IAPP CIPP-C CIPPC Exam Practice Test Instant Access

Question 1

Which action will help a business prove compliance under Canada's Anti-Spam Legislation (CASL)?

ADemonstrating the dissolution of a personal relationship before communication was sent.

BKeeping records of express and implied consent of commercial electronic messages.

CPosting a list of CASL guidelines on a company's website for customers to read.

DProviding an opt-out mechanism.

Answer : B

Question 2

Work-product information is generally thought of as information about an individual that?

AIs required by an organization to establish an employment relationship.

BIncludes internal investigation files and complaints filed about an employee.

CIncludes intellectual property developed within the scope of an employee's job function.

DIs prepared or collected as part of that individual's responsibilities or activities in connection to their job.

Answer : D

Question 3

What can be concluded from the Blood Tribe case regarding the Privacy Commissioner's access to information?

AThe commissioner cannot receive information unless it is gathered under oath.

BThe commissioner cannot ask an organization to prove that a document is privileged.

CThe commissioner can compel the production of all documents that are relevant to the investigation.

DThe commissioner can officially request proof that desired information is subject to solicitor-client privilege.

Answer : D

Question 4

An Alberta woman finds errors about her personal information while reviewing paperwork at a local real estate firm. According to Canadian Standards Association (CSA) principles, how should the firm respond to these errors?

AFile an error report describing the nature of the errors.

BAmend any information that the woman finds to be erroneous.

CRequest that the woman complete a new set of forms with correct information

DProvide the woman with the names of any third parties who have had access to her information.

Answer : B

Question 5

Under the Privacy Act, when government institutions collect personal information?

AData subject consent is required.

BThe collection must be directly from a data subject.

CThe collection must relate to an operating program or activity.

DInformation collected must be made anonymous where technologically possible

Answer : C

Question 6

ABC Corp uses a third-party provider to perform data analytics and sends the following data sets to the third party to run some reports: name, customer ID, age, transaction activity, transaction date, location, outcome, customer type.

If ABC Corp wants the third party to send all the data sets to their US based marketing partner for a new use, they must?

AEncrypt data in transit.

BAnonymize the personal data before sending.

CSeek additional consent from their customers.

DEnsure the marketing partner has equal or stronger protections than Canada.

Answer : C

Question 7

In comparing British Columbia's privacy laws with the health information privacy acts of the remaining provinces, BC's privacy laws?

ASeek to create a more flexible regulatory system to manage the patient data itself

BRefer to health sector participants as trustees as opposed to custodians.

CExclude laboratories, nursing homes and independent health facilities.

DGroup data banks together rather than listing them separately.

Answer : A

IAPP Certified Information Privacy Professional/ Canada CIPP/C Exam Practice Test