CIPP-C Certified Information Privacy Professional/ Canada (CIPP/C) Questions and Answers

Contributing to the development and application of Al standards.

Sharing information and best practices of Al governance.

Supporting public awareness and education on Al.

Adopting low-risk uses of AI.

Optional for identity verification purposes.

Mandatory for identity verification purposes.

Optional for secondary marketing purposes.

Mandatory for secondary marketing purposes.

New Brunswick's Personal Health Information Privacy and Access Act (PHIPAA)

Ontario's Personal Health Information Protection Act (PHIPAA)

Nova Scotia's Personal Health Information Act (PHIPAA)

lAberta's Health Information Act (PHIA)

For a determination on a ruling regarding privacy matters relating to the Charter of Rights and Freedom.

For a determination of whether or not personal information was properly withheld from release.

For a determination on a ruling by an administrative tribunal regarding privacy.

For a determination on a ruling by a provincial Privacy Commissioner.

File an error report describing the nature of the errors.

Amend any information that the woman finds to be erroneous.

Request that the woman complete a new set of forms with correct information

Provide the woman with the names of any third parties who have had access to her information.

Introducing new legislation in the House of Commons

Receiving program approvals from the Treasury Board of Canada.

Obtaining program expertise from the Privacy Commissioner of Canada.

Improving collection methods through its information technology systems.

That a correction be made to change the diagnosis based on the patient's wishes.

That the information be restricted from disclosure to other health care providers.

That a copy of the record be kept by the patient for disclosure to physicians.

That details of the diagnosis be deleted from the patient’s health record.

Ensuring transparency.

Responding to the parent's request within 30 days.

Ensuring strong encryption and security measures.

Completing a real risk of significant harm assessment (RROSH).

It provides a more streamlined process of complaint resolution.

It increases the power of the commissioner to enforce decisions.

It reduces the perception that compliance is a confrontational process.

It provides a more detailed set of guidelines regarding possible violations.

Personal information should not be retained at all.

Personal information should be retained indefinitely as long as consent has been given.

Personal information should be retained for at least two years after the last administrative use.

Personal information should be retained as long as necessary for the fulfillment of the purpose of the collection.

It scrambles information but can be unscrambled for later use.

It automatically puts a lifespan on any identification that is stored.

It randomizes all permanent identification within an organized database.

It still provides customer identification, but in a form that would not reveal the real number.

A public official's salary published on a government web site.

A person's telephone number published in a public directory.

A photograph taken in public and published in a newspaper.

Information about a defendant contained in court records.

Shuffling.

Encryption.

Anonymization.

Pseudonymization.

Health information custodians or trustees be specified only by applicable law or regulation

An individual's consent may be implied unless the individual has refused consent or if the purpose of the disclosure is not to provide health care.

Notification to the individual be made in the event of a data breach of personal health information (PHI) by an organization that is based in Canada

Consent must be expressed or implied when a custodian discloses personal health information (PHI) to another custodian for the purpose of providing health care.

Determining if the personal information stored on the records will be used for data matching

Putting into place a contractual agreement between the organization and the records storage company.

Conducting a Privacy Impact Assessment (PIA) prior to establishing a relationship with the storage company.

Establishing that consent gathered from individuals by the organization in order to store their personal information was informed and meaningful.

Conduct a preliminary PIA before acquiring the service

Complete a PIA in accordance with Treasury Board guidelines.

Publish a privacy statement in newspapers and on the government website.

Determine if the Office of the Privacy Commissioner must be notified of the launch of this new e-service

The Privacy Commissioner of Canada must have completed an investigation and issued a report.

The Privacy Commissioner of Canada must have completed an investigation and found in favor of the requester.

The requester must have made a formal Privacy Act request to a government institution for access to personal information.

The requester must have lodged a complaint with the Office of the Privacy Commissioner (OPC) within 60 days of having received a response to a formal Privacy Act request.

Is required by an organization to establish an employment relationship.

Includes internal investigation files and complaints filed about an employee.

Includes intellectual property developed within the scope of an employee's job function.

Is prepared or collected as part of that individual’s responsibilities or activities in connection to their job.

Integrity.

Accuracy.

Accountability.

Limiting purposes.