CIPP\C exam Flashcards
Along with the Senate, what is the other Canadian Federal Parliamentary Chamber?
House of Commons
Which of the following is a responsibility of the Canadian Federal Government?
Banking
Along with transparency, what other major issue was cited by the Privacy Commissioner of Canada report about the Facebook complaint filled by the Canadian Internet Policy and Public Interest clinic?
Consent
Which Provincial health law has been deemed substantially similar to the Personal Information and Electronic Documents Act (PIPEDA)?
Ontario’s Personal Health Information Protection Act (PHIPA)
What is the Primary purpose of the Info Source?
To assist individuals in exercising their rights under the Access to Information Act and the Privacy Act
In 2010, which organization’s social networking tool prompted the privacy commissioner of Canada to call on the company to be more accountable for the personal information it controlled.
Which of the following is guaranteed by the Section 7 of the Canadian Charter of Rights and Freedoms?
Life, Liberty and Security of the person
Which statement about the application of consent principles in Canada is NOT true?
The Personal Information Protection and Electronic Documents Act is the only Canadian Law that explicitly deals with the requirement for consent
What factor determines the extent of privacy impact assessment (PIAs) conducted by government institutions in compliance with the Directive on Privacy Impact Assessment?
The level of risk
Which is NOT a risk factor that government officials must evaluate when framing an outsourcing contract that involves personal or sensitive information?
The number of data elements involved
In Canadian Provinces that do not have a privacy commissioner, which office is responsibel for oversight of privacy?
Ombudsperson
Which is a remedy the Office of the Privacy Commissioner of Canada has after investigating complaints about violations of the Privacy Act?
Recommend solutions to government institutions
Which organization published the “model code for the Protection of Personal Information” in 1996?
Canadian Standards Association
Which Canadian Institution issued a policy requiring that each federal government institution establish measures to ensure that the government institution “ meets the requirements of the Privacy Act when contracting with private-sector organizations, or when establishing agreements or arrangements with public-sector organizations”?
The treasury Board of Canada
Which of the following is NOT a term that refers to a health sector participant, such as hospitals, nursing homes or pharmacies?
Provider ( correct terms are custodian, trustee, Health Information custodian)
Under the Privacy Act, nonconsensual disclosure of personal information is permitted in all of the following EXCEPT:
For the purpose of assisting the individual in resolving a problem by a member of provincial government
Which is NOT a valid reason for denying a Canadian Citizen access to personal information held by a government institution?
A member of parliament requests that the information not be disclosed
In the context of Canadian Health laws, one common theme with respect to consent is that it must be:
Meaningful
Which is NOT a main category into which Canadian jurist have classified privacy as it relates to privacy protection?
Communications privacy
Which Act bars organizations from requiring individuals to undergo a genetic test or disclose the results of a genetic test as a condition of providing goods or services or entering into a contract in Canada?
The Genetic Non-Discrimination Act
Section 4 of the regulations to the Privacy Act requires government institutions to retain personal information for at least how long following the last time is was used?
2 years
Which principle is almost single-handedly responsible for the recent proliferation of privacy notices?
Openness
Which of the following demonstrates the importance of the Personal Information Protection and Electronics Documents Act (PIPEDA) in the case between the Privacy Commissioner of Canada and the Society of Worldwide Interbank Financial Telecommunication (SWIFT)
Just because an organization operates in 2 or more jurisdictions does not alleviate its obligations to comply with Canadian Law
Barring an authorized extension, how long do Canadian government institutions have to grant access after an individual request?
30 days
Based on the Privacy Act, which is NOT an example of personal information?
The salary range of a government official
In the TJX winners- Homesense case, to which data element collected by the company did the federal and Alberta privacy commissioners object?
Driver’s license number
Which Canadian jurisdiction does NOT make information regarding how to obtain access to or request correction of personal health information available to public?
British Columbia
To which entities does the Personal Information Protection and Electronic Documents Act (PIPEDA) apply?
Any Canadian private-sector organization that discloses, uses or collects personal information for commercial purposes
Which province has laws that apply to employee personal information
Alberta
Aside from implied consent, which of the following requires consent under Canada’s Anti-Spam Legislation (CASL)
A text message that offers a discount on pizza delivereies
Canada Political Structure
Parliament - house of commons
Federal-provincial and municipal - legislative
Executive - Prime minister/ cabinet
Common law
All provinces except Quebec
Civil Law
Used only in Quebec instead of common law
Which legal model of data protection does Canada follow?
Canada+EU - Comprehensive Laws to ensure consistency with pan-European laws (GDPR)
What is the difference between privacy policy and a privacy notice/
privacy policy is a set of guidelines for handling, storing and managing PI
privacy notice - description of organization information of management policies
To whom is the federal commissioner accountable?
OPC - Parliament
Which province uses civil law instead of common law
Quebec -civil code
Which act restricts government collection of PI even when is publicly available?
privacy act
What are the 3 basic obligations organizations must fulfil under PIPEDA?
Reasonableness
Consent
Access
CASL only applies to CEM which originate in canada?
False. CEM sent to recipients in Canada from outside must comply with CASL
PIPEDA only applies to Canadian Citizen? PIPEDA only applies to Canadian organizations?
False - Entire Canada
False- In Canada
De novo means
From the start
What was significant about the decision the supreme court made in the blood tribe case?
Solicitor client privilege is an important legal right
What are some of the tools used by Privacy Commissioner to provide guidance on privacy rights and obligation?
Blogs
Websites
Annual Reports
Guidelines
Privacy Act specifies an obligation to properly safeguard and retain PI
False
Due to concerns about USA Patriot Act, the Privacy Act prohibits the transfer of PI to the USA?
False
Which provincial health law hs been deemed substantially similar to PIPEDA?
HIA -+AB health information Act
