Question 1

Specifically, what section of the IT (Amendment) Act, 2008 lays down the provisions for punishment
for the offense of wrongful disclosure of personal information with the intention of causing loss or
gain to another?

Accepted Answer

D

Explanation: There are two sections under the IT (Amendment) Act, 2008 that outline liabilities. These are quoted below: Sec 43A - “Where a body corporate possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.” Compensation for failure to implement reasonable security practices can be upto Rs. 5 Crores (the Adjudicating Officer has the power to award this). A data subject can further approach a civil court if compensation desired is more than Rs. 5 Crore. Sec 72A - “Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.”

Question 2

APEC privacy framework envisages common principles such as Notice, Collection limitation, Use
Limitation, Access and Correction, Security/Safeguards, and Accountability. But it differs from the EU
Data Protection Directive in which of the below aspect?

Accepted Answer

B

Explanation: :

Question 3

Which among the following can be classified as the most important purpose for enactment of data protection/ privacy regulations across the globe?

Accepted Answer

D

Explanation: :

Question 4

Which of the following privacy legislations is synonymous with "Data Handlers"?

Accepted Answer

B

Explanation: :

Question 5

Which among the following organizations does not issue a privacy seal?

Accepted Answer

C

Explanation: :

Question 6

Rising economic value of personal information has stressed the need for a comprehensive __________ legislation in India.

Accepted Answer

A

Explanation: :

Question 7

When sharing personal information (of the data subject) with third parties for processing, which of the following privacy principles includes informed consent?

Accepted Answer

D

Explanation: :

Question 8

Complete the sentence:
The Gramm-Leach-Bliley Act (GLBA) of US regulates the privacy practices adopted by financial
institutions, requiring them to provide adequate security of the customer records. It lays various
obligations on the financial institutions but allows such financial institutions to share the non-public
information of customers (after properly notifying their consumers in a manner mentioned in the
Act) with

Accepted Answer

A

Explanation: :

Question 9

From the below listed options, identify the new privacy principle that is being advocated in proposed EU General Data Protection Regulation?

Accepted Answer

C

Explanation: :

Question 10

After the rules were notified under section 43A of the IT (Amendment) Act, 2008, a clarification was
issued by the government which exempted the service providers, which get access to/processes
Sensitive Personal Data or information (SPDI) under contractual agreement with a legal entity
located within or outside Indi
a. Which privacy principle provisions notified under Sec 43A were exempted for the service
providers?

Accepted Answer

A

Explanation: :

Question 11

Which of the following statements is true with respect to organization’s privacy training and awareness program?

Accepted Answer

A

Explanation: :

Question 12

Which of the following statements is true in respect of the India specific government projects such as Aadhaar, National Population Register (NPR), etc. that can have privacy implications?

Accepted Answer

C

Explanation: :

Question 13

According to the EU-US Safe Harbour Framework, which of the following is not required when transferring personal information from EU member nations to the US?

Accepted Answer

A

Explanation: :

Question 14

Choose from the options below to group privacy principles into user centric (requiring people's involvement) and organization centric (restricted to processes within the organization) categories:

Accepted Answer

B

Explanation: Page No 36 of PBok At a high level, Privacy Principles can be grouped into the following two categories: Principles that advocate user engagement: Principles such as Notice, Consent, Collection Limitation, Access & Correction etc. are user centric principles and involve user transactions. Principles that are aligned to organizational context: Principles such as Purpose Limitation, Accountability, Disclosure, Security/Safeguard etc. talk about the norms and organizational measures for ensuring privacy protection by the organization.

Question 15

Please select the incorrect statement in context of “Online Privacy”:

Accepted Answer

C

Explanation: :

Free DSCI DCPP-01 Actual Exam Questions