An organization is always a data controller for its _____________.

Which of the following provisions of Information Technology (Amendment) Act, 2008 deal with protection of PI or SPDI of Individuals?

Which of the following wasn't prescribed as a privacy principle under the OECD Privacy Guidelines, 1980?

Entities should collect personal information from user that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. This Privacy Principle is called:

“Data which cannot be attributed to a particular data subject without use of additional information.” Which of the following best describes the above statement?

Which of the following is not in line with the modem definition of Consent?

XYZ bank has recently decided to start offering online banking services. For doing so, the bank has outsourced its IT operations and processes to various third parties. Acknowledging privacy concerns, bank has decided to implement a privacy program. Assuming you have been tasked to deploy this framework for the bank, which of the following would most likely be your first step?