DCPLA Online Practice Questions and Answers

Which of the following are key contributors that would enhance the complexity in implementing security measures for protection of personal information? (Choose all that apply.)

A. Data collection through multiple modes and channels

B. Evolution of nimble and flexible business processes affecting access management

C. Regulatory requirements to issue privacy notice and data breach notification in specified format

D. None of the above

Which of the following is not an objective of POR?

A. Create an inventory of business processes, enterprise and operational functions, client relationships that deal with personal information

B. Identify all the activities, functions and operations that can be attributed to the privacy initiatives of an organization

C. Evaluate the role of corporate function in legal compliance management, its relations with IT, and security functions. Evaluate the role of legal function in compliance matters

D. Establish a privacy function to address the activities, functions and operations that are required to manage the privacy initiatives

Arrange the following techniques in decreasing order of the risk of re-identification:

I) Pseudonymization II) De-identification III) Anonymization

A. I, II

B. III, II, I

C. II, III, I

D. All have equal risk of re-identification

As a privacy lead assessor assessing the company for DSCI's privacy certification, you are assessing the adequacy of resources and skills in the organization, to address privacy related responsibilities. Which DSCI Privacy Framework (DPF? practice area is relevant?

A. Visibility over Personal Information (VPI)

B. Privacy Organization and Relationship (POR)

C. Privacy Awareness and Training (PAT)

D. Information Usage and Access (IUA)

Categorize the following statements as: Visibility/ Capability /Enforcement /Demonstration Problems

"The network is unable to restrict unwanted external connections carrying sensitive information."

A. Visibility

B. Capability

C. Enforcement

D. Demonstration

Which of the following factors is least likely to be considered while implementing or augmenting data security solution for privacy protection?

A. Security controls deployment at the database level

B. Information security infrastructure up-gradation in the organization

C. Classification of data type and its usage by various functions in the organization

D. Training and awareness program for third party organizations

__________ layer of the DSCI Privacy Framework (DPF? ensures that adequate level of awareness exists in an organization.

A. Personal Information Security

B. Information Usage, Access, Monitoring and Training

C. Privacy Strategy and Processes

D. None of the above

"Data which cannot be attributed to a particular data subject without use of additional information." Which of the following best describes the above statement?

A. Anonymized Data

B. Metadata

C. Pseudonymized Data

D. None of the above

The entire assessment process, from commencement to submission of final report to DSCI must be completed within 2 weeks.

A. True

B. False

An organization is always a data controller for its _____________.

A. Employees

B. Client

C. Supervisory authority

D. None of the above