dsci dcpp-01 practice test

‘Challenging Compliance’ as a privacy principle is covered in which of the following data protection/
privacy act?

• A. Federal Data Protection Act, Germany
• B. UK Data Protection Act
• C. PIPEDA
• D. Singapore Data Protection Act

Which of the following is not required by an organization in US, resorting to EU-US Safe Harbor
provisions, to transfer personal information from EU member nation to US?

• A. Adherence to the seven safe harbor principles
• B. Disclose their privacy policy publicly
• C. Sign standard contractual clauses with data exporters in EU
• D. Notify FTC of the self-certification

Please select the incorrect statement in context of “Online Privacy”:

• A. A person’s act of ‘Selective disclosure” (of themselves) in an online environment
• B. A person’s concern over usage of information that were collected during an online activity
• C. A person’s control over collection of information during an online activity
• D. A person’s concern on the software licensing agreement they sign with any organization

Complete the sentence:
The Gramm-Leach-Bliley Act (GLBA) of US regulates the privacy practices adopted by financial
institutions, requiring them to provide adequate security of the customer records. It lays various
obligations on the financial institutions but allows such financial institutions to share the non-public
information of customers (after properly notifying their consumers in a manner mentioned in the
Act) with

• A. Its affiliates only after obtaining explicit consent from the consumers
• B. Its affiliates without need for obtaining explicit consent from the consumers for sharing their data
• C. Its affiliates after disclosure in initial and annual GLBA privacy notices
• D. Its affiliates after obtaining explicit permission of Federal Trade Commission

Companies based in EU and willing to transfer data outside the EU/EEA, use model contracts as an
instrument. Which of the following statements are true in reference to above statement?

• A. It is a requirement mentioned in EU Data Protection Directive
• B. It is a requirement mentioned in the OECD Privacy Framework
• C. It is a requirement mentioned in the EU E-Commerce Directive
• D. None of the above

After the rules were notified under section 43A of the IT (Amendment) Act, 2008, a clarification was
issued by the government which exempted the service providers, which get access to/processes
Sensitive Personal Data or information (SPDI) under contractual agreement with a legal entity
located within or outside Indi
a. Which privacy principle provisions notified under Sec 43A were exempted for the service
providers?

• A. Consent
• B. Privacy policy (which is published)
• C. Access and Correction
• D. Disclosure of information

Select the element(s) of APEC cross border privacy rules system from the following list:
i. self-assessment
ii. compliance review
iii. recognition/acceptance by APEC members
iv. dispute resolution and enforcement
Please select correct option:

• A. i, ii and iii
• B. ii, iii, and iv
• C. i, iii and iv
• D. i, ii, iii and iv

A ministry under government of India plans to collect citizens’ information related to their education,
medical condition, economic status, caste and religion. As per the privacy requirements mentioned
under Sec 43A of IT (Amendment) Act, 2008, the citizens’ ‘Consent’ would be mandatory for which of
the following elements before their collection?

• A. Educational records
• B. Medical condition
• C. Caste and religion
• D. Sec 43A may not be applicable

Which of the following legislations/ guidelines do not cover the concept of trans-border data flow?

• A. OECD
• B. IT (Amendment) Act, 2008
• C. PIPEDA
• D. None of the above

XYZ is a successful startup that acquired a respectable size & scale of operations in last 3 years,
handling business process services for small & medium scale enterprises, largely in US & Europe.
They are at the stage of closing a deal with a new banking client and working out the details of
privacy related obligations in contract. Ensuring effective enforcement of which of the below listed
privacy principles is client’s accountability, even after outsourcing its loan approval process to XYZ?
I. Notice
II. Choice and Consent
III. Collection Limitation
IV. Use Limitation
V. Access and Correction
VI. Security
VII. Disclosure to third Party
Please select the correct set of principles from below listed options:

• A. None of the above, since they are outsourcing the work to XYZ who will carry the liability going forward
• B. All except V and VI
• C. All except III
• D. All of the above listed privacy principles