DCPP-01 Online Practice Questions and Answers

Which of the following provides the legal basis for an Adjudicating Officer in every Indian state and union territory, with the powers of a civil court, to hear complaints and order compensation to the affected individuals?

A. Indian Civil Code

B. Indian Criminal Procedure Code

C. Telecom Regulatory Authority of India (TRAI) Act

D. Information Technology Act, 2000 and Information Technology (Amendment) Act, 2008

Which of the following laws does not have a mandatory personal data breach notification requirement?

A. General Data Protection Regulation, 2016

B. Information Technology (Amendment) Act, 2008

C. Japanese Act on the Protection of Personal Information

D. UK Data Protection Act, 2018

The Information Technology (Reasonable Security Practices And Procedures and Sensitive Data or Information) Rules, 2011 incorporate which of the following privacy concepts and principles:

i. Collection Limitation

ii. Accountability

iii. Right to be forgotten

iv.

Purpose Limitation

v.

Access and correction

A.

i, ii, iii and iv

B.

I, ii, iv and v

C.

I, iii, iv and v

D.

All the above

Japanese Act on the Protection of Personal Information or APPI applies to:

A. Applies to the use of a personal information for businesses

B. Applies to the use of personal information by government entities

C. Both A and B

What does PHI stand for, as per HIPAA/ HITECH?

A. Personal healthcare information

B. Public health information

C. Protected health information

D. Personal health information

Which of the following best defines a `Data Subject'?

A. One who provides his/her personal information for availing any service

B. One who processes the data/information of individuals for providing necessary services

C. Corporate entity whose confidential information is shared with business partners

As per GDPR, in case a data controller or processor does not have an establishment within EU, then:

A. GDPR does not apply to such controllers or processors

B. They need to set up an establishment in the EU

C. They shall verbally communicate the presence of a representative to the supervisory authority

D. Such controllers or processors need to designate a representative in writing to the Union

One of the main objectives of `Do Not Track' technology is to A. Opt out from the web based analytics services, advertising networks and social platforms

B. Opt out from call back services by e-commerce companies

C. Opt out from monitoring and surveillance programs of governments, intelligence and Law Enforcement Agencies

D. None of the above

Privacy enhancing tools aim to allow users to take one or more of the following actions related to their personal data that is sent to, and used by online service providers, merchants or other users:

i. Increase control over their personal data

ii. Choose whether to use services anonymously or not

iii. Obtain informed consent about sharing their personal data

iv.

Opt-out of behavioral advertising or any other use of data Please select correct option from below:

A.

Only i

B.

Only i and ii

C.

All

D.

Only ii

Which of the following parameters should ideally be addressed by a privacy program of an organization?

A. Privacy incident response plan and grievance handling

B. Environmental security concerns

C. Training and data classification

D. Intellectual Property (IP) protection