DCPP-01 Online Practice Questions and Answers

Which of the following statements are true about the privacy statement of an organization?

A. Content of the online privacy statement of an organization will depend upon the applicable laws, and may need to address requirements across geographical boundaries and legal jurisdictions

B. As per privacy laws generally it is mandatory to mention the phone contact details of the owner of organization in the online privacy statement where customers can reach out in case of a grievance or incident

C. Online privacy statement is an instrument to demonstrate to stakeholders how the organization gathers, uses, discloses, and manages personal data

D. India's Information Technology (Amendment) Act, 2008 does not require that privacy policy be published on the website

Which of the following privacy principle deals with informed consent of the data subject before sharing the personal information (of the data subject) to third parties for processing?

A. Collection limitation

B. Purpose limitation

C. Disclosure of information

D. Accountability

XYZ is a successful startup that acquired a respectable size and scale of operations in last 3 years, handling business process services for small and medium scale enterprises, largely in US and Europe. They are at the stage of closing a deal with a new banking client and working out the details of privacy related obligations in contract. Ensuring effective enforcement of which of the below listed privacy principles is client's accountability, even after outsourcing its loan approval process to XYZ?

I. Notice

II. Choice and Consent

III. Collection Limitation

IV.

Use Limitation

V.

Access and Correction

VI. Security

VII. Disclosure to third Party

Please select the correct set of principles from below listed options:

A. None of the above, since they are outsourcing the work to XYZ who will carry the liability going forward

B. All except V and VI

C. All except III

D. All of the above listed privacy principles

Which among the following is the Canadian privacy law?

A. COPPA

B. PIPEDA

C. HIPAA

D. IT Act of Canada

The Qatar Concerning Privacy and Protection of Personal Data Act, 2016 applies to:

A. Only personal data that is electronically processed

B. Only personal data that is manually processed

C. Personal data that is electronically or manually processed

A government agency collecting biometrics of citizens can deny sharing such information with Law Enforcement Agencies (LEAs) on which of the following basis?

A. The purpose of collecting the biometrics is different than what LEAs intent to use it for

B. The consent of data subjects has not been taken

C. Government agencies would share the biometrics with LEAs on one condition if LEA properly notify the citizens

D. None of the above, as government agencies would never deny any LEA for sharing such information for the purpose of mass surveillance

An Indian bank plans to improve the authentication mechanism for its banking system by implementing three factor authentication, in which one of the factors is biometric. Which of the following statement is not correct?

A. Section 43A of IT (Amendment) Act, 2008 will be applicable.

B. Privacy policy of the bank might need to be revised.

C. Authorization to be taken from IT Secretary of the respective state or union territory.

D. Consent for biometric processing needs to be taken from the data subject if not already taken.

Which of the following is not in line with the Modern definition of Consent?

A. Consent is taken by clear and affirmative action.

B. Consent Should be Bundled in Nature.

C. Consenting individual should have the ability to withdraw consent.

D. Purpose of Processing should be informed to the individual before consenting.

Which of the following is not a characteristic of sensitive personal data?

A. Personal data is a subset of Sensitive Personal Data

B. Its classification varies from country to country

C. Its an exhaustive list

D. It carries a higher risk of processing

Collection of Personal data for a specified objective is the hallmark of which Privacy Principle?

A. Storage limitation

B. Accountability

C. Purpose Limitation

D. Use Limitation