For negligence in implementing and maintaining the reasonable security practices and procedures for protecting Sensitive Personal Data or Information (SPDI) as mentioned in Section 43A and associated rules under IT (Amendment) Act, 2008, a corporate entity may be liable to pay compensation of up to___________
A. Rs. 50,000,000
B. Rs. 500,000,000
C. Rs. 5,000,000
D. Upper limit not defined
`Challenging Compliance' as a privacy principle is covered in which of the following data protection/ privacy act?
A. Federal Data Protection Act, Germany
B. UK Data Protection Act
C. PIPEDA
D. Singapore Data Protection Act
Which of the following is not required by an organization in US, resorting to EU-US Safe Harbor provisions, to transfer personal information from EU member nation to US?
A. Adherence to the seven safe harbor principles
B. Disclose their privacy policy publicly
C. Sign standard contractual clauses with data exporters in EU
D. Notify FTC of the self-certification
Please select the incorrect statement in context of "Online Privacy":
A. A person's act of `Selective disclosure" (of themselves) in an online environment
B. A person's concern over usage of information that were collected during an online activity
C. A person's control over collection of information during an online activity
D. A person's concern on the software licensing agreement they sign with any organization
Which of the following statements are true about the privacy statement of an organization?
A. Content of the online privacy statement of an organization will depend upon the applicable laws, and may need to address requirements across geographical boundaries and legal jurisdictions
B. As per privacy laws generally it is mandatory to mention the phone contact details of the owner of organization in the online privacy statement where customers can reach out in case of a grievance or incident
C. Online privacy statement is an instrument to demonstrate to stakeholders how the organization gathers, uses, discloses, and manages personal data
D. India's Information Technology (Amendment) Act, 2008 does not require that privacy policy be published on the website
With respect to `Data Minimization' privacy principle, please select the correct statements from the following:
A. Right to object by the data subject for minimizing the collection of personal information
B. Data controllers should limit the amount of data collected to what is directly relevant and necessary to accomplish a specified purpose
C. Data controllers should retain the data only for as long as is necessary to fulfil the purpose for which it was collected
D. Process of analyzing and minimizing the collected data into useful information
With reference to APEC privacy framework, when personal information is to be transferred to another person or organization, whether domestically or internationally, "the ______________ should obtain the consent of the individual and exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with APEC information privacy principles".
A. Personal Information Owner
B. Personal Information Controller
C. Personal Information Processor
D. Personal Information Auditor
From the below listed options, identify the new privacy principle that is being advocated in proposed EU General Data Protection Regulation?
A. Right to be informed prior to sharing of data
B. Right to modify data
C. Right to be forgotten
D. Right to object data collection and processing
A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.
For the outsourced work of its customers' data processing, in order to initiate data transfer to another organizations outside EU, which is the most appropriate among the following?
A. The vendor (data importer) in the third country, and not the exporter is responsible to put in place
suitable model contractual clauses, and hence the exporter does not need to take any action.
B. Since the data is processed by the vendor outside the EU, the EU directive does not apply and hence there are no legal concerns
C. The data exporter needs to initiate model contractual clauses after obtaining approvals from data protection commissioner and have the vendor be a signatory on the same as data importer
D. The data importer need to notify about the transfer to data protection commissioner in the destination country and exporter need to similarly notify in the EU country of origin
A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.
Which of the following are not mandatory pre-requisite before transferring sensitive personal data to its Asian branches?
A. Notifying the data subject
B. Conducting risk assessment for the processing involved
C. Determining adequacy status of the country
D. Self-certifying to Safe Harbor practices and reporting to Federal Trade Commission
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only DSCI exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your DCPP-01 exam preparations and DSCI certification application, do not hesitate to visit our Vcedump.com to find your solutions here.