A private organization called Vision 3072 must verify the information they are collecting is up to date in order to avoid misinformed actions or decisions. Which privacy principle is intended to make sure this verification is happening?
A. Integrity.
B. Accuracy.
C. Accountability.
D. Limiting purposes.
A boutique hotel in Montreal seeks to attract travelers from Europe but wants to avoid becoming subject to the GDPR's requirements. Which of the following activities is most likely to result in a finding that the hotel is subject to the GDPR?
A. Placing advertisements on travel websites accessible in Europe.
B. Collecting contact information for foreign business leaders from public directories.
C. Sending discount offers to guests who previously registered using a foreign address.
D. Translating the hotel's registration page into German based on the visitor's IP address.
What is the Generally Accepted Privacy Principles (GAPP) framework?
A. An information management model that is widely recognized across many Canadian industries.
B. A comprehensive guide for industry best practices as delineated by the Canadian federal Privacy Commissioner.
C. A template for Privacy Impact Assessments (PIAs) that are conducted within private sector organizations in Canada.
D. A principles-based privacy approach advocated by Canada's leading accounting industry group and its U.S.-based counterpart.
Which of the following existing frameworks is least effective in addressing emerging AI issues while specific AI legislation is being decided?
A. The Canada Consumer Product Safety Act.
B. The Motor Vehicle Safety Act.
C. The Copyright Act.
D. The Criminal Code.
Which of the following incidents will require reporting to OPC?
A. A sales report with aggregated information that was sent to the wrong person internally.
B. A file with client ID, sales amount and sales date that was sent to the wrong processors who cannot identify the clients.
C. An organization's point-of-sale system that was subject to an attempted hack that was blocked by the organization's firewall.
D. As part of a freedom of information request, a nursing home that released an e-mail with everybody's e-mail address in the "to" section unredacted.
All items below could be considered sensitive personal information, EXCEPT?
A. Credit score.
B. Date of birth.
C. Medical history.
D. Educational transcripts.
According to the federal court ruling in the Eastman Case, video cameras in the workplace are considered to be collecting personal information?
A. At the moment a recording occurs.
B. When a camera is on, even if it is not yet recording.
C. As soon as the data is saved to a workplace server.
D. When someone within the organization views the recording.
A small commercial business in Canada was preparing a mailing to its customers when the letters and the envelopes were mismatched, causing 500 of 1000 letters to be sent to the wrong recipients. The letters contained the name and mailing address of the clients as well as account numbers and account balances.
The business has discovered this error as clients called to report receiving the wrong letter and expressing concern that their information has been breached. Which of the following is the most appropriate next step to take?
A. All 1000 clients must be sent new letters.
B. The 500 clients who were impacted must be immediately notified.
C. The Office of the Privacy Commissioner (OPC) must be immediately notified.
D. A risk assessment must be completed to determine the real risk of significant harm (RROSH) to the clients.
An Alberta resident has signed up for a health wellness "app" developed by a British Columbia based software provider that stores the data in British Columbia. The application has various non-healthcare related uses. The individual inputs their name and email address in the application to subscribe to health and wellness tips.
The collection and use of the individual's name and email address by the British Columbia based scheduling app would fall under what legislation?
A. Alberta's Health Information Act (HIA).
B. Alberta's Personal Information Protection Act (PIPA).
C. Alberta's Freedom of Information and Protection of Privacy Act (FOIP).
D. The Personal Information Protection and Electronic Documents Act (PIPEDA).
Oversight authorities allow the following types of consent EXCEPT?
A. Implied consent at the time of collection.
B. Verbal consent given to the person collecting the information.
C. Written consent included with the information that is collected.
D. General consent covering all activities associated with the personal information.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-C exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.