DCPP-01 Practice Exam Questions with Answers DSCI certified Privacy Professional (DCPP) Certification

Data processor

Third party agency collecting personal information

Body corporate, which determines the means and purpose of data processing

Natural person sharing his/her information

Adherence to the seven safe harbor principles

Disclose their privacy policy publicly

Sign standard contractual clauses with data exporters in EU

Notify FTC of the self-certification

Privacy as an explicit fundamental constitutional right

Offences, penalties and remedies

National privacy principles

Setup of a national data controller registry

Personally Identifiable Information (PII)

Sensitive Personal Information (SPI)

Trademark, copyright and patent information

Organizations’ confidential business information

Outsourcing and trans-border data flows in globalized world

Increasing economic value of personal information

Rising demand of data privacy professionals

Phenomenal rise in use of social networking sites, where a lot of personal information is shared with others

Are executed with a sole aim to ensure that privacy of individuals is maintained

Have been initiated to provide services to citizens for maintaining their online privacy only

Have raised the need for a comprehensive privacy legislation at national level

Have enforced a privacy legislation at national level

Protect the constitution

Penalize the organizations and impose fines for failure to protect privacy

Ensure peace in the society

Protect individual rights

Data Processor

Data Controller

Data Subject

Either A or B

APEC privacy framework does not deal with the usage of personal information

APEC privacy framework does not mandate the binding treaties or directives for member countries

APEC privacy framework does not have a provision for co-operation between privacy enforcement agencies of members

APEC privacy framework does not deal with e-commerce

Transfer of information is allowed to those who ensure the same level of data protection that is adhered to by the company as provided for under the Indian laws

The transfer of information is allowed only after taking approval of Chief Information Commissioner of India

The transfer of information is allowed only after taking approval of DeitY (Department of Electronics & Information Technology) in India

The transfer may be allowed only if it is necessary for the performance of the lawful contract or where the data subject has consented to data transfer

Collection limitation

Purpose limitation

Disclosure of information

Accountability

Fair information Privacy Practices of US, 1974

EU Data Protection Directive

Safe Harbor Framework

WTO’s Free Trade Agreement

Fundamental civil liberty

Universal declaration of human rights

Right to be left alone

Binding corporate rules

“Intermediaries” as defined under the IT (Amendment) Act, 2008

Telecom Service Providers

Intelligence and Law Enforcement Agencies

Directorate of Revenue Intelligence (DRI)

Credit card number with expiry date

Bank account Information

Loan account Information

Income tax return file acknowledgement number

Right to Privacy Act

Right to Information Act

Right to Freedom of Speech and Expression

Right to Social Security

PII is necessarily a single data element, not a combination of data elements, which can uniquely identify an individual

PII is a subset of Sensitive Personal Information

PII is any information about a legal entity including details of its registration or any information that may allow its easy identification

None of the above

Information Privacy

Physical Privacy

Social Privacy

Psychological Privacy

The purpose of collecting the biometrics is different than what LEAs intent to use it for

The consent of data subjects has not been taken

Government agencies would share the biometrics with LEAs on one condition if LEA properly notify the citizens

None of the above, as government agencies would never deny any LEA for sharing such information for the purpose of mass surveillance

I and II

III and IV

I, II and III

All of the above

A transfer may occur only where the data subject gives their consent or when it is necessary to perform a lawful contract

In India, the Chief Information Commissioner must approve the transfer of information

Data may be transferred to companies that adhere to the same level of data protection that is required by Indian law

Taking permission from the ministry of electronics and information technology is necessary for information transfer.

Legitimate Interest

Consent

Legal Obligation

Vital Interest

Performance of Contract

Japanese Act on the Protection of Personal Information

UK Data Protection Act, 2018

General Data Protection Regulation, 2016

Information Technology (Amendment) Act, 2008

Only i., iii., vii. and viii

Only i., ii., iii., vii. and viii

Only i., ii., vi. and vii

Only ii., v., vi., vii. and viii

Directive on EU e-commerce mentions it as a requirement

EU Data Protection Directive states that it is a requirement

OECD's Privacy Framework mentions it as a requirement

Neither of the above

FALSE

TRUE

EuroPriSe

BBBOnline

Transaction Guard

WebTrust

The person transferring data to the destination country must inform the data protection commissioner, while the person exporting the data must notify the European Commission.

This case is not covered by the EU directive.

Putting in place suitable model contractual clauses is the vendor's responsibility in the third country.

A data exporter needs to create model contractual clauses after obtaining approvals from the data protection commissioner.

All

All except iii

Only i, and ii

Only i, ii and iv

Federal Data Protection Act, Germany (BDSG)

South Korea's Personal Information Protection Act

Digital Privacy Act, 2015

Child online protection Act, 1998

Right to Information

Dispute resolution

Privacy

Right to Internet