New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium IAPP CIPP-C Dumps Questions Answers

Page: 1 / 6
Total 76 questions

Certified Information Privacy Professional/ Canada (CIPP/C) Questions and Answers

Question 1

According to the Privacy Act, which of the following disclosures of personal information by a government institution would require the data subject’s consent?

Options:

A.

When disclosing to a law enforcement body.

B.

When disclosing to comply with a search warrant.

C.

When disclosing to a registered charitable organization.

D.

When disclosing to a member of parliament to assist in resolving a problem.

Buy Now
Question 2

According to PIPEDA, all of the following data is considered sensitive: physical disability, ethnicity, sexual orientation and?

Options:

A.

Age

B.

Gender

C.

Locality

D.

Religion

Question 3

Safeguarding and securing information that is considered sensitive under privacy legislation generally falls into three categories: Administrative, Technical and?

Options:

A.

Legal.

B.

Physical.

C.

Personal.

D.

Logistical.

Question 4

In which situation could a request for access to one’s personal information be denied under the Privacy Act?

Options:

A.

The personal information was collected by the Royal Canadian Mounted Police while performing policing services for a province or municipality.

B.

The personal information was obtained in confidence from a foreign state or agency which has consented to the disclosure of the information.

C.

The release of the personal information could reasonably be expected to cause injury to a protected species of wildlife.

D.

The personal information is more than 20 years old and relates to the detection or suppression of money laundering.

Question 5

In 2007, four employees of TELUS Communications Corporation filed a complaint with the Privacy Commissioner of Canada in connection with the collection of what personal information?

Options:

A.

Voiceprint information.

B.

Drivers' licenses.

C.

Urine samples.

D.

Video images.

Question 6

What must happen before an individual requester can commence a court application relating to the denial of access to personal information under the control of a federal government institution?

Options:

A.

The Privacy Commissioner of Canada must have completed an investigation and issued a report.

B.

The Privacy Commissioner of Canada must have completed an investigation and found in favor of the requester.

C.

The requester must have made a formal Privacy Act request to a government institution for access to personal information.

D.

The requester must have lodged a complaint with the Office of the Privacy Commissioner (OPC) within 60 days of having received a response to a formal Privacy Act request.

Question 7

A boutique hotel in Montreal seeks to attract travelers from Europe but wants to avoid becoming subject to the GDPR’s requirements. Which of the following activities is most likely to result in a finding that the hotel is subject to the GDPR?

Options:

A.

Placing advertisements on travel websites accessible in Europe.

B.

Collecting contact information for foreign business leaders from public directories.

C.

Sending discount offers to guests who previously registered using a foreign address.

D.

Translating the hotel's registration page into German based on the visitor's IP address.

Question 8

In Ontario, personal information can be withheld from disclosure in a Freedom of Information (FOI) request. The following information is included in a record that is the subject of a FOI request being handled by a hospital: employee name, employee title, employee designation, employee educational history, employee personal cell phone number, and feedback about the employee from a colleague.

Which of the following statements is accurate regarding what can be released?

Options:

A.

Employee name and title can only be released if the employee consents

B.

The employee designation is not to be released as it is considered employment history.

C.

Employee name, title, and designation can be released as it is not classified as personal information.

D.

No employee information can be released as it is information that was collected throughout the course of employment.

Question 9

What is the Canadian Courts’ role in reviewing decisions by provincial oversight authorities?

Options:

A.

Review all the investigative notes of the oversight authority, such as would be gathered during interviews.

B.

Impose a prison sentence only, such as when an employee sells personal health information (PHI) for their own gain.

C.

Look at specific types of errors made by the oversight authority such as a misinterpretation of a term in the legislation

D.

Review and compare the oversight authority's decision or recommendation against those of other oversight authorities across Canada.

Question 10

Oversight authorities allow the following types of consent EXCEPT?

Options:

A.

Implied consent at the time of collection.

B.

Verbal consent given to the person collecting the information.

C.

Written consent included with the information that is collected.

D.

General consent covering all activities associated with the personal information.

Question 11

What must a federal government department do before it implements an electronic service (e-service)?

Options:

A.

Conduct a preliminary PIA before acquiring the service

B.

Complete a PIA in accordance with Treasury Board guidelines.

C.

Publish a privacy statement in newspapers and on the government website.

