DCPP-01 Practice Exam Questions with Answers DSCI certified Privacy Professional (DCPP) Certification

Question # 6

If XYZ & Co. collects, stores and processes personal information of living persons, electronically in a structured filing system, then XYZ could be a:

Data Processor

Data Controller

Data Subject

Either A or B

Full Access

Question # 7

Under which of the following conditions can a government department refuse to release information under the provisions of RTI Act?

Adverse impact of such information on the stability of the ruling party in government

Adverse impact of such information on national security

Adverse impact of such information on personal privacy of its officials if it does not satisfy the public interest at large

Adverse impact of such information on the public image of the government department

Full Access

Question # 8

Which type of data qualify as Sensitive Personal Data or Information under Section 43A of IT (Amendment) Act, 2008?

Sexual orientation

Political affiliation

Religion and caste

Call Data Records (CDRs)

Full Access

Question # 9

According to RTI Act, under which conditions can a government department refuse to release information?

National security adversely affected by such information

This information is detrimental to the stability of the ruling party in government

Detrimental effect on the public image of government agencies

In the absence of a public interest, such information may adversely impact the privacy of its officials

Full Access

Question # 10

Regarding projects such as Aadhaar, the National Population Register (NPR), etc. that involve national government projects specific to India, which of the following statements is accurate?

Citizens can choose not to submit their biometric details to the environment and can complete the process without providing their biometrics

Prior to and during collection of data, data subjects are not properly notified

In India, biometric data collection is a statutory requirement

Once their personal information has been shared with the project, data subjects are not limited in how they can exercise control over how it will be used

Full Access

Answer:

Explanation:

Explanation

The requesting entity is expected to inform the individual, at the time of e-KYC authentication, what information will be shared with it by UIDAI on authentication and the purpose for which the information would be used. It is expected that notice is provided in the local language as well – to ensure that the individual understands clearly what he/she is getting into. Any other entity other than the requesting entity that collects individual’s Aadhaar number or even a document containing the Aadhaar number is also required to inform the individual the purpose of collection, whether it is mandatory and what are the alternatives. Consent After providing notice, the requesting entity is required to obtain the consent of the individual before collecting the identity information. The information may be collected in physical or, preferably, in electronic form. A record or log of the consent is also required to be maintained in the format specified by UIDAI. A requesting entity can do e-KYC authentication on behalf of a third party and share the e-KYC data with the third party for a specific purpose. However, it needs to take consent of the individual for this purpose. For any sharing of e-KYC data with a third party, a separate consent for each such sharing is required. The individual himself/herself may share their data with other entities. However, those entities cannot further share the data with any other entity without obtaining the individual’s consent every single time it does a share. Similarly, any other entity other than the requesting entity that collects individual’s Aadhaar number or any document containing the Aadhaar number is also required to obtain the consent of the individual for the collection, storage and usage of the individual’s Aadhaar number for the purpose specified. The individual has the freedom to revoke any of the earlier consent(s) given, and requesting entity would be required to delete e-KYC data along with ceasing its ability to share further. Usage and Purpose The requesting entity can use the identity information of an individual only for the purpose specified to the individual at the time of authentication or e-KYC. Similarly, any other entity other than the requesting entity that collects individual’s Aadhaar number or any document containing the Aadhaar number can use the Aadhaar number only for those purposes specified to the individual at the time of obtaining his consent. Any other entity other than the requesting entity that collects individual’s Aadhaar number or any document containing the Aadhaar number is not permitted to share the Aadhaar number with any other person without obtaining the consent of the individual. Disclosure The core biometric information collected under the Act is not allowed to be shared with anyone for any reason whatsoever. This is applicable to UIDAI as well as all agencies in the ecosystem. A requesting entity can share the identity data, including the e-KYC data, with third parties for any lawful purposes provided specific consent from the individual for the same has been obtained. However, the third party, in turn, cannot share it further with any other third party except to complete a transaction- that too only if the individual has given specific consent.

Question # 11

Who should be designated as a grievance officer in IT (Amendment) Act, 2008 to redress grievance(s) from information providers?

An individual sharing his/her information

A third party agency collects personal information

An organization that determines the means and purposes of data processing

Processor of data

Full Access

Question # 12

De-identification of personal information is advocated by which of the following privacy regulations?

IT Act of India

Australia's ANPP

EU Data Protection Directive

Canada's PIPEDA

Full Access

Question # 13

Regarding the "Data Minimization" principle, please select the correct statement from the following:

Retaining collected data as long as necessary to achieve purposes

Limiting the amount of data collected for specific purposes

The purpose of data collection is to analyze and minimize it into useful information.

Objecting to the collection of personal information by the data subject

Full Access

Question # 14

A financial organization may share nonpublic information about its customers in accordance with Gramm-Leach-Bliley Act of the US. Which one of the following is the requirement?

Data sharing does not require consent from the consumers.

As soon as the GLBA privacy notice is disclosed initially and annually

FTC permission is required

Consumers' consent must be obtained first

Full Access

Question # 15

For negligence in implementing and maintaining the reasonable security practices and procedures for protecting Sensitive Personal Data or Information (SPDI) as mentioned in Section 43A and associated rules under IT (Amendment) Act, 2008, a corporate entity may be liable to pay compensation of up to___________

Rs. 50,000,000

Rs. 500,000,000

Rs. 5,000,000

Upper limit not defined

Full Access

Question # 16

Under which of the following conditions can a company in India may transfer sensitive personal information (SPI) to any other company or a person in India, or located in any other country?

Transfer of information is allowed to those who ensure the same level of data protection that is adhered to by the company as provided for under the Indian laws

The transfer of information is allowed only after taking approval of Chief Information Commissioner of India

The transfer of information is allowed only after taking approval of DeitY (Department of Electronics & Information Technology) in India

The transfer may be allowed only if it is necessary for the performance of the lawful contract or where the data subject has consented to data transfer

Full Access

Question # 17

XYZ is a successful startup that acquired a respectable size & scale of operations in last 3 years, handling business process services for small & medium scale enterprises, largely in US & Europe. They are at the stage of closing a deal with a new banking client and working out the details of privacy related obligations in contract. Ensuring effective enforcement of which of the below listed privacy principles is client’s accountability, even after outsourcing its loan approval process to XYZ?

I. Notice

II. Choice and Consent

III. Collection Limitation

IV. Use Limitation

V. Access and Correction

VI. Security

VII. Disclosure to third Party

Please select the correct set of principles from below listed options:

None of the above, since they are outsourcing the work to XYZ who will carry the liability going forward

All except V and VI

All except III

All of the above listed privacy principles

Full Access

Question # 18

Which of the following privacy regulation advocates de-identification of personal information?

EU Data Protection Directive

Canada’s PIPEDA

Australia’s ANPP

IT Act of India

Full Access

Labour Day Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

Contact Email:

Crack4sure Logo

Main Navigation

DCPP-01 PDF

$38.5

$109.99

DCPP-01 PDF + Testing Engine

$61.6

$175.99

DCPP-01 Engine

$46.2

$131.99

DCPP-01 Practice Exam Questions with Answers DSCI certified Privacy Professional (DCPP) Certification

Answer:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Answer:

QUICK LINKS

SUPPORT

PAYMENT METHOD

Site Secure

CONTACT US