IAPP CIPP/C Exam Practice Test Instant Access

Question 1

Under the Freedom of Information and Protection of Privacy Acts (FIPPA), personal information includes all of the following EXCEPT?

AInformation about an individual's home business.

BInformation about an individual's creditworthiness.

CInformation about an individual's employment history.

DInformation about an individual's character references.

Answer : A

Question 2

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), when engaging in a third-party transfer of personal information for processing, an organization is expected to have the technology to protect the information during transit and to?

AEstablish a contract outlining the individual outsourcing arrangement.

BObtain additional consent for the use of the information by the third party.

CConfirm the jurisdictional protections of the receiving organization are the same as PIPEDA.

DReview the cross-border data flow competed and approved by the Treasury Board of Canada Secretariat.

Answer : A

Question 3

What is required of a private sector organization that is subject to a finding by a Canadian federal or

AIn Qubec, comply with the finding as a binding decision.

BComply with findings of the Privacy Commissioner of Canada only.

CIn all jurisdictions, adopt and apply the finding within 30 days of the published report.

DIn Ontario only, apply for judicial review within a provincial court in order to accept or refute the finding.

Answer : A

Question 4

What is the Canadian Courts' role in reviewing decisions by provincial oversight authorities?

AReview all the investigative notes of the oversight authority, such as would be gathered during interviews.

BImpose a prison sentence only, such as when an employee sells personal health information (PHI) for their own gain.

CLook at specific types of errors made by the oversight authority such as a misinterpretation of a term in the legislation

DReview and compare the oversight authority's decision or recommendation against those of other oversight authorities across Canada.

Answer : C

Question 5

A federally regulated company based in Ontario has customers in Ontario, Quebec, New Brunswick, Alberta and British Columbi

a. Unfortunately, a third-party vendor that provides marketing support to the company experiences a privacy breach which impacts the personal information of all its customers across the provinces where it operates.

The Privacy Officer determines that the breach causes a real risk of significant harm to their customers and is tasked with reporting the breach to the relevant regulators.

With which provincial privacy regulators does the company have to file a report?

AIt is unnecessary to file a report with any provinces because the company is federally regulated

BAll of the provinces where its customers are located

CNew Brunswick and British Columbia only

DQuebec and Alberta only

Answer : A

Question 6

A small commercial business in Canada was preparing a mailing to its customers when the letters and the envelopes were mismatched, causing 500 of 1000 letters to be sent to the wrong recipients. The letters contained the name and mailing address of the clients as well as account numbers and account balances.

The business has discovered this error as clients called to report receiving the wrong letter and expressing concern that their information has been breached. Which of the following is the most appropriate next step to take?

AAll 1000 clients must be sent new letters.

BThe 500 clients who were impacted must be immediately notified.

CThe Office of the Privacy Commissioner (OPC) must be immediately notified.

DA risk assessment must be completed to determine the real risk of significant harm (RROSH) to the clients.

Answer : D

Question 7

According to the Privacy Act, which of the following disclosures of personal information by a government institution would require the data subject's consent?

AWhen disclosing to a law enforcement body.

BWhen disclosing to comply with a search warrant.

CWhen disclosing to a registered charitable organization.

DWhen disclosing to a member of parliament to assist in resolving a problem.

Answer : C

IAPP Certified Information Privacy Professional/ Canada CIPP/C Exam Practice Test