Which of the following is outside the scope of an organization's privacy incident management plan?
A. Detection of leakage of personal information
B. Defining data access rules for business users
C. Communication of privacy incidents
D. Remediation of incidents
Which of the following parameters should ideally be addressed by a privacy program of an organization?
A. Privacy incident response plan and grievance handling
B. Environmental security concerns
C. Training and data classification
D. Intellectual Property (IP) protection
Which of the following term is commonly used to refer to a solution that protects users' right to choose whether their activities can be monitored by third-party websites or not:
A. Do not Disturb
B. Do not Record
C. Do not Track
D. Do not Follow
A Business Process Management (BPM) organization based in India, has many domestic clients. The organization observes that one of its domestic clients does not appreciate the value of customers' personal information and have a lot of system loop holes that can be exploited to breach privacy of its customers. The contract signed with the said client makes the BPM organization 100% liable for privacy breaches. The BPM organization has paid close to $10,000 in fines as penalty to the said client in the past. The privacy office has highlighted the risk to the senior management of the BPM organization. What is the best possible approach that the BPM organization can take to resolve this issue?
A. Escalate the issue to client's management, and cancel the contract with the client if they do not stop penalizing the company for the privacy breaches
B. Take strict actions against individuals committing the breach of privacy, including taking them to court in India via the available channels
C. Conduct a proactive risk assessment of client's business processes, and associated IT systems ? present the risk management report to the client, and request for change of contract terms to amend the liability clause.
D. None of the above
Methods for de-identification can be classified into two types:
A. Statistical and Heuristic Methods
B. Human and Machine Methods
C. Advanced and Compilation Methods
D. None of the above
As a privacy lead assessor assessing the company for DSCI's privacy certification, you are assessing the adequacy of resources and skills in the organization, to address privacy related responsibilities.
Which DSCI Privacy Framework (DPF? practice area is relevant?
A. Visibility over Personal Information (VPI)
B. Privacy Organization and Relationship (POR)
C. Privacy Awareness and Training (PAT)
D. Information Usage and Access (IUA)
In which of the following stages of the personal information life cycle, should the security aspects be considered?
1.
Collection
2.
Maintenance
3.
Distribution
4.
Disposition
A. 1,2 and 3
B. 2, 3 and 4
C. 2 and 3
D. 1,2,3 and 4
With respect to privacy governance, which of the following statements are correct?
A. Privacy governance defines the specifications for privacy operations performed on data processed through computer resource only.
B. Privacy governance provides privacy strategy and direction, and takes decisions on key privacy issues.
C. Privacy governance addresses day-to-day privacy incidents with processes established by privacy policies and procedures.
D. Privacy governance ensures that privacy issues are not left unaddressed in the organization.
A Data Loss Prevention (DLP) tool identifies a large number of medical records sent by an employee to a personal email address.
Which of the following is the most critical consideration while internally investigating this incident?
A. The domain of the recipient e-mail address
B. The gender of patients whose records were shared
C. The time of day the records were sent
D. The reason the records were emailed
The primary concern from privacy governance perspective for a leading bank is that the personnel working in non-production environment are not always security cleared to operate with the customers' Personal Identifiable Information (PII) used in the production environment. This practice represents a security vulnerability where data can be copied by unauthorized personnel and security measures associated with standard production level controls can be easily bypassed.
What technology solutions can be implemented by the organization to overcome this situation:
A. Data classification tools can be used to strengthen security of sensitive data.
B. Use of tool to mask the sensitive data.
C. Define policy for segregation of duties.
D. Hire a privacy expert.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only DSCI exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your DCPP-01 exam preparations and DSCI certification application, do not hesitate to visit our Vcedump.com to find your solutions here.