IAPP CIPP-C Free Practice Exam & Test Training

Question 1 ( Exam A )

In Ontario, a patient attends an appointment with a physician and reveals information about some new symptoms that she has been experiencing. Based on this information, the physician diagnoses the patient with a condition and prepares the report detailing the applicable history and diagnosis. The report is added to the patient’s record. The patient later regrets revealing certain facts and doesn’t want anyone else to know about these symptoms or the diagnosis. She acknowledges that the information she provided was correct and does not question the diagnosis.
Which of the following requests would the patient be most successful at pursuing?

A. That a correction be made to change the diagnosis based on the patient’s wishes.
B. That the information be restricted from disclosure to other health care providers.
C. That a copy of the record be kept by the patient for disclosure to physicians.
D. That details of the diagnosis be deleted from the patient’s health record.

Answer : B

Question 2 ( Exam A )

The Government of Canada’s Directive on Privacy Impact Assessments applies to all of the following EXCEPT?

A. The Ministry of Health
B. The Bank of Canada.
C. Crown Corporations.
D. The Cabinet.

Answer : D

Question 3 ( Exam A )

Which falls under the jurisdiction of the Personal Information Protection and Electronic Documents Act (PIPEDA)?

A. Personal information collected by private businesses for journalistic or artistic purposes.
B. Personal health information (PHI) handled by private enterprises in provinces that have adopted substantially similar legislation.
C. Personal information disclosed across provincial or national borders by organizations such as credit reporting agencies or list marketers.
D. Personal information such as names, titles and contact information used by businesses to communicate with employees regarding their profession.

Answer : C

Question 4 ( Exam A )

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), when engaging in a third-party transfer of personal information for processing, an organization is expected to have the technology to protect the information during transit and to?

A. Establish a contract outlining the individual outsourcing arrangement.
B. Obtain additional consent for the use of the information by the third party.
C. Confirm the jurisdictional protections of the receiving organization are the same as PIPEDA.
D. Review the cross-border data flow completed and approved by the Treasury Board of Canada Secretariat.

Answer : A

Question 5 ( Exam A )

According to the Privacy Act, which of the following disclosures of personal information by a government institution would require the data subject’s consent?

A. When disclosing to a law enforcement body.
B. When disclosing to comply with a search warrant.
C. When disclosing to a registered charitable organization.
D. When disclosing to a member of parliament to assist in resolving a problem.