This is a set of 15 Data Privacy Assessment Questions and Answers. Please NOTE that all questions and answers are based on our research and self-study.
1.) A patient’s medical information is private. However, the information
needs to be shared with the doctor to get proper treatment. This
information is confidential and it becomes the doctor’s duty to keep it
secure. This is an example of a trade-off between data usage and data
privacy.
A.) True
B.) False
Answer:- A
2.) All the following tasks can be conducted by a data processor, as
required and agreed with the customer, except in Data Privacy:
A.) Understanding and implementing personal data processing as per the law
B.) Supplying personal information of data subjects to the third party
C.) Carrying out personal data processing
D.) Determining the purpose and means of personal data
processing
Answer:- D
3.) Which of the following is not such a PI, which, if misused/compromised, can highly impact an individual and/or his/her identity:
A.) Gender
B.) Signature
C.) Blood report
D.) Bank account statements
Answer:- A
4.) State what should the onsite associate do.
A.) Wonder how the project management person found out about his salary but do nothing.
B.) Raise a privacy incident about the project management person in Incident Management Tool (IMT) in Ultimatix.
Answer:- B
5.) State what should the project management person do.
A.) Why not find out about the onsite associate’s salary?
B.) Drop the topic, of course!
Answer:- B
6.) ABC Pvt. Ltd. is a staffing company, which nominates its employees to XYZ for various work that XYZ seeks from them as BAs (Business Analysts). These BAs, while providing their services, process a lot of PI sometimes about XYZ employees. Who is the controller?
A.) ABC
B.) XYZ
Answer:- B
7.) A major incident became the newspaper headlines when XYZ’s business secrets went into the public domain. XYZ hired an investigatory firm ABC Pvt. Ltd. with which the PI of all team members was shared. Who is the controller?
A.) XYZ
B.) ABC
Answer:- B
8.) ICS is sponsoring a marathon organized by ABC Pvt. Ltd. and as part of the sponsorship, has received running passes for 500 employees. Various employees volunteered and those shortlisted on a first come first basis were asked about their medical and other PI by ABC Pvt. Ltd.Who is the controller for processing PI for the marathon?
A.) ABC
B.) XYZ
Answer:- A
9.) A consulting firm ABC Pvt. Ltd. is filing income tax returns of XYZ employees as instructed by XYZ. Who is the controller?
A.) XYZ
B.) ABC
Answer:- A
10.) Marketing group within a unit in XYZ is hosting an Al technology stall at a conference organized by ABC Pvt. Ltd. Being the owner of the stall, XYZ will be collecting PI of visitors and using it for later sales and marketing purposes. Who is the controller for the PI of visitors collected by XYZ on its booth?
A.) ABC
B.) XYZ
Answer:- B
11.) Which of the following of your SPI might NOT help one to uniquely identify you?
A.) Fingerprint
B.) Retina scan
C.) Face recognition
D.) Password
Answer:- D
12.) You own a white colored car, which is your PI, but not PII. However, when in your office parking lot, where you park the car every day, it is the only white car. In this case, your PI is your PIl.
A.) False
B.) True
Answer:- B
13.) Your Company employee ID is 126456. You can be identified with your employee ID within the company. What category of PI does your employee ID fall under?
A.) SPI
B.) PII
C.) PFI
D.) PHI
Answer:- B
14.) How should you comply with applicable privacy regulations? Please look at the question and state where can you find this information.
A.) Personal Data Breach Handling Procedures Manual
B.) Privacy Requirements and Procedures Manual
C.) Company Privacy Policy
D.) Data Subject Rights Enabling and Handling Guidelines
Answer:- B
15.) What process(es) should you follow before processing PI? Please look at the question and state where can you find this information.
A.) Personal Data Breach Handling Procedures Manual
B.) Privacy Requirements and Procedures Manual
C.) Company Privacy Policy
D.) Data Subject Rights Enabling and Handling Guidelines
Answer:- B
Must Read: