DCPP-01 Exam Details

  • Exam Code
    :DCPP-01
  • Exam Name
    :DSCI certified Privacy Professional (DCPP)
  • Certification
    :DSCI Certifications
  • Vendor
    :DSCI
  • Total Questions
    :162 Q&As
  • Last Updated
    :Jul 09, 2026

DSCI DCPP-01 Online Questions & Answers

  • Question 61:

    A ministry under government of India plans to collect citizens' information related to their education, medical condition, economic status, caste and religion. As per the privacy requirements mentioned under Sec 43A of IT (Amendment) Act, 2008, the citizens' `Consent' would be mandatory for which of the following elements before their collection?

    A. Educational records
    B. Medical condition
    C. Caste and religion
    D. Sec 43A may not be applicable

  • Question 62:

    ABC company is a large US based IT Company that provides a range of services to its clients. The company had developed a cloud based application providing end-to-end services for the medical industry. The application had three modules for: -Patients -Hospitals and Doctors -Insurance and Pharmaceutical companies

    Each of the modules was designed to be integrated with others depending on user's choice. For example, a patient could choose to share his/her medical history with his/her doctor (for medical advice) as well as insurance companies (for claims).

    The application requires that all registered users of the application read and acknowledge the privacy policy. Additionally, users are required to identify the purpose for which they are providing any personal data in any of the modules. For example, a patient providing his/her medical history and current symptoms can select `Medical Advice' as the purpose for the data being provided.

    Few months ago, company launched new services in the applications namely, Business Analytics, Group Consultations, Insurance Policy purchase, and Medical Trials Management. The new services used all existing data collected over the years from users. The Company's clients/users are based only in three geographical locations - United States, European Union and India. Additionally, to facilitate better performance of its application, the company established one datacenter each in US, Germany and India for its operations. Each of the datacenter provides the following: -US Datacenter - Storage of data for US based users only -Germany Datacenter - Storage of data for EU based users only -India Datacenter - Storage of data for India based users and alternate site for US and Germany Datacenters (used as part of global load balancing) -Services of a cloud service provider are leveraged in US as a Disaster Recovery (DR) site for Indian Datacenter

    Recently, the company's Application Support Desk has started receiving user complaints related to unsolicited communications.

    These complaints have warranted a review of company's privacy policies as well as practices.

    The use of all user data for business analytics would be in direct conflict with which of the following privacy principles?

    A. Access and Correction
    B. Collection Limitation
    C. Data Quality
    D. Use Limitation

  • Question 63:

    A government agency collecting biometrics of citizens can deny sharing such information with Law Enforcement Agencies (LEAs) on which of the following basis?

    A. The purpose of collecting the biometrics is different than what LEAs intent to use it for
    B. The consent of data subjects has not been taken
    C. Government agencies would share the biometrics with LEAs on one condition if LEA properly notify the citizens
    D. None of the above, as government agencies would never deny any LEA for sharing such information for the purpose of mass surveillance

  • Question 64:

    The primary concern from privacy governance perspective for a leading bank is that the personnel working in non-production environment are not always security cleared to operate with the customers' Personal Identifiable Information (PII) used in the production environment. This practice represents a security vulnerability where data can be copied by unauthorized personnel and security measures associated with standard production level controls can be easily bypassed.

    What technology solutions can be implemented by the organization to overcome this situation:

    A. Data classification tools can be used to strengthen security of sensitive data.
    B. Use of tool to mask the sensitive data.
    C. Define policy for segregation of duties.
    D. Hire a privacy expert.

  • Question 65:

    XYZ bank has recently decided to start offering online banking services. For doing so, the bank has outsourced its IT operations and processes to various third parties. Acknowledging privacy concerns, bank has decided to implement a privacy program.

    Assuming you have been tasked to deploy this framework for the bank, which of the following would most likely be your first step?

    A. Create an inventory of business processes that deal with personal information and identify the associated data element.
    B. Ensure that bank is equipped to test the relevance of each legal and compliance requirement in its environment.
    C. Assign privacy roles and responsibilities for process owners.
    D. Any of the above as order is irrelevant.

  • Question 66:

    Which of the following is not a characteristic of sensitive personal data?

    A. Personal data is a subset of Sensitive Personal Data
    B. Its classification varies from country to country
    C. Its an exhaustive list
    D. It carries a higher risk of processing

  • Question 67:

    If an entity operates a website designed for kids or a website that targets general audience but collects information from individuals known to be under age of 13 years, the entity must comply with requirements in the US.

    A. Child online protection Act, 1998
    B. Gramm-Leach-Bliley Act, 1999
    C. Personal Information Protection and Electronic Documents Act (PIPEDA)
    D. Sarbanes-Oxley Act, 2000

  • Question 68:

    Effective 2013, HIPAA Omnibus rule applies to which of the following?

    A. Covered Entities only
    B. Business Associates only
    C. Covered Entities and Business Associates
    D. Federal Health Bodies only

  • Question 69:

    After the rules were notified under section 43A of the IT (Amendment) Act, 2008, a clarification was issued by the government which exempted the service providers, which get access to/processes Sensitive Personal Data or information (SPDI) under contractual agreement with a legal entity located within or outside India.

    Which privacy principle provisions notified under Sec 43A were exempted for the service providers?

    A. Consent
    B. Privacy policy (which is published)
    C. Access and Correction
    D. Disclosure of information

  • Question 70:

    Which of the following laid foundation for the development of OECD privacy principles for the promotion of free international trade and trans border data flows?

    A. Fair information Privacy Practices of US, 1974
    B. EU Data Protection Directive
    C. Safe Harbor Framework
    D. WTO's Free Trade Agreement

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only DSCI exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your DCPP-01 exam preparations and DSCI certification application, do not hesitate to visit our Vcedump.com to find your solutions here.