IAPP CIPP-C Practice Test - Questions Answers, Page 3
Question list
List of questions
Related questions
What is the primary motivation for a federal government entity to complete a Privacy Impact Assessment (PIA)?
Introducing new legislation in the House of Commons
Receiving program approvals from the Treasury Board of Canada.
Obtaining program expertise from the Privacy Commissioner of Canada.
Improving collection methods through its information technology systems.
A company wants to invest in DEI initiatives within their organization and plans to survey employees by asking for locality, age, salary, gender, ethnicity, religion, sexual orientation, physical/mental disabilities, department, and job level.
The best solution to protect the personal information collected in the survey is to?
Use a pseudonym to identify employees.
Choose a survey tool located in Canada.
Encrypt the sensitive information collected and stored.
Adjust all survey question so that no identifying information nan he collected
What must an organization do to fulfill the Personal Information Protection and Electronic Documents Act's (PIPEDA) transparency requirements when transferring personal information to a foreign country?
Inform customers if data is to be transferred outside of Canada and solicit additional consent.
Give individuals with an existing business relationship the right to refuse transfer of their information.
Advise customers that their data may be accessed by another jurisdiction's courts or law enforcement.
Provide new customers with a measure-by-measure comparison of relevant foreign laws with Canadian laws.
Which case, brought before the Federal Court, helped determine that the Office of the Privacy Commissioner of Canada (OPC) had jurisdiction to investigate complaints about United States companies collecting, using and disclosing the personal information of individuals within Canada?
TJX Winners - Homesense.
Facebook: 2019.
Blood Tribe.
Abika.com.
A private sector daycare's portal for parents stores their children's photos, allergy information and date of birth. A parent has asked about the portal's security requirements and in three months still not has received an answer. What is missing from the daycare's procedures?
Ensuring transparency.
Responding to the parent's request within 30 days.
Ensuring strong encryption and security measures.
Completing a real risk of significant harm assessment (RROSH).
Which act also includes references to the Privacy Act?
The Access to Information Act.
The Children's Online Privacy Protection Act
The Telecommunications Intercept and Access (TIA) Act.
The Personal Information Protection and Electronic Documents Act
Which of the following provincial health acts is NOT considered substantially similar to the Personal Information Protection and Electronic Documents Act (PIPEDA)?
New Brunswick's Personal Health Information Privacy and Access Act (PHIPAA)
Ontario's Personal Health Information Protection Act (PHIPAA)
Nova Scotia's Personal Health Information Act (PHIPAA)
lAberta's Health Information Act (PHIA)
Which question is NOT part of the Office of the Privacy Commissioner of Canada's (OPC's) four-point test for establishing whether providing access to genetic testing results goes beyond what is necessary or reasonable?
Are there less privacy-invasive alternatives?
Are the collection and the use proportionate to the benefits gained?
Are the validity and accuracy of individual test results guaranteed to be accurate?
Is the personal information likely to be effective in achieving a legitimate business purpose?
What is required of a private sector organization that is subject to a finding by a Canadian federal or
In Qubec, comply with the finding as a binding decision.
Comply with findings of the Privacy Commissioner of Canada only.
In all jurisdictions, adopt and apply the finding within 30 days of the published report.
In Ontario only, apply for judicial review within a provincial court in order to accept or refute the finding.
After an investigation under the Privacy Act, the Privacy Commissioner could do any of the following EXCEPT?
Proceed to federal court to determine if the institution improperly withheld information from an individual.
Order an institution to take remedial action if it determines that the Act has been breached.
Recommend solutions to institutions to address identified shortcomings.
Compel institutions to give oral or written evidence.
Question