New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > DSCI > DCPP > DCPP-01

DCPP-01 DSCI certified Privacy Professional (DCPP) Question and Answers

Question # 4

The Qatar Concerning Privacy and Protection of Personal Data Act, 2016 addresses different types of personal data, including:

A.

Only manual processing of personal data

B.

Only electronic processing of personal data

C.

The electronic or manual processing of personal information

D.

None of the above

Full Access
Question # 5

What conditions apply in India for a company to transfer sensitive personal information (SPI) to another Indian company or individual, or to a person residing in any other country?

A.

A transfer may occur only where the data subject gives their consent or when it is necessary to perform a lawful contract

B.

In India, the Chief Information Commissioner must approve the transfer of information

C.

Data may be transferred to companies that adhere to the same level of data protection that is required by Indian law

D.

Taking permission from the ministry of electronics and information technology is necessary for information transfer.

Full Access
Question # 6

Which of the following could be considered as triggers for updating privacy policy?

A.

Regulatory changes

B.

Privacy breach

C.

Change in service provider for an established business process

D.

Recruitment of more employees

Full Access
Question # 7

If XYZ & Co. collects, stores and processes personal information of living persons, electronically in a structured filing system, then XYZ could be a:

A.

Data Processor

B.

Data Controller

C.

Data Subject

D.

Either A or B

Full Access
Question # 8

In the history of human evolution, erection of walls and fences around one’s living spaces is interpreted as arrival of which type of privacy consciousness?

A.

Data privacy

B.

Physical privacy

C.

Organizational privacy

D.

Communication privacy

Full Access
Question # 9

Which of the following does not fall under the category of Personal Financial Information (PFI)?

A.

Credit card number with expiry date

B.

Bank account Information

C.

Loan account Information

D.

Income tax return file acknowledgement number

Full Access
Question # 10

Which of the following statements is true in respect of the India specific government projects such as Aadhaar, National Population Register (NPR), etc. that can have privacy implications?

A.

Collection of biometrics in India is a statutory requirement

B.

Proper and adequate notification is not provided to data subjects before and during the collection of their personal information

C.

Data subjects are not limited in their ability to exercise control over the ways their personal information is being used, once it has been shared by them as part of the projects

D.

Citizens are being given the choice to opt out from submitting their biometric details and are allowed to complete the environment without submitting their biometrics

Full Access
Question # 11

What does PHI stand for, as per HIPAA/ HITECH?

A.

Personal heuristic information

B.

Public health information

C.

Protected health information

D.

Personal health information

Full Access
Question # 12

According to the privacy statement of an organization, which of the following words is true?

A.

The Information Technology (Amendment) Act, 2008 does not require the publication of privacy policies on websites in India

B.

The content of an organization's online privacy statement will be influenced by the applicable laws, and may need to address requirements across geographic boundaries and legal jurisdictions

C.

A privacy statement demonstrates to stakeholders how an organization gathers, uses, discloses, and manages personal information

D.

In order to follow privacy laws, it is mandatory that there is a phone contact information for the organization's owner in the online privacy statement so that customers can reach out in case of a concern or incident, which can be managed online

Full Access
Question # 13

With reference to APEC privacy framework, when personal information is to be transferred to another person or organization, whether domestically or internationally, “the ______________ should obtain the consent of the individual and exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with APEC information privacy principles”.

A.

Personal Information Owner

B.

Personal Information Controller

C.

Personal Information Processor

D.

Personal Information Auditor

Full Access
Question # 14

According to IT (Amendment) Act,2008, who should designate a grievance officer to redress grievance(s) of provider of information?

A.

Data processor

B.

Third party agency collecting personal information

C.

Body corporate, which determines the means and purpose of data processing

D.

Natural person sharing his/her information

Full Access
Question # 15

After the rules were notified under section 43A of the IT (Amendment) Act, 2008, a clarification was issued by the government which exempted the service providers, which get access to/processes Sensitive Personal Data or information (SPDI) under contractual agreement with a legal entity located within or outside India. Which privacy principle provisions notified under Sec 43A were exempted for the service providers?

A.

Consent

B.

Privacy policy (which is published)

C.

Access and Correction

D.

Disclosure of information

Full Access
Question # 16

XYZ is a successful startup that acquired a respectable size & scale of operations in last 3 years, handling business process services for small & medium scale enterprises, largely in US & Europe. They are at the stage of closing a deal with a new banking client and working out the details of privacy related obligations in contract. Ensuring effective enforcement of which of the below listed privacy principles is client’s accountability, even after outsourcing its loan approval process to XYZ?

I. Notice

II. Choice and Consent

III. Collection Limitation

IV. Use Limitation

V. Access and Correction

VI. Security

VII. Disclosure to third Party

Please select the correct set of principles from below listed options:

A.

None of the above, since they are outsourcing the work to XYZ who will carry the liability going forward

B.

All except V and VI

C.

All except III

D.

All of the above listed privacy principles

Full Access
Question # 17

XYZ & Co., an Indian hospital specialized in dealing with cancer treatment has organized a free health checkup camp for women in a specific district, after seeking due permission from competent authorities. During the camp the hospital staffs will be feeding the medical records of these women into the computer connected to hospital network system. Does the said hospital need to notify its privacy policy to the women attending the camp and seek their consent regarding the collection and processing of such information?

A.

No, since it is a free checkup camp for their welfare

B.

Yes, in the any language as per the wishes of said hospital

C.

No, since the law does not require the same in this case

D.

Yes, in the language such women would understand

Full Access
Question # 18

Indian constitution does not expressly provide for the “right to privacy” to its citizens. However, there were various judicial pronouncements of the apex court which finally established the “right to privacy” as a fundamental right subsumed under Article 21 of the constitution of India. Article 21 inter alia provides and protects the __________________.

A.

Right to Life and Personal liberty

B.

Right to Opportunity

C.

Right to Freedom of Speech and Expression

D.

Right to Equality before law

Full Access