Data Privacy MCQ Quiz

Data Privacy Knowledge While Working in an IT Company | Here are the some Q&A that will help you to understand the data privacy. This is for learning purpose | Data Privacy Quiz.

1. What is more important - data security or data privacy or data utility?

A) Data security
B) Data Privacy
C) Data utility
D) All of them

Ans = (D) All of them

 

2. Which of the following is not a cause for privacy breach/incident?

A) Human errors
B) Unlawful processing of PI
C) Controller responding to a criminal data request by concerned/regulatory authorities without consent from data Subject
D) Cyber Attacks

Ans = (C) Controller responding to a criminal data request by concerned/regulatory authorities without consent from data Subject

 

3. Which of the following is not considered as processing of personal information?

A) Storing
B) Viewing
C) Sharing
D) All are considered as processing

Ans = (D) All are considered as processing

 

4. A utilities organization (water, electricity) engages a company, which operates call centres to provide many of its customer services functions on its behalf. The call centre staff has access to various information of utilities organization, such as company's customer records for providing those services. But, they may only use the information for specific purposes and in accordance with strict contractual arrangements. From the following options, select the statement that holds true?

A) The utilities company remains the data controller, while call centre is the data processor
B) The call centre remains the data controller, while utility company is the data processor
C) The utilities company acts as both data controller and data processor
D) The call centre acts as data controller and data processor

Ans = (A) The utilities company remains the data controller, while call centre is the data processor

 

5. For troubleshooting, another vendor (customer's vendor or a 3rd party like storage/network team) requires a log/dump to be provided to them. You should

A) Share the information as this is required for official purposes
B) Give them the user-id and password to generate the log/dump as you are involved in another critical task
C) Secure your client's consent for sharing the file if that file contains PI or share it after removing the PI
D) Warn them that the file contains PI, should not be used for any other purpose and should be destroyed after the incident is resolved

Ans = (C) Secure your client's consent for sharing the file if that file contains PI or share it after removing the PI

 

6. A statement outlining the organization's privacy practices notified to data subjects is commonly known as:

A) Privacy policy or privacy notice
B) Terms of service
C) Master service agreement
D) Security policy

Ans = (A) Privacy policy or privacy notice

 

7. Data privacy is a/an

A) Political right
B) Employee desire
C) Fundamental/Personal right
D) None of the above

Ans = (C) Fundamental/Personal right

 

8. An employee of your customer needs a report which contains personal information of data subjects in his/her department. What should you do?

A) Share it with her/him as she/he is part of your customer's organization
B) Share and copy your Supervisor/Client Manager
C) Ignore the email as you do not know that person
D) Share it with him/her only after ensuring that the requestor is authorised to receive the information and encrypt/password protecting the file

Ans = (D) Share it with him/her only after ensuring that the requestor is authorised to receive the information and encrypt/password protecting the file

 

9. While collecting any personal information, you must ………

A) Collect as much information as possible as you would not know what information you might require later
B) Be obscure about why you need these information or what you would use it for so that the user will not withhold any required information
C) Limit the amount and type of information gathered to what is necessary to your identified purpose
D) None of the above

Ans = (C) Limit the amount and type of information gathered to what is necessary to your identified purpose

 

10. Select the correct statement about Personal Information (PI)

A) PI includes sensitive as well as non-sensitive Pl of an individual
B) An individual's PI includes his/her SPI as well as his/her family and relatives' SPI
C) OPI includes non-sensitive PI and SPI is different from Pl
D) None of the above

Ans = (A) PI includes sensitive as well as non-sensitive Pl of an individual

 

11. Which of the following is NOT an accurate description of a privacy term?

A) Consent - A permission granted by an individual to process his/her personal information
B) Integrity - Data must be accurate and the data subject must have access and ability to correct the inaccurate data
C) Data limitation - Data controller must be able to use the available data for any purpose of its choice
D) Security - Safeguards to prevent misuse, loss or unauthorized access to process data

Ans = (C) Data limitation - Data controller must be able to use the available data for any purpose of its choice

 

12. You are responding to a RFP, wherein a question asks specifics about a particular privacy regulation. You are unclear and hence decided to take guidance. Whom should you be first reaching to?

A) ODPO of your country/geo
B) GPO
C) Your business/function privacy lead
D) Privacy Counsel

Ans = (C) Your business/function privacy lead