New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

CIPP-C Certified Information Privacy Professional/ Canada (CIPP/C) Questions and Answers

Questions 4

Of the key principles in the Personal Information Protection and Electronic Documents Act (PIPEDA), which principle in particular contributes to the increase in privacy policies in recent years?

Options:

A.

Limiting Use, Disclosure, and Retention.

B.

Individual Access.

C.

Openness.

D.

Accuracy

Buy Now
Questions 5

Why is biometric information considered sensitive personal information in almost all circumstances?

Options:

A.

It is user specific information that can easily be stored and accessed to identify an individual or group of individuals.

B.

It can be applied broadly to link many pieces of personal information and creates security vulnerabilities.

C.

It is distinctive, unlikely to vary overtime, difficult to change and largely unique to the individual.

D.

It is easy to recognize and reproduce with increasing computer processing power.

Buy Now
Questions 6

According to the Canadian Standards Association (CSA) Model Code, how long should personal information be retained?

Options:

A.

Personal information should not be retained at all.

B.

Personal information should be retained indefinitely as long as consent has been given.

C.

Personal information should be retained for at least two years after the last administrative use.

D.

Personal information should be retained as long as necessary for the fulfillment of the purpose of the collection.

Buy Now
Questions 7

All items below could be considered sensitive personal information, EXCEPT?

Options:

A.

Credit score.

B.

Date of birth.

C.

Medical history.

D.

Educational transcripts.

Buy Now
Questions 8

What is the Canadian Courts’ role in reviewing decisions by provincial oversight authorities?

Options:

A.

Review all the investigative notes of the oversight authority, such as would be gathered during interviews.

B.

Impose a prison sentence only, such as when an employee sells personal health information (PHI) for their own gain.

C.

Look at specific types of errors made by the oversight authority such as a misinterpretation of a term in the legislation

D.

Review and compare the oversight authority's decision or recommendation against those of other oversight authorities across Canada.

Buy Now
Questions 9

According to the Privacy Act, which of the following disclosures of personal information by a government institution would require the data subject’s consent?

Options:

A.

When disclosing to a law enforcement body.

B.

When disclosing to comply with a search warrant.

C.

When disclosing to a registered charitable organization.

D.

When disclosing to a member of parliament to assist in resolving a problem.

Buy Now
Questions 10

The Government of Canada’s Directive on Privacy Impact Assessments applies to all of the following EXCEPT?

Options:

A.

The Ministry of Health

B.

The Bank of Canada.

C.

Crown Corporations.

D.

The Cabinet.

Buy Now
Questions 11

Which organization was the primary influence in the development of Canadian privacy with their publication of a set of eight privacy principles?

Options:

A.

The Organization for Economic Co-operation and Development (OECD).

B.

The Canadian Institute of Chartered Accountants

C.

The Center for Democracy and Technology (CRT)

D.

The Canadian Standards Association (CSA).

Buy Now
Questions 12

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), when engaging in a third-party transfer of personal information for processing, an organization is expected to have the technology to protect the information during transit and to?

Options:

A.

Establish a contract outlining the individual outsourcing arrangement.

B.

Obtain additional consent for the use of the information by the third party.

C.

Confirm the jurisdictional protections of the receiving organization are the same as PIPEDA.

D.

Review the cross-border data flow competed and approved by the Treasury Board of Canada Secretariat.

Buy Now
Questions 13

In which situation could a request for access to one’s personal information be denied under the Privacy Act?

Options:

A.

The personal information was collected by the Royal Canadian Mounted Police while performing policing services for a province or municipality.

B.

The personal information was obtained in confidence from a foreign state or agency which has consented to the disclosure of the information.

C.

The release of the personal information could reasonably be expected to cause injury to a protected species of wildlife.

D.

The personal information is more than 20 years old and relates to the detection or suppression of money laundering.

Buy Now
Questions 14

A commercial business in Canada is allowed to collect personal information without the knowledge or consent of the individual in all of the following circumstances EXCEPT when?

Options:

A.

The collection is for journalistic or literary purposes.

B.

The collection is in the interests of the individual and the consent cannot be obtained in a timely way.

C.

The collection would lead to the creation of products that would benefit the public and consent would be difficult to obtain.

D.

The collection, with the knowledge of the individual, would compromise the availability and accuracy of the information and the collection is reasonable for the purposes related to investigating

Buy Now
Questions 15

Which of the following describes a difference between the federal Privacy Commissioner and provincial commissioners?

Options:

A.

Provincial commissioners can order an organization to act.

B.

Provincial commissioners are limited to recommending actions.

C.

The federal commissioner has the power to make an organization comply.

D.

The federal commissioner must receive complaints from a legislative representative.

Buy Now
Questions 16

Under the Privacy Act, when government institutions collect personal information?

Options:

A.

Data subject consent is required.

B.

The collection must be directly from a data subject.

C.

The collection must relate to an operating program or activity.

D.

Information collected must be made anonymous where technologically possible

Buy Now
Questions 17

In which circumstance do private sector privacy laws permit collection of information without consent?

Options:

A.

When timely consent cannot be obtained by the organization and the collection is clearly in the individual's interests.

B.

When the collection is necessary for the organization to complete a profile of the individual.

C.

When the collection is reasonable for purposes related to the organization's mandate.

D.

When the individual expressly waives their right to give consent.

Buy Now
Questions 18

Under PIPEDA, each of the following are considered to be personal information EXCEPT?

Options:

A.

A public official's salary published on a government web site.

B.

A person's telephone number published in a public directory.

C.

A photograph taken in public and published in a newspaper.

D.

Information about a defendant contained in court records.

Buy Now
Questions 19

As response to TJX Winners - Homesense, why is "hashing" preferable to storing a personal identifier such as a driver’s license number?

Options:

A.

It scrambles information but can be unscrambled for later use.

B.

It automatically puts a lifespan on any identification that is stored.

C.

It randomizes all permanent identification within an organized database.

D.

It still provides customer identification, but in a form that would not reveal the real number.

Buy Now
Questions 20

What is required for a provincial law to be considered substantially similar to the Personal Information Protection and Electronic Documents Act (PIPEDA)?

Options:

A.

Consistency with at least eight of the ten privacy principles, an independent oversight body and a complaint handling mechanism.

B.

Consistency with the ten privacy principles, an independent oversight body and a process for accessing information.

C.

Consistency with the ten privacy principles, an independent oversight body and a redress mechanism.

D.

Consistency with the ten privacy principles, an appeal process and a redress mechanism.

Buy Now
Questions 21

To whom does the Privacy Commissioner of Canada report?

Options:

A.

Supreme Court of Canada and Prime Minister

B.

House of Commons and the Senate.

C.

Administrative tribunal.

D.

Auditor General.

Buy Now
Questions 22

Work-product information is generally thought of as information about an individual that?

Options:

A.

Is required by an organization to establish an employment relationship.

B.

Includes internal investigation files and complaints filed about an employee.

C.

Includes intellectual property developed within the scope of an employee's job function.

D.

Is prepared or collected as part of that individual’s responsibilities or activities in connection to their job.

Buy Now
Exam Code: CIPP-C
Exam Name: Certified Information Privacy Professional/ Canada (CIPP/C)
Last Update: Dec 22, 2024
Questions: 76

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99