IAPP CIPP-C CIPP/C Exam Practice Test Instant Access

Question 1

In comparing British Columbia's privacy laws with the health information privacy acts of the remaining provinces, BC's privacy laws?

ASeek to create a more flexible regulatory system to manage the patient data itself

BRefer to health sector participants as trustees as opposed to custodians.

CExclude laboratories, nursing homes and independent health facilities.

DGroup data banks together rather than listing them separately.

Answer : A

Question 2

What must a federal government department do before it implements an electronic service (e-service)?

AConduct a preliminary PIA before acquiring the service

BComplete a PIA in accordance with Treasury Board guidelines.

CPublish a privacy statement in newspapers and on the government website.

DDetermine if the Office of the Privacy Commissioner must be notified of the launch of this new e-service

Answer : B

Question 3

In which circumstance do private sector privacy laws permit collection of information without consent?

AWhen timely consent cannot be obtained by the organization and the collection is clearly in the individual's interests.

BWhen the collection is necessary for the organization to complete a profile of the individual.

CWhen the collection is reasonable for purposes related to the organization's mandate.

DWhen the individual expressly waives their right to give consent.

Answer : A

Question 4

According to the federal Privacy Commissioner, what protection is missing from the Privacy Act regarding outsourcing of government work that contains personal information?

AA statement preventing the vendor to whom the information is outsourced to subcontract its processing.

BA statement granting the Privacy Commissioner the right to issue orders following an investigation into a possible data breach.

CA statement requiring the government agency to complete a Privacy Impact Assessment (PIA) prior to outsourcing to a third party.

DA statement indicating that the government institution from which the information is outsourced remains accountable for its security.

Answer : B

Question 5

A federally regulated company based in Ontario has customers in Ontario, Quebec, New Brunswick, Alberta and British Columbi

a. Unfortunately, a third-party vendor that provides marketing support to the company experiences a privacy breach which impacts the personal information of all its customers across the provinces where it operates.

The Privacy Officer determines that the breach causes a real risk of significant harm to their customers and is tasked with reporting the breach to the relevant regulators.

With which provincial privacy regulators does the company have to file a report?

AIt is unnecessary to file a report with any provinces because the company is federally regulated

BAll of the provinces where its customers are located

CNew Brunswick and British Columbia only

DQuebec and Alberta only

Answer : A

Question 6

According to the Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems, signatories commit to doing all of the following EXCEPT?

AContributing to the development and application of Al standards.

BSharing information and best practices of Al governance.

CSupporting public awareness and education on Al.

DAdopting low-risk uses of AI.

Answer : D

Question 7

What is the main reason a country might adopt an "ombudsman" model of privacy oversight?

AIt provides a more streamlined process of complaint resolution.

BIt increases the power of the commissioner to enforce decisions.

CIt reduces the perception that compliance is a confrontational process.

DIt provides a more detailed set of guidelines regarding possible violations.

Answer : C

IAPP CIPP-C Certified Information Privacy Professional/ Canada CIPP/C Exam Practice Test