In the context of DSCI Privacy Framework (DPF?, what does PPP stand for?
A. Public Private Partnership
B. Privacy Policy and Processes
C. Personal Privacy and Processes
D. Private Policy and Procedures
ABC company is a large US based IT Company that provides a range of services to its clients. The company had developed a cloud based application providing end-to-end services for the medical industry. The application had three modules for: -Patients -Hospitals and Doctors -Insurance and Pharmaceutical companies
Each of the modules was designed to be integrated with others depending on user's choice. For example, a patient could choose to share his/her medical history with his/her doctor (for medical advice) as well as insurance companies (for claims).
The application requires that all registered users of the application read and acknowledge the privacy policy. Additionally, users are required to identify the purpose for which they are providing any personal data in any of the modules. For example, a patient providing his/her medical history and current symptoms can select ‘Medical Advice’ as the purpose for the data being provided.
Few months ago, company launched new services in the applications namely, Business Analytics, Group
Consultations, Insurance Policy purchase, and Medical Trials Management. The new services used all existing data collected over the years from users. The Company's clients/users are based only in three geographical locations - United States, European Union and India. Additionally, to facilitate better performance of its application, the company established one datacenter each in US, Germany and India for its operations. Each of the datacenter provides the following: -US Datacenter - Storage of data for US based users only -Germany Datacenter - Storage of data for EU based users only -India Datacenter - Storage of data for India based users and alternate site for US and Germany Datacenters (used as part of global load balancing) -Services of a cloud service provider are leveraged in US as a Disaster Recovery (DR) site for Indian Datacenter
Recently, the company's Application Support Desk has started receiving user complaints related to unsolicited communications.
These complaints have warranted a review of company's privacy policies as well as practices.
What all will be the directly or indirectly applicable laws on the data stored on US cloud service provider?
i. HIPAA
ii. German Data Protection Act
iii. IT(Amendments) Act, 2008 Sec 43A
iv.
None of the above as data protection laws are not applicable on Cloud Service Providers
A.
iv
B.
i and ii
C.
i, ii and iii
D.
ii and iii
Which section of the IT (Amendment) Act, 2008 lays down the provision of punishment for offense of wrongful disclosure of personal information with the intent to cause wrongful loss or wrongful gain?
A. Section 43A
B. Section 65
C. Section 72
D. Section 72A
XYZ Inc of USA has setup a captive back office operations center in India. The captive is registered as a separate legal entity by the name XYZ India Private Limited and provides services only to XYZ Inc by catering its technology support needs. During the process of providing services, the Indian entity does not receive any customer information of the XYZ Inc. However, information such as financial information and biometric information etc. of the employees of XYZ India is shared with the XYZ Inc.
What necessary steps need to be taken before actual sharing of the aforesaid information happens?
1.
Seek consent from the employees of XYZ India before sharing the information;
2.
A lawful contract between the XYZ Inc and XYZ India regarding the terms of sharing and data protection measures to be taken, with the obligation on XYZ Inc of not sharing the received information further without permission from Indian entity;
3.
The XYZ Inc should agree to provide better or at-par level of data protection as prescribed in the IT (Amendment) Act, 2008;
4.
The country in which the XYZ Inc is located should ensure better or same level of data protection as prescribed in the IT (Amendment) Act, 2008
A. 1 and 2
B. 1, 2 and 3
C. 2 and 3
D. 1 and 4
According to The Information Technology (Reasonable Security Practices And Procedures and Sensitive Data or Information) Rules, 2011, which of the following does not fall under the category of Sensitive Personal Data or Information?
A. Sexual orientation
B. Password
C. Medical records and history
D. Religious Beliefs
Japanese Act on the Protection of Personal Information or APPI applies to:
A. Applies to the use of a personal information for businesses
B. Applies to the use of personal information by government entities
C. Both A and B
Provisions in which of the following legislations in India have or could have a direct conflict with an individual's privacy (though exceptions could have already been defined in the law)?
A. Right to Information (Amendment) Act, 2013
B. TheLokPal and LokaYuktas Act, 2013
C. National Food Security Act, 2013
D. Official Secrets Act, 1923
On September 30, 1970 the ever first data protection law, the ______________ Data Protection Act was passed.
A. Hesse
B. Copenhagen
C. Paris
D. Munich
For a third country, a territory or one or more specified sectors within that third country, or an international organization to be granted an adequacy decision under EU GDPR. The law of that region must be:
A. Identical to EU GDPR
B. Should match essential elements to provide protection
C. None of the above
In June 2018, which US State passed a citizen proposed Consumer Privacy Act?
A. California
B. Texas
C. Iowa
D. Florida
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only DSCI exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your DCPP-01 exam preparations and DSCI certification application, do not hesitate to visit our Vcedump.com to find your solutions here.