CIPP-C Best Training Material and Practice Test Q&A from CertLibrary.com

Question 1

What is required for a provincial law to be considered substantially similar to the Personal Information Protection and Electronic Documents Act (PIPEDA)?

A. Consistency with at least eight of the ten privacy principles, an independent oversight body and a complaint handling mechanism.
B. Consistency with the ten privacy principles, an independent oversight body and a process for accessing information.
C. Consistency with the ten privacy principles, an independent oversight body and a redress mechanism.
D. Consistency with the ten privacy principles, an appeal process and a redress mechanism.

Answer : C

Question 2

What is a difference between the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Personal Information Privacy Act (PIPA) of both Alberta and British Columbia?

A. PIPEDA applies to personal information about individuals employed by government institutions; PIPA applies to personal information about individuals employed by public-sector organizations within the provinces.
B. The enforcement powers of the federal Privacy Commissioner of Canada under PIPEDA are greater than those of the provincial privacy commissioners under PIPA.
C. PIPEDA applies to federal undertakings and to inter-provincial organizations engaged in commercial activities; PIPA applies to private organizations.
D. The person in charge of oversight of PIPEDA is a privacy commissioner; the person in charge of oversight of PIPA is an ombudsman.

Answer : C

Question 3

Under the Freedom of Information and Protection of Privacy Acts (FIPPA), personal information includes all of the following EXCEPT?

A. Information about an individual’s home business.
B. Information about an individual’s creditworthiness.
C. Information about an individual’s employment history.
D. Information about an individual’s character references.

Answer : A

Question 4

A new client is opening a Registered Retirement Savings Plan. Their investment advisor asks for their social insurance number (SIN). The advisor must tell the client that because they are opening a tax reporting product, their SIN is mandatory for tax reporting purposes and?

A. Optional for identity verification purposes.
B. Mandatory for identity verification purposes.
C. Optional for secondary marketing purposes.
D. Mandatory for secondary marketing purposes.

Answer : A

Question 5

Why is biometric information considered sensitive personal information in almost all circumstances?

A. It is user specific information that can easily be stored and accessed to identify an individual or group of individuals.
B. It can be applied broadly to link many pieces of personal information and creates security vulnerabilities.
C. It is distinctive, unlikely to vary over time, difficult to change and largely unique to the individual.
D. It is easy to recognize and reproduce with increasing computer processing power.

Answer : C

Question 6

Which of the following describes a difference between the federal Privacy Commissioner and provincial commissioners?

A. Provincial commissioners can order an organization to act.
B. Provincial commissioners are limited to recommending actions.
C. The federal commissioner has the power to make an organization comply.
D. The federal commissioner must receive complaints from a legislative representative.

Answer : A

Question 7

What is the main reason a country might adopt an "ombudsman" model of privacy oversight?

A. It provides a more streamlined process of complaint resolution.
B. It increases the power of the commissioner to enforce decisions.
C. It reduces the perception that compliance is a confrontational process.
D. It provides a more detailed set of guidelines regarding possible violations.

Answer : C

Question 8

According to the Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems, signatories commit to doing all of the following EXCEPT?

A. Contributing to the development and application of AI standards.
B. Sharing information and best practices of AI governance.
C. Supporting public awareness and education on AI.
D. Adopting low-risk uses of AI.

Answer : D

Question 9

In 2007, four employees of TELUS Communications Corporation filed a complaint with the Privacy Commissioner of Canada in connection with the collection of what personal information?

A. Voiceprint information.
B. Drivers’ licenses.
C. Urine samples.
D. Video images.

Answer : C

Question 10

Of the key principles in the Personal Information Protection and Electronic Documents Act (PIPEDA), which principle in particular contributes to the increase in privacy policies in recent years?

A. Limiting Use, Disclosure, and Retention.
B. Individual Access.
C. Openness.
D. Accuracy.

Answer : C

Question 11

A federally regulated company based in Ontario has customers in Ontario, Quebec, New Brunswick, Alberta and British Columbia. Unfortunately, a third-party vendor that provides marketing support to the company experiences a privacy breach which impacts the personal information of all its customers across the provinces where it operates.
The Privacy Officer determines that the breach causes a real risk of significant harm to their customers and is tasked with reporting the breach to the relevant regulators.
With which provincial privacy regulators does the company have to file a report?

A. It is unnecessary to file a report with any provinces because the company is federally regulated
B. All of the provinces where its customers are located
C. New Brunswick and British Columbia only
D. Québec and Alberta only

Answer : A

Question 12

According to the federal Privacy Commissioner, what protection is missing from the Privacy Act regarding outsourcing of government work that contains personal information?

A. A statement preventing the vendor to whom the information is outsourced to subcontract its processing.
B. A statement granting the Privacy Commissioner the right to issue orders following an investigation into a possible data breach.
C. A statement requiring the government agency to complete a Privacy Impact Assessment (PIA) prior to outsourcing to a third party.
D. A statement indicating that the government institution from which the information is outsourced remains accountable for its security.

Answer : B

Question 13

In which circumstance do private sector privacy laws permit collection of information without consent?

A. When timely consent cannot be obtained by the organization and the collection is clearly in the individual’s interests.
B. When the collection is necessary for the organization to complete a profile of the individual.
C. When the collection is reasonable for purposes related to the organization’s mandate.
D. When the individual expressly waives their right to give consent.

Answer : A

Question 14

What is critical to consider when an organization responsible for a large number of records wants to outsource the storage of those records?

A. Determining if the personal information stored on the records will be used for data matching.
B. Putting into place a contractual agreement between the organization and the records storage company.
C. Conducting a Privacy Impact Assessment (PIA) prior to establishing a relationship with the storage company.
D. Establishing that consent gathered from individuals by the organization in order to store their personal information was informed and meaningful.

Answer : B

Question 15

According to PIPEDA, all of the following data is considered sensitive: physical disability, ethnicity, sexual orientation and?

A. Age
B. Gender
C. Locality
D. Religion

Answer : D

Certified Information Privacy Professional/Canada (CIPP/C) v1.0

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Talk to us!