New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CIPP-C Questions and Answers

Question # 6

In Ontario, a patient attends an appointment with a physician and reveals information about some new symptoms that she has been experiencing. Based on this information, the physician diagnoses the patient with a condition and prepares the report detailing the applicable history and diagnosis. The report is added to the patient’s record. The patient later regrets revealing certain facts and doesn’t want anyone else to know about these symptoms or the diagnosis. She acknowledges that the information she provided was correct and does not question the diagnosis.

Which of the following requests would the patient be most successful at pursuing?

A.

That a correction be made to change the diagnosis based on the patient's wishes.

B.

That the information be restricted from disclosure to other health care providers.

C.

That a copy of the record be kept by the patient for disclosure to physicians.

D.

That details of the diagnosis be deleted from the patient’s health record.

Full Access
Question # 7

In comparing British Columbia’s privacy laws with the health information privacy acts of the remaining provinces, BC’s privacy laws?

A.

Seek to create a more flexible regulatory system to manage the patient data itself

B.

Refer to health sector participants as trustees as opposed to custodians.

C.

Exclude laboratories, nursing homes and independent health facilities.

D.

Group data banks together rather than listing them separately.

Full Access
Question # 8

The movement toward comprehensive privacy and data protection laws can be attributed to a combination of three major factors: the need to remedy past injustices, the need to promote a digital economy and the need to ensure consistency with?

A.

Self-regulatory laws.

B.

Pan-European laws.

C.

Pan-Asian laws.

D.

Global laws.

Full Access
Question # 9

What is the Generally Accepted Privacy Principles (GAPP) framework?

A.

An information management model that is widely recognized across many Canadian industries.

B.

A comprehensive guide for industry best practices as delineated by the Canadian federal Privacy Commissioner.

C.

A template for Privacy Impact Assessments (PIAs) that are conducted within private sector organizations in Canada.

D.

A principles-based privacy approach advocated by Canada’s leading accounting industry group and its U.S.-based counterpart.

Full Access
Question # 10

How would an individual determine whether their personal information was used by the federal government for data matching?

A.

By submitting written requests to the third party conducting data matching for the government

B.

By noting the description of the Personal Information Banks available through Info Source.

C.

By proposing a Privacy Impact Assessment (PIA) within the specific government body.

D.

By reviewing the Privacy Commissioner's annual report.

Full Access
Question # 11

According to the Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems, signatories commit to doing all of the following EXCEPT?

A.

Contributing to the development and application of Al standards.

B.

Sharing information and best practices of Al governance.

C.

Supporting public awareness and education on Al.

D.

Adopting low-risk uses of AI.

Full Access
Question # 12

A small commercial business in Canada was preparing a mailing to its customers when the letters and the envelopes were mismatched, causing 500 of 1000 letters to be sent to the wrong recipients. The letters contained the name and mailing address of the clients as well as account numbers and account balances.

The business has discovered this error as clients called to report receiving the wrong letter and expressing concern that their information has been breached. Which of the following is the most appropriate next step to take?

A.

All 1000 clients must be sent new letters.

B.

The 500 clients who were impacted must be immediately notified.

C.

The Office of the Privacy Commissioner (OPC) must be immediately notified.

D.

A risk assessment must be completed to determine the real risk of significant harm (RROSH) to the clients.

Full Access
Question # 13

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), when engaging in a third-party transfer of personal information for processing, an organization is expected to have the technology to protect the information during transit and to?

A.

Establish a contract outlining the individual outsourcing arrangement.

B.

Obtain additional consent for the use of the information by the third party.

C.

Confirm the jurisdictional protections of the receiving organization are the same as PIPEDA.

D.

Review the cross-border data flow competed and approved by the Treasury Board of Canada Secretariat.

Full Access
Question # 14

What must an organization do to fulfill the Personal Information Protection and Electronic Documents Act’s (PIPEDA) transparency requirements when transferring personal information to a foreign country?

A.

Inform customers if data is to be transferred outside of Canada and solicit additional consent.

B.

Give individuals with an existing business relationship the right to refuse transfer of their information.

C.

Advise customers that their data may be accessed by another jurisdiction's courts or law enforcement.

D.

Provide new customers with a measure-by-measure comparison of relevant foreign laws with Canadian laws.

Full Access
Question # 15

According to the federal Privacy Commissioner, what protection is missing from the Privacy Act regarding outsourcing of government work that contains personal information?

A.

A statement preventing the vendor to whom the information is outsourced to subcontract its processing.

B.

A statement granting the Privacy Commissioner the right to issue orders following an investigation into a possible data breach.

C.

A statement requiring the government agency to complete a Privacy Impact Assessment (PIA) prior to outsourcing to a third party.

D.

A statement indicating that the government institution from which the information is outsourced remains accountable for its security.

Full Access
Question # 16

The process of de-identification where new data elements are substituted for identifying information is?

A.

Shuffling.

B.

Encryption.

C.

Anonymization.

D.

Pseudonymization.

Full Access
Question # 17

In Ontario, personal information can be withheld from disclosure in a Freedom of Information (FOI) request. The following information is included in a record that is the subject of a FOI request being handled by a hospital: employee name, employee title, employee designation, employee educational history, employee personal cell phone number, and feedback about the employee from a colleague.

Which of the following statements is accurate regarding what can be released?

A.

Employee name and title can only be released if the employee consents

B.

The employee designation is not to be released as it is considered employment history.

C.

Employee name, title, and designation can be released as it is not classified as personal information.

D.

No employee information can be released as it is information that was collected throughout the course of employment.

Full Access
Question # 18

Which of the following incidents will require reporting to OPC?

A.

A sales report with aggregated information that was sent to the wrong person internally.

B.

A file with client ID, sales amount and sales date that was sent to the wrong processors who cannot identify the clients.

C.

An organization’s point-of-sale system that was subject to an attempted hack that was blocked by the organization’s firewall.

D.

As part of a freedom of information request, a nursing home that released an e-mail with everybody’s e-mail address in the "to" section unredacted.

Full Access
Question # 19

A boutique hotel in Montreal seeks to attract travelers from Europe but wants to avoid becoming subject to the GDPR’s requirements. Which of the following activities is most likely to result in a finding that the hotel is subject to the GDPR?

A.

Placing advertisements on travel websites accessible in Europe.

B.

Collecting contact information for foreign business leaders from public directories.

C.

Sending discount offers to guests who previously registered using a foreign address.

D.

Translating the hotel's registration page into German based on the visitor's IP address.

Full Access
Question # 20

Which organization was the primary influence in the development of Canadian privacy with their publication of a set of eight privacy principles?

A.

The Organization for Economic Co-operation and Development (OECD).

B.

The Canadian Institute of Chartered Accountants

C.

The Center for Democracy and Technology (CRT)

D.

The Canadian Standards Association (CSA).

Full Access
Question # 21

What is the primary motivation for a federal government entity to complete a Privacy Impact Assessment (PIA)?

A.

Introducing new legislation in the House of Commons

B.

Receiving program approvals from the Treasury Board of Canada.

C.

Obtaining program expertise from the Privacy Commissioner of Canada.

D.

Improving collection methods through its information technology systems.

Full Access
Question # 22

An Alberta woman finds errors about her personal information while reviewing paperwork at a local real estate firm. According to Canadian Standards Association (CSA) principles, how should the firm respond to these errors?

A.

File an error report describing the nature of the errors.

B.

Amend any information that the woman finds to be erroneous.

C.

Request that the woman complete a new set of forms with correct information

D.

Provide the woman with the names of any third parties who have had access to her information.

Full Access