IAPP CIPP-C Practice Test - Questions Answers, Page 4
Question list
List of questions
Related questions
In Ontario, personal information can be withheld from disclosure in a Freedom of Information (FOI) request. The following information is included in a record that is the subject of a FOI request being handled by a hospital: employee name, employee title, employee designation, employee educational history, employee personal cell phone number, and feedback about the employee from a colleague.
Which of the following statements is accurate regarding what can be released?
Employee name and title can only be released if the employee consents
The employee designation is not to be released as it is considered employment history.
Employee name, title, and designation can be released as it is not classified as personal information.
No employee information can be released as it is information that was collected throughout the course of employment.
In which instance is your personal information deemed publicly available?
You belong to a professional body and your name exists on a registry that meets legal requirements.
You volunteer for an organization and they register you on their contact list in order to book you for future shifts.
You applied to a variety of universities and your application data exists on a register by the admissions departments.
You contributed financial donations to your local church and your name exists on their list for income tax receipt purposes.
According to the Alberta Personal Information Protection Act, which of the following data breach reporting notifications to the commissioner is NOT automatically triggered when real risk of significant harm (RROSH) has been determined?
Providing a description of the steps the organization will take to notify the affected individual(s).
Providing a description of the steps the organization has taken to reduce or mitigate that harm.
Providing an estimate of the number of individuals affected by the breach.
Providing a description of the personal information involved in the breach.
A new client is opening a Registered Retirement Savings Plan. Their investment advisor asks for their social insurance number (SIN). The advisor must tell the client that because they are opening a tax reporting product, their SIN is mandatory for tax reporting purposes and?
Optional for identity verification purposes.
Mandatory for identity verification purposes.
Optional for secondary marketing purposes.
Mandatory for secondary marketing purposes.
Why is biometric information considered sensitive personal information in almost all circumstances?
It is user specific information that can easily be stored and accessed to identify an individual or group of individuals.
It can be applied broadly to link many pieces of personal information and creates security vulnerabilities.
It is distinctive, unlikely to vary overtime, difficult to change and largely unique to the individual.
It is easy to recognize and reproduce with increasing computer processing power.
Which of the following describes a difference between the federal Privacy Commissioner and provincial commissioners?
Provincial commissioners can order an organization to act.
Provincial commissioners are limited to recommending actions.
The federal commissioner has the power to make an organization comply.
The federal commissioner must receive complaints from a legislative representative.
According to the federal Privacy Commissioner, what protection is missing from the Privacy Act regarding outsourcing of government work that contains personal information?
A statement preventing the vendor to whom the information is outsourced to subcontract its processing.
A statement granting the Privacy Commissioner the right to issue orders following an investigation into a possible data breach.
A statement requiring the government agency to complete a Privacy Impact Assessment (PIA) prior to outsourcing to a third party.
A statement indicating that the government institution from which the information is outsourced remains accountable for its security.
In which circumstance do private sector privacy laws permit collection of information without consent?
When timely consent cannot be obtained by the organization and the collection is clearly in the individual's interests.
When the collection is necessary for the organization to complete a profile of the individual.
When the collection is reasonable for purposes related to the organization's mandate.
When the individual expressly waives their right to give consent.
What is critical to consider when an organization responsible for a large number of records wants to outsource the storage of those records?
Determining if the personal information stored on the records will be used for data matching
Putting into place a contractual agreement between the organization and the records storage company.
Conducting a Privacy Impact Assessment (PIA) prior to establishing a relationship with the storage company.
Establishing that consent gathered from individuals by the organization in order to store their personal information was informed and meaningful.
According to PIPEDA, all of the following data is considered sensitive: physical disability, ethnicity, sexual orientation and?
Age
Gender
Locality
Religion
Question