DSCI DCPLA DSCI Certified Privacy Lead Assessor Exam Practice Test

Classify the following scenario as major or minor non-conformity.

''The organization has a very mature information security policy. Lately, the organization has realized the need to focus on protection of PI. A formal PI identification exercise was done for this purpose and a mapping of PI and security controls was done. The organization has also put in place data masking technology in certain functions where the SPI was accessed by employees of a third party. However, the organization is yet to include PI specifically in its risk assessment exercise, incident management, testing, data classification and security architecture programs.''

What are the Nine Privacy Principles as described in DSCI Privacy Framework (DPF)?

I) Use Limitation

II) Accountability

III) Data Quality

IV) Notice

V) Preventing Harm

VI) Choice & Consent

VII) Access and Correction

VIII) Data Minimization

IX) Openness

X) Disclosure to Third Parties

XI) Right to be Forgotten

XII) Collection limitation

XIII) Security

From the following list, identify the technology aspects that are specially designed for upholding privacy:

I) Data minimization

II) Intrusion prevention system

III) Data scrambling

IV) Data loss prevention

V) Data portability

VI) Data obfuscation

VII) Data encryption

VIII) Data mirroring

Which of the following are classified as Sensitive Personal Data or Information under Section 43A of ITAA, 2008? (Choose all that apply.)

What are the two phases of DSCI Privacy Third Party Assessment?

The method of personal data usage in which the users must explicitly decide not to participate.

There are several privacy incidents reported in an organization. The organization plans to analyze and learn from these incidents. Which privacy practice will the organization have to implement for the same?