Right to modify data

C.

Right to be forgotten

D.

Right to object data collection and processing

Buy Now
Questions 24

Companies based in EU and willing to transfer data outside the EU/EEA, use model contracts as an instrument. Which of the following statements are true in reference to above statement?

Options:

A.

It is a requirement mentioned in EU Data Protection Directive

B.

It is a requirement mentioned in the OECD Privacy Framework

C.

It is a requirement mentioned in the EU E-Commerce Directive

D.

None of the above

Buy Now
Questions 25

‘Challenging Compliance’ as a privacy principle is covered in which of the following data protection/ privacy act?

Options:

A.

Federal Data Protection Act, Germany

B.

UK Data Protection Act

C.

PIPEDA

D.

Singapore Data Protection Act

Buy Now
Questions 26

XYZ & Co., an Indian hospital specialized in dealing with cancer treatment has organized a free health checkup camp for women in a specific district, after seeking due permission from competent authorities. During the camp the hospital staffs will be feeding the medical records of these women into the computer connected to hospital network system. Does the said hospital need to notify its privacy policy to the women attending the camp and seek their consent regarding the collection and processing of such information?

Options:

A.

No, since it is a free checkup camp for their welfare

B.

Yes, in the any language as per the wishes of said hospital

C.

No, since the law does not require the same in this case

D.

Yes, in the language such women would understand

Buy Now
Questions 27

XYZ is a successful startup that acquired a respectable size & scale of operations in last 3 years, handling business process services for small & medium scale enterprises, largely in US & Europe. They are at the stage of closing a deal with a new banking client and working out the details of privacy related obligations in contract. Ensuring effective enforcement of which of the below listed privacy principles is client’s accountability, even after outsourcing its loan approval process to XYZ?

I. Notice

II. Choice and Consent

III. Collection Limitation

IV. Use Limitation

V. Access and Correction

VI. Security

VII. Disclosure to third Party

Please select the correct set of principles from below listed options:

Options:

A.

None of the above, since they are outsourcing the work to XYZ who will carry the liability going forward

B.

All except V and VI

C.

All except III

D.

All of the above listed privacy principles

Buy Now
Questions 28

Indian constitution does not expressly provide for the “right to privacy” to its citizens. However, there were various judicial pronouncements of the apex court which finally established the “right to privacy” as a fundamental right subsumed under Article 21 of the constitution of India. Article 21 inter alia provides and protects the __________________.

Options:

A.

Right to Life and Personal liberty

B.

Right to Opportunity

C.

Right to Freedom of Speech and Expression

D.

Right to Equality before law

Buy Now
Questions 29

Which of the following privacy regulation advocates de-identification of personal information?

Options:

A.

EU Data Protection Directive

B.

Canada’s PIPEDA

C.

Australia’s ANPP

D.

IT Act of India

Buy Now
Questions 30

A financial organization may share nonpublic information about its customers in accordance with Gramm-Leach-Bliley Act of the US. Which one of the following is the requirement?

Options:

A.

Data sharing does not require consent from the consumers.

B.

As soon as the GLBA privacy notice is disclosed initially and annually

C.

FTC permission is required

D.

Consumers' consent must be obtained first

Buy Now
Questions 31

Which of the following are key contributors that would enhance the complexity in implementing security measures for protection personal information?

Options:

A.

Data collection through multiple modes and channels

B.

Evolution of nimble and flexible business processes affecting access management

C.

Regulatory requirements to issue privacy notice and data breach notification in specified format

D.

Increasing focus on right to privacy

Buy Now
Questions 32

As part of the new EU General Data Protection Regulation, which of the following is being proposed?

Options:

A.

Right to be forgotten

B.

Right to modify data

C.

Right to be informed prior to sharing of data

D.

Right to object data collection and processing

Buy Now
Questions 33

In relation to "Online Privacy" please pick the incorrect statement:

Options:

A.

Online disclosure of "selective" information by a person that is publicly available

B.

The process of obtaining information online that a person can control

C.

People's concerns over the license agreements they sign with any company

D.

People's concern over the way their personal information is used during online activities

Buy Now
Questions 34

In the wake of privacy-related concerns arising from various policies around the world, which of the following has not driven increased regulatory responses?

Options:

A.

Data privacy professionals are in high demand

B.

Data flows across borders and outsourcing in a globalized world

C.

Rapid growth of social networking sites, which are used to share a lot of personal information

D.

Information about individuals having a greater economic value

Buy Now
Questions 35

A privacy lead assessor assessing your company for DSCI’s privacy certification gets to know that your payroll process has been outsourced to a third party service provider. So, he/she is reviewing your contract with that service provider to ascertain which privacy related clauses are incorporated in the contract. What could be the possible reasons for reviewing the contract?

Options:

A.

Possible violation of ‘Collection Limitation’

B.

Possible violation of ‘Use Limitation’

C.

Risk of data subjects directly reaching to service provider

D.

Data security controls in third party provider’s environment

Buy Now
Questions 36

How does the APEC privacy framework differ from the EU Data Protection Directive in the following way?

Options:

A.

As part of APEC, member countries do not need to sign binding treaties or directives on privacy

B.

Personal information is not covered by the APEC privacy framework

C.

Members of APEC do not cooperate with each other in the enforcement of privacy laws

D.

APEC provides no regulations on e-commerce

Buy Now
Exam Code: DCPP-01
Exam Name: DSCI certified Privacy Professional (DCPP)
Last Update: Jun 9, 2024
Questions: 122
$64  $159.99
$48  $119.99
$40  $99.99
buy now DCPP-01