DCPP-01 Questions and Answers

The purpose of collecting the biometrics is different than what LEAs intent to use it for

The consent of data subjects has not been taken

Government agencies would share the biometrics with LEAs on one condition if LEA properly notify the citizens

None of the above, as government agencies would never deny any LEA for sharing such information for the purpose of mass surveillance

To determine the risks and effects of collecting, storing and distributing personal information

To evaluate processes for handling personal information for mitigating potential privacy risks

To acknowledge the organization’s role in collecting personal identifiable information

To comply with ISO 27001:2013 standard

Data sharing does not require consent from the consumers.

As soon as the GLBA privacy notice is disclosed initially and annually

FTC permission is required

Consumers' consent must be obtained first

Self-certifying to Safe Harbor practices and reporting to Federal Trade Commission

Performing a risk assessment for the processing involved

Data subjects are notified

Assessing the country's adequacy

Fundamental civil liberty

Universal declaration of human rights

Right to be left alone

Binding corporate rules

“Intermediaries” as defined under the IT (Amendment) Act, 2008

Telecom Service Providers

Intelligence and Law Enforcement Agencies

Directorate of Revenue Intelligence (DRI)

Maintaining privacy is difficult with emerging platforms and services

Maintaining privacy is difficult, as exercising complete control over personal information in online environment is an uphill task

Technology advancements and privacy protection are independent concepts that are not related

Maintaining privacy in cyberspace becomes easier with proper use of tools and technologies

Covered Entities only

Business Associates only

Covered Entities & Business Associates

Federal Health Bodies only

Transfer of information is allowed to those who ensure the same level of data protection that is adhered to by the company as provided for under the Indian laws

The transfer of information is allowed only after taking approval of Chief Information Commissioner of India

The transfer of information is allowed only after taking approval of DeitY (Department of Electronics & Information Technology) in India

The transfer may be allowed only if it is necessary for the performance of the lawful contract or where the data subject has consented to data transfer

Federal Data Protection Act, Germany

UK Data Protection Act

PIPEDA

Singapore Data Protection Act

Adherence to the seven safe harbor principles

Disclose their privacy policy publicly

Sign standard contractual clauses with data exporters in EU

Notify FTC of the self-certification

Data processor

Third party agency collecting personal information

Body corporate, which determines the means and purpose of data processing

Natural person sharing his/her information

Right to Life and Personal liberty

Right to Opportunity

Right to Freedom of Speech and Expression

Right to Equality before law

A is the data controller since it collects data directly from X & Y

B is the data controller while A is the sub processor as B has outsourced the data collection and processing to A

B is the data controller that uses A as data processor to collect and process data of data subjects X and Y

Both A & B are data controllers since both need to maintain highest principles of data protection

Are executed with a sole aim to ensure that privacy of individuals is maintained

Have been initiated to provide services to citizens for maintaining their online privacy only

Have raised the need for a comprehensive privacy legislation at national level

Have enforced a privacy legislation at national level