DCPP-01 DSCI certified Privacy Professional (DCPP) Question and Answers

The Qatar Concerning Privacy and Protection of Personal Data Act, 2016 addresses different types of personal data, including:

What conditions apply in India for a company to transfer sensitive personal information (SPI) to another Indian company or individual, or to a person residing in any other country?

Which of the following could be considered as triggers for updating privacy policy?

If XYZ & Co. collects, stores and processes personal information of living persons, electronically in a structured filing system, then XYZ could be a:

In the history of human evolution, erection of walls and fences around one’s living spaces is interpreted as arrival of which type of privacy consciousness?

Which of the following does not fall under the category of Personal Financial Information (PFI)?

Which of the following statements is true in respect of the India specific government projects such as Aadhaar, National Population Register (NPR), etc. that can have privacy implications?

What does PHI stand for, as per HIPAA/ HITECH?

According to the privacy statement of an organization, which of the following words is true?

With reference to APEC privacy framework, when personal information is to be transferred to another person or organization, whether domestically or internationally, “the ______________ should obtain the consent of the individual and exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with APEC information privacy principles”.

According to IT (Amendment) Act,2008, who should designate a grievance officer to redress grievance(s) of provider of information?

After the rules were notified under section 43A of the IT (Amendment) Act, 2008, a clarification was issued by the government which exempted the service providers, which get access to/processes Sensitive Personal Data or information (SPDI) under contractual agreement with a legal entity located within or outside India. Which privacy principle provisions notified under Sec 43A were exempted for the service providers?

XYZ is a successful startup that acquired a respectable size & scale of operations in last 3 years, handling business process services for small & medium scale enterprises, largely in US & Europe. They are at the stage of closing a deal with a new banking client and working out the details of privacy related obligations in contract. Ensuring effective enforcement of which of the below listed privacy principles is client’s accountability, even after outsourcing its loan approval process to XYZ?

I. Notice

II. Choice and Consent

III. Collection Limitation

IV. Use Limitation

V. Access and Correction

VI. Security

VII. Disclosure to third Party

Please select the correct set of principles from below listed options:

XYZ & Co., an Indian hospital specialized in dealing with cancer treatment has organized a free health checkup camp for women in a specific district, after seeking due permission from competent authorities. During the camp the hospital staffs will be feeding the medical records of these women into the computer connected to hospital network system. Does the said hospital need to notify its privacy policy to the women attending the camp and seek their consent regarding the collection and processing of such information?

Indian constitution does not expressly provide for the “right to privacy” to its citizens. However, there were various judicial pronouncements of the apex court which finally established the “right to privacy” as a fundamental right subsumed under Article 21 of the constitution of India. Article 21 inter alia provides and protects the __________________.