DSCI DCPP-01 問題集

質問 1：
How soon after becoming aware of the breach the data controller has to notify the supervisory authority under Article 33 of GDPR.
A. 36 hours
B. 24 hours
C. 72 hours
D. 17 hours
正解：C

質問 2：
XYZ & Co., an Indian hospital specialized in dealing with cancer treatment has organized a free health checkup camp for women in a specific district, after seeking due permission from competent authorities. During the camp the hospital staffs will be feeding the medical records of these women into the computer connected to hospital network system. Does the said hospital need to notify its privacy policy to the women attending the camp and seek their consent regarding the collection and processing of such information?
A. Yes, in the language such women would understand
B. Yes, in the any language as per the wishes of said hospital
C. No, since it is a free checkup camp for their welfare
D. No, since the law does not require the same in this case
正解：B

質問 3：
Rising economic value of personal information has stressed the need for a comprehensive __________ legislation in India.
A. Right to Internet
B. Privacy
C. Dispute resolution
D. Right to Information
正解：A

質問 4：
Which of the following are key contributors that would enhance the complexity in implementing security measures for protection personal information?
A. Data collection through multiple modes and channels
B. Regulatory requirements to issue privacy notice and data breach notification in specified format
C. Evolution of nimble and flexible business processes affecting access management
D. Increasing focus on right to privacy
正解：A

質問 5：
Which of the following doesn't contribute, or contributes the least, to the growing data privacy challenges in today's digital age?
A. Mass surveillance
B. Social media
C. Increase in digitization of personal information
D. Use of secure wireless connections
正解：B

質問 6：
APEC privacy framework envisages common principles such as Notice, Collection limitation, Use Limitation, Access and Correction, Security/Safeguards, and Accountability. But it differs from the EU Data Protection Directive in which of the below aspect?
A. APEC privacy framework does not mandate the binding treaties or directives for member countries
B. APEC privacy framework does not have a provision for co-operation between privacy enforcement agencies of members
C. APEC privacy framework does not deal with the usage of personal information
D. APEC privacy framework does not deal with e-commerce
正解：A

質問 7：
Which of the following statements is true with respect to organization's privacy training and awareness program?
A. Should necessarily cover official from Law Enforcement Agencies that request lawful access to personal information
B. Should cover employees of service provider dealing with personal information
C. Should define roles and responsibilities of personnel in privacy function
D. None of the above
正解：C

質問 8：
In relation to "Online Privacy" please pick the incorrect statement:
A. People's concern over the way their personal information is used during online activities
B. People's concerns over the license agreements they sign with any company
C. Online disclosure of "selective" information by a person that is publicly available
D. The process of obtaining information online that a person can control
正解：D

質問 9：
A Privacy Impact Assessment (PIA) should ideally accomplish which of the following goals?
A. To comply with ISO 27001:2013 standard
B. To acknowledge the organization's role in collecting personal identifiable information
C. To determine the risks and effects of collecting, storing and distributing personal information
D. To evaluate processes for handling personal information for mitigating potential privacy risks
正解：D