Black Friday Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

DCPP-01 Questions and Answers

Question # 6

Technological advancement is inevitable and the speed of change is exponential. In such a scenario, which of the following statement is not true for defining the relationship between privacy protection and technology advancement, both at individual and corporate levels?

A.

Maintaining privacy is difficult with emerging platforms and services

B.

Maintaining privacy is difficult, as exercising complete control over personal information in online environment is an uphill task

C.

Technology advancements and privacy protection are independent concepts that are not related

D.

Maintaining privacy in cyberspace becomes easier with proper use of tools and technologies

Full Access
Question # 7

Which of the following is not a driver for increased privacy-related concerns and subsequent regulatory responses from various governments around the world?

A.

Outsourcing and trans-border data flows in globalized world

B.

Increasing economic value of personal information

C.

Rising demand of data privacy professionals

D.

Phenomenal rise in use of social networking sites, where a lot of personal information is shared with others

Full Access
Question # 8

Which of the following does not fall under the category of Personal Financial Information (PFI)?

A.

Credit card number with expiry date

B.

Bank account Information

C.

Loan account Information

D.

Income tax return file acknowledgement number

Full Access
Question # 9

A US IT company has created a cloud based application for Canadian consumers only, with servers located in Vancouver, Canada. The application allows its users to publish their short stories, essays or e-books. The purpose of the application, i.e. literary work, is clearly stated in the terms and conditions which are mandatorily acknowledged by each user. With respect to this application, the company must ensure compliance with:

A.

PIPEDA

B.

US Consumer Privacy Bill of Rights

C.

EU Data Protection Directive

D.

None of the above

Full Access
Question # 10

A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.

Which of the following are not mandatory pre-requisite before transferring sensitive personal data to its Asian branches?

A.

Notifying the data subject

B.

Conducting risk assessment for the processing involved

C.

Determining adequacy status of the country

D.

Self-certifying to Safe Harbor practices and reporting to Federal Trade Commission

Full Access
Question # 11

XYZ is a successful startup that acquired a respectable size & scale of operations in last 3 years, handling business process services for small & medium scale enterprises, largely in US & Europe. They are at the stage of closing a deal with a new banking client and working out the details of privacy related obligations in contract. Ensuring effective enforcement of which of the below listed privacy principles is client’s accountability, even after outsourcing its loan approval process to XYZ?

I. Notice

II. Choice and Consent

III. Collection Limitation

IV. Use Limitation

V. Access and Correction

VI. Security

VII. Disclosure to third Party

Please select the correct set of principles from below listed options:

A.

None of the above, since they are outsourcing the work to XYZ who will carry the liability going forward

B.

All except V and VI

C.

All except III

D.

All of the above listed privacy principles

Full Access
Question # 12

With reference to APEC privacy framework, when personal information is to be transferred to another person or organization, whether domestically or internationally, “the ______________ should obtain the consent of the individual and exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with APEC information privacy principles”.

A.

Personal Information Owner

B.

Personal Information Controller

C.

Personal Information Processor

D.

Personal Information Auditor

Full Access
Question # 13

Under which of the following conditions can a company in India may transfer sensitive personal information (SPI) to any other company or a person in India, or located in any other country?

A.

Transfer of information is allowed to those who ensure the same level of data protection that is adhered to by the company as provided for under the Indian laws

B.

The transfer of information is allowed only after taking approval of Chief Information Commissioner of India

C.

The transfer of information is allowed only after taking approval of DeitY (Department of Electronics & Information Technology) in India

D.

The transfer may be allowed only if it is necessary for the performance of the lawful contract or where the data subject has consented to data transfer

Full Access
Question # 14

A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.

For exporting EU branch employees’ data to Asian Countries for processing, which of the following instruments could be used for legal data transfer?

A.

Customized contracts mandating ISO 27001 certification by the data processor

B.

Standard Contractual Clauses

C.

Binding Corporate Rules

D.

Safe Harbor

Full Access
Question # 15

According to the privacy statement of an organization, which of the following words is true?

A.

The Information Technology (Amendment) Act, 2008 does not require the publication of privacy policies on websites in India

B.

The content of an organization's online privacy statement will be influenced by the applicable laws, and may need to address requirements across geographic boundaries and legal jurisdictions

C.

A privacy statement demonstrates to stakeholders how an organization gathers, uses, discloses, and manages personal information

D.

In order to follow privacy laws, it is mandatory that there is a phone contact information for the organization's owner in the online privacy statement so that customers can reach out in case of a concern or incident, which can be managed online

Full Access
Question # 16

Historically, which of these events led to the formation of our current concept of privacy?

A.

Civil rights are fundamental liberties

B.

Declaration of human rights

C.

The right to be left alone

D.

A binding corporate rule

Full Access
Question # 17

From the following list, select the element (elements) that comprise APEC's cross border privacy rules system:

A.

recognition/acceptance by APEC members

B.

dispute resolution and enforcement

C.

self-assessment

D.

compliance review

Full Access
Question # 18

APPI, the Act for the Protection of Personal Information, applies to:

A.

Government entities using personal information

B.

Personal Information about an individual that is used by a business

C.

None of the above

Full Access