IAPP CIPP-C Practice Test - Questions Answers, Page 5
Question list
List of questions
Related questions
To whom does the Privacy Commissioner of Canada report?
Supreme Court of Canada and Prime Minister
House of Commons and the Senate.
Administrative tribunal.
Auditor General.
In which situation could a request for access to one's personal information be denied under the Privacy Act?
The personal information was collected by the Royal Canadian Mounted Police while performing policing services for a province or municipality.
The personal information was obtained in confidence from a foreign state or agency which has consented to the disclosure of the information.
The release of the personal information could reasonably be expected to cause injury to a protected species of wildlife.
The personal information is more than 20 years old and relates to the detection or suppression of money laundering.
What is the Canadian Courts' role in reviewing decisions by provincial oversight authorities?
Review all the investigative notes of the oversight authority, such as would be gathered during interviews.
Impose a prison sentence only, such as when an employee sells personal health information (PHI) for their own gain.
Look at specific types of errors made by the oversight authority such as a misinterpretation of a term in the legislation
Review and compare the oversight authority's decision or recommendation against those of other oversight authorities across Canada.
According to the Canadian Standards Association (CSA) Model Code, how long should personal information be retained?
Personal information should not be retained at all.
Personal information should be retained indefinitely as long as consent has been given.
Personal information should be retained for at least two years after the last administrative use.
Personal information should be retained as long as necessary for the fulfillment of the purpose of the collection.
What is the main reason a country might adopt an 'ombudsman' model of privacy oversight?
It provides a more streamlined process of complaint resolution.
It increases the power of the commissioner to enforce decisions.
It reduces the perception that compliance is a confrontational process.
It provides a more detailed set of guidelines regarding possible violations.
According to the Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems, signatories commit to doing all of the following EXCEPT?
Contributing to the development and application of Al standards.
Sharing information and best practices of Al governance.
Supporting public awareness and education on Al.
Adopting low-risk uses of AI.
What must a federal government department do before it implements an electronic service (e-service)?
Conduct a preliminary PIA before acquiring the service
Complete a PIA in accordance with Treasury Board guidelines.
Publish a privacy statement in newspapers and on the government website.
Determine if the Office of the Privacy Commissioner must be notified of the launch of this new e-service
In comparing British Columbia's privacy laws with the health information privacy acts of the remaining provinces, BC's privacy laws?
Seek to create a more flexible regulatory system to manage the patient data itself
Refer to health sector participants as trustees as opposed to custodians.
Exclude laboratories, nursing homes and independent health facilities.
Group data banks together rather than listing them separately.
ABC Corp uses a third-party provider to perform data analytics and sends the following data sets to the third party to run some reports: name, customer ID, age, transaction activity, transaction date, location, outcome, customer type.
If ABC Corp wants the third party to send all the data sets to their US based marketing partner for a new use, they must?
Encrypt data in transit.
Anonymize the personal data before sending.
Seek additional consent from their customers.
Ensure the marketing partner has equal or stronger protections than Canada.
Under the Privacy Act, when government institutions collect personal information?
Data subject consent is required.
The collection must be directly from a data subject.
The collection must relate to an operating program or activity.
Information collected must be made anonymous where technologically possible
Question