DSCI
DCPLA
Q1:
Can a DSCI Certified Lead Assessor for Privacy, not currently an employee of a DSCI Accredited Organization, conduct external assessment leading to DSCI Privacy certification?
○
A
True○
B
False
DSCI
DCPLA
Q2:
Which of the following is not an objective of POR?
○
A
Create an inventory of business processes, enterprise and operational functions, client relationships that deal with personal information○
B
Identify all the activities, functions and operations that can be attributed to the privacy initiatives of an organization○
C
Evaluate the role of corporate function in legal compliance management, its relations with IT, and security functions. Evaluate the role of legal function in compliance matters○
D
Establish a privacy function to address the activities, functions and operations that are required to manage the privacy initiatives
DSCI
DCPLA
Q3:
Which of the following could be considered as triggers for updating privacy policy? (Choose all that apply.)
☐
A
Regulatory changes☐
B
Privacy breach☐
C
Change in service provider for an established business process☐
D
Recruitment of more employees
DSCI
DCPLA
Q4:
As a privacy assessor, what would most likely be the first artefact you would ask for while assessing an organization which claims that it has implemented a privacy program?
○
A
Privacy risk management framework○
B
Records of privacy specific training imparted to the employees handling personal information○
C
Personal information management policy○
D
Records of deployed privacy notices and statements
DSCI
DCPLA
Q5:
Which of the following statements is true with respect to organization's privacy training and awareness program?
○
A
It should define roles and responsibilities of personnel in privacy function○
B
It should cover employees of service provider dealing with personal information○
C
It should necessarily cover officials from Law Enforcement Agencies that request lawful access to personal information○
D
None of the above