DCPP-01 DSCI certified Privacy Professional (DCPP) Questions and Answers

For negligence in implementing and maintaining the reasonable security practices and procedures for protecting Sensitive Personal Data or Information (SPDI) as mentioned in Section 43A and associated rules under IT (Amendment) Act, 2008, a corporate entity may be liable to pay compensation of up to___________

Please select the incorrect statement in context of “Online Privacy”:

Under which of the following conditions can a company in India may transfer sensitive personal information (SPI) to any other company or a person in India, or located in any other country?

What are the roles an organization can play from privacy perspective?

i. Data Controller – determines the means and purpose of processing of data which is collected from its end customers

ii. Data Controller – determines the means and purpose of processing of data which is collected from its employees

iii. Data Sub-Processor – processes personal data on behalf of data processor

iv. Joint Controller – determines the means and purpose of data processing along with other data controller

Please select correct option:

Which of the following laid foundation for the development of OECD privacy principles for the promotion of free international trade and trans border data flows?

Company A collects and stores information from people X & Y on behalf of company B. Which of the following statements are true?

Which type of data qualify as Sensitive Personal Data or Information under Section 43A of IT (Amendment) Act, 2008?

Which of the following doesn’t contribute, or contributes the least, to the growing data privacy challenges in today’s digital age?

Which of the following does not fall under the category of Personal Financial Information (PFI)?

Rising economic value of personal information has stressed the need for a comprehensive __________ legislation in India.

Choose the correct statement:

Projects like DNA profiling, UIDAI, collection of individual’s statistics, etc.

In India, who among the following would be the authorized legal entities to monitor and intercept communication of individuals?

In the history of human evolution, erection of walls and fences around one’s living spaces is interpreted as arrival of which type of privacy consciousness?

Which of the following is not a driver for increased privacy-related concerns and subsequent regulatory responses from various governments around the world?

Which of the following legislations/ guidelines do not cover the concept of trans-border data flow?

A ministry under government of India plans to collect citizens’ information related to their education, medical condition, economic status, caste and religion. As per the privacy requirements mentioned under Sec 43A of IT (Amendment) Act, 2008, the citizens’ ‘Consent’ would be mandatory for which of the following elements before their collection?

You are part of a team that has been created by Indian government to create India’s privacy law based on recommendations in Justice AP Shah’s Report. Which of the following provisions should be addressed in the law?

After the rules were notified under section 43A of the IT (Amendment) Act, 2008, a clarification was issued by the government which exempted the service providers, which get access to/processes Sensitive Personal Data or information (SPDI) under contractual agreement with a legal entity located within or outside India. Which privacy principle provisions notified under Sec 43A were exempted for the service providers?

Choose from the options below to group privacy principles into user centric (requiring people ' s involvement) and organization centric (restricted to processes within the organization) categories:

Which of the following is not required by an organization in US, resorting to EU-US Safe Harbor provisions, to transfer personal information from EU member nation to US?

With reference to APEC privacy framework, when personal information is to be transferred to another person or organization, whether domestically or internationally, “the ______________ should obtain the consent of the individual and exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with APEC information privacy principles”.

Which of the following categories of information are generally protected under privacy laws?

XYZ is a successful startup that acquired a respectable size & scale of operations in last 3 years, handling business process services for small & medium scale enterprises, largely in US & Europe. They are at the stage of closing a deal with a new banking client and working out the details of privacy related obligations in contract. Ensuring effective enforcement of which of the below listed privacy principles is client’s accountability, even after outsourcing its loan approval process to XYZ?

I. Notice

II. Choice and Consent

III. Collection Limitation

IV. Use Limitation

V. Access and Correction

VI. Security

VII. Disclosure to third Party

Please select the correct set of principles from below listed options:

According to IT (Amendment) Act,2008, who should designate a grievance officer to redress grievance(s) of provider of information?

According to RTI Act, under which conditions can a government department refuse to release information?

Historically, which of these events led to the formation of our current concept of privacy?

A company collects personal information about its employees and requests them to provide accurate information in order to avail benefits such as life insurance and medical insurance. Employees of the company have raised concerns about use of their personal information. Due to the concerns, the company has decided to create a privacy policy. What all should the company include in its privacy policy to address the raised concerns?

When sharing personal information (of the data subject) with third parties for processing, which of the following privacy principles includes informed consent?

When you ' re based in the EU and willing to share data outside the EU/EEA, then you can use model contracts. In reference to the above statement, which of the following is true?

It is essential for an entity to comply with US requirements if it operates a website designed for kids or a website for general audiences that gathers information from individuals known to be under 13 years old. Which of the below regulations is applicable?

A Privacy Impact Assessment (PIA) should ideally accomplish which of the following goals?

The Qatar Concerning Privacy and Protection of Personal Data Act, 2016 addresses different types of personal data, including:

Under the OECD Privacy Guidelines, 1980, which of the following was not a privacy principle?