DCPP-01 Online Practice Questions and Answers

A ministry under government of India plans to collect citizens' information related to their education, medical condition, economic status, caste and religion. As per the privacy requirements mentioned under Sec 43A of IT (Amendment) Act, 2008, the citizens' `Consent' would be mandatory for which of the following elements before their collection?

A. Educational records

B. Medical condition

C. Caste and religion

D. Sec 43A may not be applicable

Indian constitution does not expressly provide for the "right to privacy" to its citizens. However, there were various judicial pronouncements of the apex court which finally established the "right to privacy" as a fundamental right subsumed under Article 21 of the constitution of India. Article 21 inter alia provides and protects the __________________.

A. Right to Life and Personal liberty

B. Right to Opportunity

C. Right to Freedom of Speech and Expression

D. Right to Equality before law

If an entity operates a website designed for kids or a website that targets general audience but collects information from individuals known to be under age of 13 years, the entity must comply with requirements in the US.

A. Child online protection Act, 1998

B. Gramm-Leach-Bliley Act, 1999

C. Personal Information Protection and Electronic Documents Act (PIPEDA)

D. Sarbanes-Oxley Act, 2000

The Information Technology (Reasonable Security Practices And Procedures and Sensitive Data or Information) Rules, 2011 incorporate which of the following privacy concepts and principles:

i. Collection Limitation

ii. Accountability

iii. Right to be forgotten

iv.

Purpose Limitation

v.

Access and correction

A.

i, ii, iii and iv

B.

I, ii, iv and v

C.

I, iii, iv and v

D.

All the above

For a third country, a territory or one or more specified sectors within that third country, or an international organization to be granted an adequacy decision under EU GDPR. The law of that region must be:

A. Identical to EU GDPR

B. Should match essential elements to provide protection

C. None of the above

In the context of DSCI Privacy Framework (DPF?, what does PPP stand for?

A. Public Private Partnership

B. Privacy Policy and Processes

C. Personal Privacy and Processes

D. Private Policy and Procedures

In India, who among the following would be the authorized legal entities to monitor and intercept communication of individuals?

A. "Intermediaries" as defined under the IT (Amendment) Act, 2008

B. Telecom Service Providers

C. Intelligence and Law Enforcement Agencies

D. Directorate of Revenue Intelligence (DRI)

Choose the correct statement:

Projects like DNA profiling, UIDAI, collection of individual's statistics, etc.

A. Are executed with a sole aim to ensure that privacy of individuals is maintained

B. Have been initiated to provide services to citizens for maintaining their online privacy only

C. Have raised the need for a comprehensive privacy legislation at national level

D. Have enforced a privacy legislation at national level

Company A collects and stores information from people X and Y on behalf of company B. Which of the following statements are true?

A. A is the data controller since it collects data directly from X and Y

B. B is the data controller while A is the sub processor as B has outsourced the data collection and processing to A

C. B is the data controller that uses A as data processor to collect and process data of data subjects X and Y

D. Both A and B are data controllers since both need to maintain highest principles of data protection

A ___________ is typically provided at the time of PI collection from the data subject.

A. Notice

B. Warning

C. Warranty

D. Disclaimer

From the following list, identify the technology aspects that are specially designed for upholding the privacy:

i. Data minimization

ii. Intrusion prevention system

iii. Data scrambling

iv.

Data loss prevention

v.

Data portability

vi. Data obfuscation

vii. Data encryption

viii.

Data mirroring

Please select the correct set of aspects from below options:

A.

Only i., iii., v., vii. and viii

B.

Only i., ii., iii., vii. and viii

C.

Only i., iii., iv., vi. and vii

D.

Only ii., v., vi., vii. and viii

With respect to privacy notice, what are the responsibilities of data controller?

A. Providing the notice before or during data collection

B. Identifying and communication the purposes for which data will be collected, used, and disclosed

C. Providing notice after the data collection

D. Providing notice at every instance of data processing

A privacy lead assessor assessing your company for DSCI's privacy certification gets to know that your payroll process has been outsourced to a third party service provider. So, he/she is reviewing your contract with that service provider to ascertain which privacy related clauses are incorporated in the contract.

What could be the possible reasons for reviewing the contract?

A. Possible violation of `Collection Limitation'

B. Possible violation of `Use Limitation'

C. Risk of data subjects directly reaching to service provider

D. Data security controls in third party provider's environment

A Business Process Management (BPM) organization based in India, has many domestic clients. The organization observes that one of its domestic clients does not appreciate the value of customers' personal information and have a lot of system loop holes that can be exploited to breach privacy of its customers. The contract signed with the said client makes the BPM organization 100% liable for privacy breaches. The BPM organization has paid close to $10,000 in fines as penalty to the said client in the past. The privacy office has highlighted the risk to the senior management of the BPM organization. What is the best possible approach that the BPM organization can take to resolve this issue?

A. Escalate the issue to client's management, and cancel the contract with the client if they do not stop penalizing the company for the privacy breaches

B. Take strict actions against individuals committing the breach of privacy, including taking them to court in India via the available channels

C. Conduct a proactive risk assessment of client's business processes, and associated IT systems ? present the risk management report to the client, and request for change of contract terms to amend the liability clause.

D. None of the above

Rising economic value of personal information has stressed the need for a comprehensive __________ legislation in India.

A. Right to Internet

B. Privacy

C. Right to Information

D. Dispute resolution