New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

IAPP CIPP-C Certified Information Privacy Professional/ Canada (CIPP/C) Exam Practice Test

Page: 1 / 8
Total 76 questions

Certified Information Privacy Professional/ Canada (CIPP/C) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Which health information custodians may NOT rely on an implied consent model under Ontario's Personal Health Information Protection Act (PHIPA)?

Options:

A.

Private insurance companies.

B.

Long-term care homes.

C.

Ambulance services.

D.

Pharmacies

Question 2

After an investigation under the Privacy Act, the Privacy Commissioner could do any of the following EXCEPT?

Options:

A.

Proceed to federal court to determine if the institution improperly withheld information from an individual.

B.

Order an institution to take remedial action if it determines that the Act has been breached.

C.

Recommend solutions to institutions to address identified shortcomings.

D.

Compel institutions to give oral or written evidence.

Question 3

According to the federal Privacy Act, before collecting personal information, public-sector organizations are required to ensure that any of the following are met EXCEPT?

Options:

A.

Collection directly relates to, and is necessary for, operating a program of that organization.

B.

Collection is for the purposes of a law enforcement action.

C.

Collection is expressly authorized under an act.

D.

Collection is authorized by consent.

Question 4

In Ontario, a patient attends an appointment with a physician and reveals information about some new symptoms that she has been experiencing. Based on this information, the physician diagnoses the patient with a condition and prepares the report detailing the applicable history and diagnosis. The report is added to the patient’s record. The patient later regrets revealing certain facts and doesn’t want anyone else to know about these symptoms or the diagnosis. She acknowledges that the information she provided was correct and does not question the diagnosis.

Which of the following requests would the patient be most successful at pursuing?

Options:

A.

That a correction be made to change the diagnosis based on the patient's wishes.

B.

That the information be restricted from disclosure to other health care providers.

C.

That a copy of the record be kept by the patient for disclosure to physicians.

D.

That details of the diagnosis be deleted from the patient’s health record.

Question 5

The Government of Canada’s Directive on Privacy Impact Assessments applies to all of the following EXCEPT?

Options:

A.

The Ministry of Health

B.

The Bank of Canada.

C.

Crown Corporations.

D.

The Cabinet.

Question 6

What is critical to consider when an organization responsible for a large number of records wants to outsource the storage of those records?

Options:

A.

Determining if the personal information stored on the records will be used for data matching

B.

Putting into place a contractual agreement between the organization and the records storage company.

C.

Conducting a Privacy Impact Assessment (PIA) prior to establishing a relationship with the storage company.

D.

Establishing that consent gathered from individuals by the organization in order to store their personal information was informed and meaningful.

Question 7

According to the Canadian Standards Association (CSA) Model Code, how long should personal information be retained?

Options:

A.

Personal information should not be retained at all.

B.

Personal information should be retained indefinitely as long as consent has been given.

C.

Personal information should be retained for at least two years after the last administrative use.

D.

Personal information should be retained as long as necessary for the fulfillment of the purpose of the collection.

Question 8

Which of these employees would be subject to the Personal Information Protection and Electronic Documents Act (PIPEDA)?

Options:

A.

The staff of an airline offering flights across Canada.

B.

Underwriters for a New Brunswick insurance company.

C.

Clerks at a Montreal credit union based out of Montreal.

D.

The information technology department of the Saskatchewan Office of Residential Tenancies of Saskatchewan.

Question 9

What is required of a private sector organization that is subject to a finding by a Canadian federal or

Options:

A.

In Québec, comply with the finding as a binding decision.

B.

Comply with findings of the Privacy Commissioner of Canada only.

C.

In all jurisdictions, adopt and apply the finding within 30 days of the published report.

D.

In Ontario only, apply for judicial review within a provincial court in order to accept or refute the finding.

Question 10

Safeguarding and securing information that is considered sensitive under privacy legislation generally falls into three categories: Administrative, Technical and?

Options:

A.

Legal.

B.

Physical.

C.

Personal.

D.

Logistical.

Question 11

In which instance is your personal information deemed publicly available?

Options:

A.

You belong to a professional body and your name exists on a registry that meets legal requirements.

B.

You volunteer for an organization and they register you on their contact list in order to book you for future shifts.

C.

You applied to a variety of universities and your application data exists on a register by the admissions departments.

D.

You contributed financial donations to your local church and your name exists on their list for income tax receipt purposes.

Question 12

What must an organization do to fulfill the Personal Information Protection and Electronic Documents Act’s (PIPEDA) transparency requirements when transferring personal information to a foreign country?

