What must a federal government department do before it implements an electronic service (e-service)?
Work-product information is generally thought of as information about an individual that?
ABC Corp uses a third-party provider to perform data analytics and sends the following data sets to the third party to run some reports: name, customer ID, age, transaction activity, transaction date, location, outcome, customer type.
If ABC Corp wants the third party to send all the data sets to their US based marketing partner for a new use, they must?
A small commercial business in Canada was preparing a mailing to its customers when the letters and the envelopes were mismatched, causing 500 of 1000 letters to be sent to the wrong recipients. The letters contained the name and mailing address of the clients as well as account numbers and account balances.
The business has discovered this error as clients called to report receiving the wrong letter and expressing concern that their information has been breached. Which of the following is the most appropriate next step to take?
What must an organization do to fulfill the Personal Information Protection and Electronic Documents Act’s (PIPEDA) transparency requirements when transferring personal information to a foreign country?
As response to TJX Winners - Homesense, why is "hashing" preferable to storing a personal identifier such as a driver’s license number?
Why is biometric information considered sensitive personal information in almost all circumstances?
After an investigation under the Privacy Act, the Privacy Commissioner could do any of the following EXCEPT?
In Ontario, personal information can be withheld from disclosure in a Freedom of Information (FOI) request. The following information is included in a record that is the subject of a FOI request being handled by a hospital: employee name, employee title, employee designation, employee educational history, employee personal cell phone number, and feedback about the employee from a colleague.
Which of the following statements is accurate regarding what can be released?
The Government of Canada’s Directive on Privacy Impact Assessments applies to all of the following EXCEPT?
When a third country or specified entity is said to ensure an adequate level of protection essentially equivalent to that ensured within the European Union, it is awarded a(n)?
What is required through the "circle of care" concept under Canadian health information privacy law?
In Ontario, a patient attends an appointment with a physician and reveals information about some new symptoms that she has been experiencing. Based on this information, the physician diagnoses the patient with a condition and prepares the report detailing the applicable history and diagnosis. The report is added to the patient’s record. The patient later regrets revealing certain facts and doesn’t want anyone else to know about these symptoms or the diagnosis. She acknowledges that the information she provided was correct and does not question the diagnosis.
Which of the following requests would the patient be most successful at pursuing?
According to the Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems, signatories commit to doing all of the following EXCEPT?
What is critical to consider when an organization responsible for a large number of records wants to outsource the storage of those records?
What is required for a provincial law to be considered substantially similar to the Personal Information Protection and Electronic Documents Act (PIPEDA)?
According to the Privacy Act, which of the following disclosures of personal information by a government institution would require the data subject’s consent?