DCPP-01 Online Practice Questions and Answers

Which of the following is not required by an organization in US, resorting to EU-US Safe Harbor provisions, to transfer personal information from EU member nation to US?

A. Adherence to the seven safe harbor principles

B. Disclose their privacy policy publicly

C. Sign standard contractual clauses with data exporters in EU

D. Notify FTC of the self-certification

If an entity operates a website designed for kids or a website that targets general audience but collects information from individuals known to be under age of 13 years, the entity must comply with requirements in the US.

A. Child online protection Act, 1998

B. Gramm-Leach-Bliley Act, 1999

C. Personal Information Protection and Electronic Documents Act (PIPEDA)

D. Sarbanes-Oxley Act, 2000

As per Article 33 of GDPR, in case of a personal data breach, the data controller has to inform the supervisory authority within ___________ of becoming aware of the breach.

A. 48 hours

B. 14 days

C. 72 hours

D. 24 hours

Which section of the IT (Amendment) Act, 2008 lays down the provision of punishment for offense of wrongful disclosure of personal information with the intent to cause wrongful loss or wrongful gain?

A. Section 43A

B. Section 65

C. Section 72

D. Section 72A

Japanese Act on the Protection of Personal Information or APPI applies to:

A. Applies to the use of a personal information for businesses

B. Applies to the use of personal information by government entities

C. Both A and B

If XYZ and Co. collects, stores and processes personal information of living persons, electronically in a structured filing system, then XYZ could be a:

A. Data Processor

B. Data Controller

C. Data Subject

D. Either A or B

Which of the following statements is true in respect of the India specific government projects such as Aadhaar, National Population Register (NPR), etc. that can have privacy implications?

A. Collection of biometrics in India is a statutory requirement

B. Proper and adequate notification is not provided to data subjects before and during the collection of their personal information

C. Data subjects are not limited in their ability to exercise control over the ways their personal information is being used, once it has been shared by them as part of the projects

D. Citizens are being given the choice to opt out from submitting their biometric details and are allowed to complete the environment without submitting their biometrics

_________________ was passed by the UK parliament to regulate the power of public bodies to carry out surveillance, interception communications and conduct investigations.

A. Regulation of investigatory Powers Act, 2000

B. Regulation of Investigation Agencies Act, 2016

C. Regulation of Interception Procedures Act, 2000

D. Regulation of Interception and Access Act, 2000

Privacy enhancing tools aim to allow users to take one or more of the following actions related to their personal data that is sent to, and used by online service providers, merchants or other users:

i. Increase control over their personal data

ii. Choose whether to use services anonymously or not

iii. Obtain informed consent about sharing their personal data

iv.

Opt-out of behavioral advertising or any other use of data Please select correct option from below:

A.

Only i

B.

Only i and ii

C.

All

D.

Only ii

XYZ bank has recently decided to start offering online banking services. For doing so, the bank has outsourced its IT operations and processes to various third parties. Acknowledging privacy concerns, bank has decided to implement a privacy program.

Assuming you have been tasked to deploy this framework for the bank, which of the following would most likely be your first step?

A. Create an inventory of business processes that deal with personal information and identify the associated data element.

B. Ensure that bank is equipped to test the relevance of each legal and compliance requirement in its environment.

C. Assign privacy roles and responsibilities for process owners.

D. Any of the above as order is irrelevant.