DCPP-01

Which of the following is not required by an organization in US, resorting to EU-US Safe Harbor provisions, to transfer personal information from EU member nation to US?A . Adherence to the seven safe harbor principlesB . Disclose their privacy policy publiclyC . Sign standard contractual clauses with data exporters...

Indian constitution does not expressly provide for the “right to privacy” to its citizens. However, there were various judicial pronouncements of the apex court which finally established the “right to privacy” as a fundamental right subsumed under Article 21 of the constitution of India. Article 21 inter alia provides and...

For negligence in implementing and maintaining the reasonable security practices and procedures for protecting Sensitive Personal Data or Information (SPDI) as mentioned in Section 43A and associated rules under IT (Amendment) Act, 2008, a corporate entity may be liable to pay compensation of up to___________A . Rs. 50,000,000B . Rs....

Companies based in EU and willing to transfer data outside the EU/EEA, use model contracts as an instrument. Which of the following statements are true in reference to above statement?A . It is a requirement mentioned in EU Data Protection DirectiveB . It is a requirement mentioned in the OECD...

Effective 2013, HIPAA Omnibus rule applies to which of the following?A . Covered Entities onlyB . Business Associates onlyC . Covered Entities & Business AssociatesD . Federal Health Bodies onlyView AnswerAnswer: C Explanation: The final Omnibus Rule becomes effective on March 26, 2013. Covered entities and Business Associates Reference: http://www.hipaasurvivalguide.com/hipaa-omnibus-rule.php

Which of the following privacy regulation advocates de-identification of personal information?A . EU Data Protection DirectiveB . Canada’s PIPEDAC . Australia’s ANPPD . IT Act of IndiaView AnswerAnswer: A

The Information Technology (Reasonable Security Practices And Procedures and Sensitive Data or Information) Rules, 2011 incorporate which of the following privacy concepts and principles: i. Collection Limitation ii. Accountability iii. Right to be forgotten iv. Purpose Limitation v. Access and correctionA . i, ii, iii and ivB . I, ii,...

“As per Indian laws, any information that is freely available or accessible in public domain cannot be regarded as sensitive personal data or information.” Please state if this statement is True or False.A . TrueB . FalseView AnswerAnswer: A Explanation: Reference: https://www.linklaters.com/en/insights/data-protected/data-protected---india

Under which of the following conditions can a company in India may transfer sensitive personal information (SPI) to any other company or a person in India, or located in any other country?A . Transfer of information is allowed to those who ensure the same level of data protection that is...

XYZ is a successful startup that acquired a respectable size & scale of operations in last 3 years, handling business process services for small & medium scale enterprises, largely in US & Europe. They are at the stage of closing a deal with a new banking client and working out...