Winter Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Login / Register

Question # 4

Which of the following statement about Personally Identifiable Information (PII) is true?

A.

PII is necessarily a single data element, not a combination of data elements, which can uniquely identify an individual

B.

PII is a subset of Sensitive Personal Information

C.

PII is any information about a legal entity including details of its registration or any information that may allow its easy identification

D.

None of the above

Full Access
Question # 5

Which of the following doesn’t contribute, or contributes the least, to the growing data privacy challenges in today’s digital age?

A.

Social media

B.

Mass surveillance

C.

Use of secure wireless connections

D.

Increase in digitization of personal information

Full Access
Question # 6

Which of the following does not fall under the category of Personal Financial Information (PFI)?

A.

Credit card number with expiry date

B.

Bank account Information

C.

Loan account Information

D.

Income tax return file acknowledgement number

Full Access
Question # 7

Under the OECD Privacy Guidelines, 1980, which of the following was not a privacy principle?

A.

Purpose Specification

B.

Security Safeguard

C.

Openness

D.

Data minimization

Full Access
Question # 8

When you're based in the EU and willing to share data outside the EU/EEA, then you can use model contracts. In reference to the above statement, which of the following is true?

A.

Directive on EU e-commerce mentions it as a requirement

B.

EU Data Protection Directive states that it is a requirement

C.

OECD's Privacy Framework mentions it as a requirement

D.

Neither of the above

Full Access
Question # 9

With respect to privacy monitoring and incident management process, which of the below should be a part of a standard incident handling process?

I. Incident identification and notification

II. Investigation and remediation

III. Root cause analysis

IV. User awareness training on how to report incidents

Please select the correct option:

A.

I and II

B.

III and IV

C.

I, II and III

D.

All of the above

Full Access
Question # 10

What is not a compulsory pre-requisite before a company with headquarters in the EU transfers sensitive personal data to its Asian subsidiaries?

A.

Self-certifying to Safe Harbor practices and reporting to Federal Trade Commission

B.

Performing a risk assessment for the processing involved

C.

Data subjects are notified

D.

Assessing the country's adequacy

Full Access
Question # 11

Which among the following organizations does not issue a privacy seal?

A.

EuroPriSe

B.

BBBOnline

C.

Transaction Guard

D.

WebTrust

Full Access
Question # 12

Which of the following categories of information are generally protected under privacy laws?

A.

Personally Identifiable Information (PII)

B.

Sensitive Personal Information (SPI)

C.

Trademark, copyright and patent information

D.

Organizations’ confidential business information

Full Access
Question # 13

How soon after becoming aware of the breach the data controller has to notify the supervisory authority under Article 33 of GDPR.

A.

17 hours

B.

24 hours

C.

36 hours

D.

72 hours

Full Access
Question # 14

Please select the incorrect statement in context of “Online Privacy”:

A.

A person’s act of ‘Selective disclosure” (of themselves) in an online environment

B.

A person’s concern over usage of information that were collected during an online activity

C.

A person’s control over collection of information during an online activity

D.

A person’s concern on the software licensing agreement they sign with any organization

Full Access
Question # 15

Select the element(s) of APEC cross border privacy rules system from the following list:

i. self-assessment

ii. compliance review

iii. recognition/acceptance by APEC members

iv. dispute resolution and enforcement

Please select correct option:

A.

i, ii and iii

B.

ii, iii, and iv

C.

i, iii and iv

D.

i, ii, iii and iv

Full Access
Question # 16

Under which of the following conditions can a company in India may transfer sensitive personal information (SPI) to any other company or a person in India, or located in any other country?

A.

Transfer of information is allowed to those who ensure the same level of data protection that is adhered to by the company as provided for under the Indian laws

B.

The transfer of information is allowed only after taking approval of Chief Information Commissioner of India

C.

The transfer of information is allowed only after taking approval of DeitY (Department of Electronics & Information Technology) in India

D.

The transfer may be allowed only if it is necessary for the performance of the lawful contract or where the data subject has consented to data transfer

Full Access
Question # 17

Companies based in EU and willing to transfer data outside the EU/EEA, use model contracts as an instrument. Which of the following statements are true in reference to above statement?

A.

It is a requirement mentioned in EU Data Protection Directive

B.

It is a requirement mentioned in the OECD Privacy Framework

C.

It is a requirement mentioned in the EU E-Commerce Directive

D.

None of the above

Full Access
Question # 18

Indian constitution does not expressly provide for the “right to privacy” to its citizens. However, there were various judicial pronouncements of the apex court which finally established the “right to privacy” as a fundamental right subsumed under Article 21 of the constitution of India. Article 21 inter alia provides and protects the __________________.

A.

Right to Life and Personal liberty

B.

Right to Opportunity

C.

Right to Freedom of Speech and Expression

D.

Right to Equality before law

Full Access