3 Months Free Update
3 Months Free Update
3 Months Free Update
Under PIPEDA, each of the following situations requires an organization to obtain express consent to use personal information EXCEPT?
In Ontario, a patient attends an appointment with a physician and reveals information about some new symptoms that she has been experiencing. Based on this information, the physician diagnoses the patient with a condition and prepares the report detailing the applicable history and diagnosis. The report is added to the patient’s record. The patient later regrets revealing certain facts and doesn’t want anyone else to know about these symptoms or the diagnosis. She acknowledges that the information she provided was correct and does not question the diagnosis.
Which of the following requests would the patient be most successful at pursuing?
Work-product information is generally thought of as information about an individual that?
Which of the following describes a difference between the federal Privacy Commissioner and provincial commissioners?
Under the Personal Information Protection and Electronic Documents Act (PIPEDA), when engaging in a third-party transfer of personal information for processing, an organization is expected to have the technology to protect the information during transit and to?
A boutique hotel in Montreal seeks to attract travelers from Europe but wants to avoid becoming subject to the GDPR’s requirements. Which of the following activities is most likely to result in a finding that the hotel is subject to the GDPR?
According to the federal court ruling in the Eastman Case, video cameras in the workplace are considered to be collecting personal information?
A private sector daycare’s portal for parents stores their children’s photos, allergy information and date of birth. A parent has asked about the portal’s security requirements and in three months still not has received an answer. What is missing from the daycare’s procedures?
A federally regulated company based in Ontario has customers in Ontario, Quebec, New Brunswick, Alberta and British Columbia. Unfortunately, a third-party vendor that provides marketing support to the company experiences a privacy breach which impacts the personal information of all its customers across the provinces where it operates.
The Privacy Officer determines that the breach causes a real risk of significant harm to their customers and is tasked with reporting the breach to the relevant regulators.
With which provincial privacy regulators does the company have to file a report?
All items below could be considered sensitive personal information, EXCEPT?
Why is biometric information considered sensitive personal information in almost all circumstances?
Which organization was the primary influence in the development of Canadian privacy with their publication of a set of eight privacy principles?
What is the main reason a country might adopt an "ombudsman" model of privacy oversight?
What can be concluded from the Blood Tribe case regarding the Privacy Commissioner's access to information?
According to the Alberta Personal Information Protection Act, which of the following data breach reporting notifications to the commissioner is NOT automatically triggered when real risk of significant harm (RROSH) has been determined?
ABC Corp uses a third-party provider to perform data analytics and sends the following data sets to the third party to run some reports: name, customer ID, age, transaction activity, transaction date, location, outcome, customer type.
If ABC Corp wants the third party to send all the data sets to their US based marketing partner for a new use, they must?