DSCI DCPP-01 - DSCI certified Privacy Professional (DCPP)

Which of the following mechanisms or steps are likely to be taken by an organization for implementing privacy program?

i Deploying physical and technology safeguards to protect personal information assets

ii. Privacy consideration in product and service design

iii. Privacy implementation to focus only on projects impacted by privacy breaches

iv. Benchmarking against industry peers’ privacy implementation

v. Installing privacy enhancing tools and technologies for the projects dealing with organization’s intellectual property

Please select the correct set of statements from the below options:

As a newly-appointed privacy officer of an IT company gearing up for DSCI’s privacy certification, you are trying to understand what data elements are involved in each of the business process, function and if these data elements can be classified as sensitive personal information. What is being accomplished with this effort?

Which of the following privacy principle deals with informed consent of the data subject before sharing the personal information (of the data subject) to third parties for processing?

Indian constitution does not expressly provide for the “right to privacy” to its citizens. However, there were various judicial pronouncements of the apex court which finally established the “right to privacy” as a fundamental right subsumed under Article 21 of the constitution of India. Article 21 inter alia provides and protects the __________________.

Which of the following categories of information are generally protected under privacy laws?

Which of the following legislations/ guidelines do not cover the concept of trans-border data flow?

A ministry under government of India plans to collect citizens’ information related to their education, medical condition, economic status, caste and religion. As per the privacy requirements mentioned under Sec 43A of IT (Amendment) Act, 2008, the citizens’ ‘Consent’ would be mandatory for which of the following elements before their collection?

Which of the following is not required by an organization in US, resorting to EU-US Safe Harbor provisions, to transfer personal information from EU member nation to US?

A US IT company has created a cloud based application for Canadian consumers only, with servers located in Vancouver, Canada. The application allows its users to publish their short stories, essays or e-books. The purpose of the application, i.e. literary work, is clearly stated in the terms and conditions which are mandatorily acknowledged by each user. With respect to this application, the company must ensure compliance with:

With reference to APEC privacy framework, when personal information is to be transferred to another person or organization, whether domestically or internationally, “the ______________ should obtain the consent of the individual and exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with APEC information privacy principles”.