IAPP CIPP-C Practice Test - Questions Answers
Question list
List of questions
Related questions
Which is NOT a Canadian Standards Association (CSA) Privacy Principle?
Personal information shall be protected by the same security safeguards regardless of the sensitivity of the information.
The purpose for which personal information is collected shall be identified by the organization at or before the time the information is collected.
The degree to which personal information must be kept accurate and complete is determined by whether its original purpose has been achieved.
Upon request, an individual shall be informed of the existence, use and disclosure of their personal information and shall be given access to that information.
In 2007, four employees of TELUS Communications Corporation filed a complaint with the Privacy Commissioner of Canada in connection with the collection of what personal information?
Voiceprint information.
Drivers' licenses.
Urine samples.
Video images.
Of the key principles in the Personal Information Protection and Electronic Documents Act (PIPEDA), which principle in particular contributes to the increase in privacy policies in recent years?
Limiting Use, Disclosure, and Retention.
Individual Access.
Openness.
Accuracy
A federally regulated company based in Ontario has customers in Ontario, Quebec, New Brunswick, Alberta and British Columbia. Unfortunately, a third-party vendor that provides marketing support to the company experiences a privacy breach which impacts the personal information of all its customers across the provinces where it operates.
The Privacy Officer determines that the breach causes a real risk of significant harm to their customers and is tasked with reporting the breach to the relevant regulators.
With which provincial privacy regulators does the company have to file a report?
It is unnecessary to file a report with any provinces because the company is federally regulated
All of the provinces where its customers are located
New Brunswick and British Columbia only
Quebec and Alberta only
Which of the following specifically differentiates between regular personal information and employee-related or work-product information?
The Privacy Act.
The Quebec Act.
British Columbia's Personal Information Protection Act
Personal Information Protection and Electronic Documents Act (PIPEDA).
Under PIPEDA, each of the following situations requires an organization to obtain express consent to use personal information EXCEPT?
If the use is outside of the reasonable expectations of an individual.
If the information is publicly available as defined by the regulation.
If the use is inconsistent with the original purpose.
If there is no risk of significant harm.
What is required for a provincial law to be considered substantially similar to the Personal Information Protection and Electronic Documents Act (PIPEDA)?
Consistency with at least eight of the ten privacy principles, an independent oversight body and a complaint handling mechanism.
Consistency with the ten privacy principles, an independent oversight body and a process for accessing information.
Consistency with the ten privacy principles, an independent oversight body and a redress mechanism.
Consistency with the ten privacy principles, an appeal process and a redress mechanism.
A boutique hotel in Montreal seeks to attract travelers from Europe but wants to avoid becoming subject to the GDPR's requirements. Which of the following activities is most likely to result in a finding that the hotel is subject to the GDPR?
Placing advertisements on travel websites accessible in Europe.
Collecting contact information for foreign business leaders from public directories.
Sending discount offers to guests who previously registered using a foreign address.
Translating the hotel's registration page into German based on the visitor's IP address.
The movement toward comprehensive privacy and data protection laws can be attributed to a combination of three major factors: the need to remedy past injustices, the need to promote a digital economy and the need to ensure consistency with?
Self-regulatory laws.
Pan-European laws.
Pan-Asian laws.
Global laws.
A private organization called Vision 3072 must verify the information they are collecting is up to date in order to avoid misinformed actions or decisions. Which privacy principle is intended to make sure this verification is happening?
Integrity.
Accuracy.
Accountability.
Limiting purposes.
Question