DCPP-01 Sample Questions to Pass DSCI certified Privacy Professional

Having a DCPP-01 certification can enhance your employment prospects,and then you can have a lot of good jobs. PassQuestion is a website very suitable to candidates who participate in the DCPP-01 exam. PassQuestion DCPP-01 Sample Questions can not only provide all the information related to the DSCI certified Privacy Professional exam for the candidates, but also provide a good learning opportunity for them. PassQuestion is able to help you pass DSCI certified Privacy Professional exam successfully.

DCPP-01 Sample Questions to Pass DSCI certified Privacy Professional

1. APEC privacy framework envisages common principles such as Notice, Collection limitation, Use Limitation, Access and Correction, Security/Safeguards, and Accountability.

But it differs from the EU Data Protection Directive in which of the below aspect?

APEC privacy framework does not deal with the usage of personal information

APEC privacy framework does not mandate the binding treaties or directives for member countries

APEC privacy framework does not have a provision for co-operation between privacy enforcement agencies of members

APEC privacy framework does not deal with e-commerce

2. A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.

Which of the following are not mandatory pre-requisite before transferring sensitive personal data to its Asian branches?

Notifying the data subject

Conducting risk assessment for the processing involved

Determining adequacy status of the country

Self-certifying to Safe Harbor practices and reporting to Federal Trade Commission

3. A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.

For exporting EU branch employees’ data to Asian Countries for processing, which of the following instruments could be used for legal data transfer?

Customized contracts mandating ISO 27001 certification by the data processor

Standard Contractual Clauses

Binding Corporate Rules

Privacy Shield Framework

4. A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.

For the outsourced work of its customers’ data processing, in order to initiate data transfer to another organizations outside EU, which is the most appropriate among the following?

The vendor (data importer) in the third country, and not the exporter is responsible to put in place suitable model contractual clauses, and hence the exporter does not need to take any action.

Since the data is processed by the vendor outside the EU, the EU directive does not apply and hence there are no legal concerns

The data exporter needs to initiate model contractual clauses after obtaining approvals from data protection commissioner and have the vendor be a signatory on the same as data importer

The data importer need to notify about the transfer to data protection commissioner in the destination country and exporter need to similarly notify in the EU country of origin

5. With reference to APEC privacy framework, when personal information is to be transferred to another person or organization, whether domestically or internationally, “the ______________ should obtain the consent of the individual and exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with APEC information privacy principles”.

Personal Information Owner

Personal Information Controller

Personal Information Processor

Personal Information Auditor

6. From the below listed options, identify the new privacy principle that is being advocated in proposed EU General Data Protection Regulation?

Right to be informed prior to sharing of data

Right to modify data

Right to be forgotten

Right to object data collection and processing

7. Which of the following statements are true about the privacy statement of an organization?

Content of the online privacy statement of an organization will depend upon the applicable laws, and may need to address requirements across geographical boundaries and legal jurisdictions

As per privacy laws generally it is mandatory to mention the phone contact details of the owner of organization in the online privacy statement where customers can reach out in case of a grievance or incident

Online privacy statement is an instrument to demonstrate to stakeholders how the organization gathers, uses, discloses, and manages personal data

India’s Information Technology (Amendment) Act, 2008 does not require that privacy policy be published on the website

8. With respect to ‘Data Minimization’ privacy principle, please select the correct statements from the following:

Right to object by the data subject for minimizing the collection of personal information

Data controllers should limit the amount of data collected to what is directly relevant and necessary to accomplish a specified purpose

Data controllers should retain the data only for as long as is necessary to fulfil the purpose for which it was collected

Process of analyzing and minimizing the collected data into useful information

9. Which of the following privacy principle deals with informed consent of the data subject before sharing the personal information (of the data subject) to third parties for processing?

Collection limitation

Purpose limitation

Disclosure of information

Accountability

10. For negligence in implementing and maintaining the reasonable security practices and procedures for protecting Sensitive Personal Data or Information (SPDI) as mentioned in Section 43A and associated rules under IT (Amendment) Act, 2008, a corporate entity may be liable to pay compensation of up to___________

Rs. 50,000,000

Rs. 500,000,000

Rs. 5,000,000

Upper limit not defined

11. ‘Challenging Compliance’ as a privacy principle is covered in which of the following data protection/privacy act?

Federal Data Protection Act, Germany

UK Data Protection Act

PIPEDA

Singapore Data Protection Act

12. Which of the following is not required by an organization in US, resorting to EU-US Safe Harbor provisions, to transfer personal information from EU member nation to US?

Adherence to the seven safe harbor principles

Disclose their privacy policy publicly

Sign standard contractual clauses with data exporters in EU

Notify FTC of the self-certification

13. Please select the incorrect statement in context of “Online Privacy”:

A person’s act of ‘Selective disclosure” (of themselves) in an online environment

A person’s concern over usage of information that were collected during an online activity

A person’s control over collection of information during an online activity

A person’s concern on the software licensing agreement they sign with any organization

14. Complete the sentence: The Gramm-Leach-Bliley Act (GLBA) of US regulates the privacy practices adopted by financial institutions, requiring them to provide adequate security of the customer records. It lays various obligations on the financial institutions but allows such financial institutions to share the non-public information of customers (after properly notifying their consumers in a manner mentioned in the Act) with

Its affiliates only after obtaining explicit consent from the consumers

Its affiliates without need for obtaining explicit consent from the consumers for sharing their data

Its affiliates after disclosure in initial and annual GLBA privacy notices

Its affiliates after obtaining explicit permission of Federal Trade Commission

15. Companies based in EU and willing to transfer data outside the EU/EEA, use model contracts as an instrument.

Which of the following statements are true in reference to above statement?

It is a requirement mentioned in EU Data Protection Directive

It is a requirement mentioned in the OECD Privacy Framework

It is a requirement mentioned in the EU E-Commerce Directive

None of the above

16. After the rules were notified under section 43A of the IT (Amendment) Act, 2008, a clarification was issued by the government which exempted the service providers, which get access to/processes Sensitive Personal Data or information (SPDI) under contractual agreement with a legal entity located within or outside India.

Which privacy principle provisions notified under Sec 43A were exempted for the service providers?

Consent

Access and Correction

Disclosure of information

17. Select the element(s) of APEC cross border privacy rules system from the following list:

self-assessment
compliance review

iii. recognition/acceptance by APEC members

dispute resolution and enforcement

Please select correct option:

i, ii and iii

ii, iii, and iv

i, iii and iv

i, ii, iii and iv

18. A ministry under government of India plans to collect citizens’ information related to their education, medical condition, economic status, caste and religion.

As per the privacy requirements mentioned under Sec 43A of IT (Amendment) Act, 2008, the citizens’ ‘Consent’ would be mandatory for which of the following elements before their collection?

Educational records

Medical condition

Caste and religion

Sec 43A may not be applicable

19. Which of the following legislations/guidelines do not cover the concept of trans-border data flow?

OECD

IT (Amendment) Act, 2008

PIPEDA

None of the above

20. Which of the following categories of information are generally protected under privacy laws?

Personally Identifiable Information (PII)

Sensitive Personal Information (SPI)

Trademark, copyright and patent information

Organizations’ confidential business information

DCPP-01 Sample Questions to Pass DSCI certified Privacy Professional

DCPP-01 Sample Questions to Pass DSCI certified Privacy Professional

Leave a Reply Cancel reply