D.

Determine if the Office of the Privacy Commissioner must be notified of the launch of this new e-service

Question 12

What is a difference between the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Personal Information Privacy Act (PIPA) of both Alberta and British Columbia?

Options:

A.

PIPEDA applies to personal information about individuals employed by government institutions; PIPA applies to personal information about individuals employed by public-sector organizations within the provinces.

B.

The enforcement powers of the federal Privacy Commissioner of Canada under PIPEDA are greater than those of the provincial privacy commissioners under PIPA.

C.

PIPEDA applies to federal undertakings and to inter-provincial organizations engaged in commercial activities; PIPA applies to private organizations.

D.

The person in charge of oversight of PIPEDA is a privacy commissioner; the person in charge of oversight of PIPA is an ombudsman.

Question 13

Which of the following describes a difference between the federal Privacy Commissioner and provincial commissioners?

Options:

A.

Provincial commissioners can order an organization to act.

B.

Provincial commissioners are limited to recommending actions.

C.

The federal commissioner has the power to make an organization comply.

D.

The federal commissioner must receive complaints from a legislative representative.

Question 14

A company wants to invest in DEI initiatives within their organization and plans to survey employees by asking for locality, age, salary, gender, ethnicity, religion, sexual orientation, physical/mental disabilities, department, and job level.

The best solution to protect the personal information collected in the survey is to?

Options:

A.

Use a pseudonym to identify employees.

B.

Choose a survey tool located in Canada.

C.

Encrypt the sensitive information collected and stored.

D Adjust all survey question so that no identifying information nan he collected

Question 15

In which circumstance do private sector privacy laws permit collection of information without consent?

Options:

A.

When timely consent cannot be obtained by the organization and the collection is clearly in the individual's interests.

B.

When the collection is necessary for the organization to complete a profile of the individual.

C.

When the collection is reasonable for purposes related to the organization's mandate.

D.

When the individual expressly waives their right to give consent.

Question 16

What is the main reason a country might adopt an "ombudsman" model of privacy oversight?

Options:

A.

It provides a more streamlined process of complaint resolution.

B.

It increases the power of the commissioner to enforce decisions.

C.

It reduces the perception that compliance is a confrontational process.

D.

It provides a more detailed set of guidelines regarding possible violations.

Question 17

According to the federal Privacy Act, before collecting personal information, public-sector organizations are required to ensure that any of the following are met EXCEPT?

Options:

A.

Collection directly relates to, and is necessary for, operating a program of that organization.

B.

Collection is for the purposes of a law enforcement action.

C.

Collection is expressly authorized under an act.

D.

Collection is authorized by consent.

Question 18

Which case, brought before the Federal Court, helped determine that the Office of the Privacy Commissioner of Canada (OPC) had jurisdiction to investigate complaints about United States companies collecting, using and disclosing the personal information of individuals within Canada?

Options:

A.

TJX Winners - Homesense.

B.

Facebook: 2019.

C.

Blood Tribe.

D.

Abika.com.

Question 19

An Alberta woman finds errors about her personal information while reviewing paperwork at a local real estate firm. According to Canadian Standards Association (CSA) principles, how should the firm respond to these errors?

Options:

A.

File an error report describing the nature of the errors.

B.

Amend any information that the woman finds to be erroneous.

C.

Request that the woman complete a new set of forms with correct information

D.

Provide the woman with the names of any third parties who have had access to her information.

Question 20

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), an organization must maintain a record of every breach of security safeguards involving personal information for a minimum of?

Options:

A.

3 months.

B.

12 months.

C.

24 months.

D.

36 months

Question 21

In comparing British Columbia’s privacy laws with the health information privacy acts of the remaining provinces, BC’s privacy laws?

Options:

A.

Seek to create a more flexible regulatory system to manage the patient data itself

B.

Refer to health sector participants as trustees as opposed to custodians.

C.

Exclude laboratories, nursing homes and independent health facilities.

D.

Group data banks together rather than listing them separately.

Question 22

Which of the following existing frameworks is least effective in addressing emerging AI issues while specific AI legislation is being decided?

Options:

A.

The Canada Consumer Product Safety Act.

B.

The Motor Vehicle Safety Act.

C.

The Copyright Act.

D.

The Criminal Code.

Page: 1 / 6
Total 76 questions