A ministry under government of India plans to collect citizens' information related to their education, medical condition, economic status, caste and religion. As per the privacy requirements mentioned under Sec 43A of IT (Amendment) Act, 2008, the citizens' `Consent' would be mandatory for which of the following elements before their collection?
A. Educational recordsABC company is a large US based IT Company that provides a range of services to its clients. The company had developed a cloud based application providing end-to-end services for the medical industry. The application had three modules for: -Patients -Hospitals and Doctors -Insurance and Pharmaceutical companies
Each of the modules was designed to be integrated with others depending on user's choice. For example, a patient could choose to share his/her medical history with his/her doctor (for medical advice) as well as insurance companies (for claims).
The application requires that all registered users of the application read and acknowledge the privacy policy. Additionally, users are required to identify the purpose for which they are providing any personal data in any of the modules. For example, a patient providing his/her medical history and current symptoms can select `Medical Advice' as the purpose for the data being provided.
Few months ago, company launched new services in the applications namely, Business Analytics, Group Consultations, Insurance Policy purchase, and Medical Trials Management. The new services used all existing data collected over the years from users. The Company's clients/users are based only in three geographical locations - United States, European Union and India. Additionally, to facilitate better performance of its application, the company established one datacenter each in US, Germany and India for its operations. Each of the datacenter provides the following: -US Datacenter - Storage of data for US based users only -Germany Datacenter - Storage of data for EU based users only -India Datacenter - Storage of data for India based users and alternate site for US and Germany Datacenters (used as part of global load balancing) -Services of a cloud service provider are leveraged in US as a Disaster Recovery (DR) site for Indian Datacenter
Recently, the company's Application Support Desk has started receiving user complaints related to unsolicited communications.
These complaints have warranted a review of company's privacy policies as well as practices.
The use of all user data for business analytics would be in direct conflict with which of the following privacy principles?
A. Access and CorrectionA government agency collecting biometrics of citizens can deny sharing such information with Law Enforcement Agencies (LEAs) on which of the following basis?
A. The purpose of collecting the biometrics is different than what LEAs intent to use it forThe primary concern from privacy governance perspective for a leading bank is that the personnel working in non-production environment are not always security cleared to operate with the customers' Personal Identifiable Information (PII) used in the production environment. This practice represents a security vulnerability where data can be copied by unauthorized personnel and security measures associated with standard production level controls can be easily bypassed.
What technology solutions can be implemented by the organization to overcome this situation:
A. Data classification tools can be used to strengthen security of sensitive data.XYZ bank has recently decided to start offering online banking services. For doing so, the bank has outsourced its IT operations and processes to various third parties. Acknowledging privacy concerns, bank has decided to implement a privacy program.
Assuming you have been tasked to deploy this framework for the bank, which of the following would most likely be your first step?
A. Create an inventory of business processes that deal with personal information and identify the associated data element.Which of the following is not a characteristic of sensitive personal data?
A. Personal data is a subset of Sensitive Personal DataIf an entity operates a website designed for kids or a website that targets general audience but collects information from individuals known to be under age of 13 years, the entity must comply with requirements in the US.
A. Child online protection Act, 1998Effective 2013, HIPAA Omnibus rule applies to which of the following?
A. Covered Entities onlyAfter the rules were notified under section 43A of the IT (Amendment) Act, 2008, a clarification was issued by the government which exempted the service providers, which get access to/processes Sensitive Personal Data or information (SPDI) under contractual agreement with a legal entity located within or outside India.
Which privacy principle provisions notified under Sec 43A were exempted for the service providers?
A. ConsentWhich of the following laid foundation for the development of OECD privacy principles for the promotion of free international trade and trans border data flows?
A. Fair information Privacy Practices of US, 1974Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only DSCI exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your DCPP-01 exam preparations and DSCI certification application, do not hesitate to visit our Vcedump.com to find your solutions here.