Which of the following privacy regulation advocates de-identification of personal information?
A. EU Data Protection Directive
B. Canada's PIPEDA
C. Australia's ANPP
D. IT Act of India
Which of the following wasn't prescribed as a privacy principle under the OECD Privacy Guidelines, 1980?
A. Openness
B. Data minimization
C. Security Safeguard
D. Purpose Specification
What is the maximum penalty for non-compliance under GDPR?
A. 10 million euros or 2% of annual global turnover of the organization in the preceding financial year, whichever is greater
B. 4% of annual revenue or 10 million, whichever is lower
C. 20 million euros or 4% of global turnover of the organization in the preceding financial year, whichever is greater.
D. none of the above
Which section of the IT (Amendment) Act, 2008 lays down the provision of punishment for offense of wrongful disclosure of personal information with the intent to cause wrongful loss or wrongful gain?
A. Section 43A
B. Section 65
C. Section 72
D. Section 72A
For a third country, a territory or one or more specified sectors within that third country, or an international organization to be granted an adequacy decision under EU GDPR. The law of that region must be:
A. Identical to EU GDPR
B. Should match essential elements to provide protection
C. None of the above
What does PHI stand for, as per HIPAA/ HITECH?
A. Personal healthcare information
B. Public health information
C. Protected health information
D. Personal health information
Which of the following countries mandates localization of all personal data?
A. USA
B. Russia
C. India
D. Germany
What is the standard definition for Data Controller?
A. One who necessarily collects the data
B. One who stores the data
C. One who determines the purpose and means of processing
D. One who shares the data with third parties
Which among the following would not be characteristic of a good privacy notice?
A. Easy to understand
B. Clear and concise
C. Comprehensive ?explaining all the possible scenarios and processing details making the notice lengthy
D. Multilingual
The primary concern from privacy governance perspective for a leading bank is that the personnel working in non-production environment are not always security cleared to operate with the customers' Personal Identifiable Information (PII) used in the production environment. This practice represents a security vulnerability where data can be copied by unauthorized personnel and security measures associated with standard production level controls can be easily bypassed.
What technology solutions can be implemented by the organization to overcome this situation:
A. Data classification tools can be used to strengthen security of sensitive data.
B. Use of tool to mask the sensitive data.
C. Define policy for segregation of duties.
D. Hire a privacy expert.