Options:

A.

Inform customers if data is to be transferred outside of Canada and solicit additional consent.

B.

Give individuals with an existing business relationship the right to refuse transfer of their information.

C.

Advise customers that their data may be accessed by another jurisdiction's courts or law enforcement.

D.

Provide new customers with a measure-by-measure comparison of relevant foreign laws with Canadian laws.

Question 13

According to the Alberta Personal Information Protection Act, which of the following data breach reporting notifications to the commissioner is NOT automatically triggered when real risk of significant harm (RROSH) has been determined?

Options:

A.

Providing a description of the steps the organization will take to notify the affected individual(s).

B.

Providing a description of the steps the organization has taken to reduce or mitigate that harm.

C.

Providing an estimate of the number of individuals affected by the breach.

D.

Providing a description of the personal information involved in the breach.

Question 14

Which of the following provincial health acts is NOT considered substantially similar to the Personal Information Protection and Electronic Documents Act (PIPEDA)?

Options:

A.

New Brunswick's Personal Health Information Privacy and Access Act (PHIPAA)

B.

Ontario's Personal Health Information Protection Act (PHIPAA)

C.

Nova Scotia's Personal Health Information Act (PHIPAA)

D.

lAberta's Health Information Act (PHIA)

Question 15

A federally regulated company based in Ontario has customers in Ontario, Quebec, New Brunswick, Alberta and British Columbia. Unfortunately, a third-party vendor that provides marketing support to the company experiences a privacy breach which impacts the personal information of all its customers across the provinces where it operates.

The Privacy Officer determines that the breach causes a real risk of significant harm to their customers and is tasked with reporting the breach to the relevant regulators.

With which provincial privacy regulators does the company have to file a report?

Options:

A.

It is unnecessary to file a report with any provinces because the company is federally regulated

B.

All of the provinces where its customers are located

C.

New Brunswick and British Columbia only

D.

Quebec and Alberta only

Question 16

To whom does the Privacy Commissioner of Canada report?

Options:

A.

Supreme Court of Canada and Prime Minister

B.

House of Commons and the Senate.

C.

Administrative tribunal.

D.

Auditor General.

Question 17

In what situation is the federal Privacy Commissioner authorized to proceed to federal court?

Options:

A.

For a determination on a ruling regarding privacy matters relating to the Charter of Rights and Freedom.

B.

For a determination of whether or not personal information was properly withheld from release.

C.

For a determination on a ruling by an administrative tribunal regarding privacy.

D.

For a determination on a ruling by a provincial Privacy Commissioner.

Question 18

What is required for a provincial law to be considered substantially similar to the Personal Information Protection and Electronic Documents Act (PIPEDA)?

Options:

A.

Consistency with at least eight of the ten privacy principles, an independent oversight body and a complaint handling mechanism.

B.

Consistency with the ten privacy principles, an independent oversight body and a process for accessing information.

C.

Consistency with the ten privacy principles, an independent oversight body and a redress mechanism.

D.

Consistency with the ten privacy principles, an appeal process and a redress mechanism.

Question 19

Which is NOT a Canadian Standards Association (CSA) Privacy Principle?

Options:

A.

Personal information shall be protected by the same security safeguards regardless of the sensitivity of the information.

B.

The purpose for which personal information is collected shall be identified by the organization at or before the time the information is collected.

C.

The degree to which personal information must be kept accurate and complete is determined by whether its original purpose has been achieved.

D.

Upon request, an individual shall be informed of the existence, use and disclosure of their personal information and shall be given access to that information.

Question 20

Of the key principles in the Personal Information Protection and Electronic Documents Act (PIPEDA), which principle in particular contributes to the increase in privacy policies in recent years?

Options:

A.

Limiting Use, Disclosure, and Retention.

B.

Individual Access.

C.

Openness.

D.

Accuracy

Question 21

According to the Privacy Act, which of the following disclosures of personal information by a government institution would require the data subject’s consent?

Options:

A.

When disclosing to a law enforcement body.

B.

When disclosing to comply with a search warrant.

C.

When disclosing to a registered charitable organization.

D.

When disclosing to a member of parliament to assist in resolving a problem.

Question 22

The movement toward comprehensive privacy and data protection laws can be attributed to a combination of three major factors: the need to remedy past injustices, the need to promote a digital economy and the need to ensure consistency with?

Options:

A.

Self-regulatory laws.

B.

Pan-European laws.

C.

Pan-Asian laws.

D.

Global laws.

Page: 1 / 8
Total 76 questions