Certified Information Privacy Professional/Canada (CIPP/C)
Last exam update: Nov 18 ,2025
Page 1 out of 6. Viewing questions 1-15 out of 76
Question 1
In Ontario, a patient attends an appointment with a physician and reveals information about some new symptoms that she has been experiencing. Based on this information, the physician diagnoses the patient with a condition and prepares the report detailing the applicable history and diagnosis. The report is added to the patient’s record. The patient later regrets revealing certain facts and doesn’t want anyone else to know about these symptoms or the diagnosis. She acknowledges that the information she provided was correct and does not question the diagnosis. Which of the following requests would the patient be most successful at pursuing?
A.
That a correction be made to change the diagnosis based on the patient's wishes.
B.
That the information be restricted from disclosure to other health care providers.
C.
That a copy of the record be kept by the patient for disclosure to physicians.
D.
That details of the diagnosis be deleted from the patient’s health record.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
The Government of Canada’s Directive on Privacy Impact Assessments applies to all of the following EXCEPT?
A.
The Ministry of Health
B.
The Bank of Canada.
C.
Crown Corporations.
D.
The Cabinet.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
Which falls under the jurisdiction of the Personal Information Protection and Electronic Documents Act (PIPEDA)?
A.
Personal information collected by private businesses for journalistic or artistic purposes.
B.
Personal health information (PHI) handled by private enterprises in provinces that have adopted substantially similar legislation.
C.
Personal information disclosed across provincial or national borders by organizations such as credit reporting agencies or list marketers.
D.
Personal information such as names, titles and contact information used by businesses to communicate with employees regarding their profession.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 4
Under the Personal Information Protection and Electronic Documents Act (PIPEDA), when engaging in a third-party transfer of personal information for processing, an organization is expected to have the technology to protect the information during transit and to?
A.
Establish a contract outlining the individual outsourcing arrangement.
B.
Obtain additional consent for the use of the information by the third party.
C.
Confirm the jurisdictional protections of the receiving organization are the same as PIPEDA.
D.
Review the cross-border data flow competed and approved by the Treasury Board of Canada Secretariat.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
According to the Privacy Act, which of the following disclosures of personal information by a government institution would require the data subject’s consent?
A.
When disclosing to a law enforcement body.
B.
When disclosing to comply with a search warrant.
C.
When disclosing to a registered charitable organization.
D.
When disclosing to a member of parliament to assist in resolving a problem.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
Under PIPEDA, each of the following are considered to be personal information EXCEPT?
A.
A public official's salary published on a government web site.
B.
A person's telephone number published in a public directory.
C.
A photograph taken in public and published in a newspaper.
D.
Information about a defendant contained in court records.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 7
How would an individual determine whether their personal information was used by the federal government for data matching?
A.
By submitting written requests to the third party conducting data matching for the government
B.
By noting the description of the Personal Information Banks available through Info Source.
C.
By proposing a Privacy Impact Assessment (PIA) within the specific government body.
D.
By reviewing the Privacy Commissioner's annual report.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
Which health information custodians may NOT rely on an implied consent model under Ontario's Personal Health Information Protection Act (PHIPA)?
A.
Private insurance companies.
B.
Long-term care homes.
C.
Ambulance services.
D.
Pharmacies
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
In what situation is the federal Privacy Commissioner authorized to proceed to federal court?
A.
For a determination on a ruling regarding privacy matters relating to the Charter of Rights and Freedom.
B.
For a determination of whether or not personal information was properly withheld from release.
C.
For a determination on a ruling by an administrative tribunal regarding privacy.
D.
For a determination on a ruling by a provincial Privacy Commissioner.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
What is the primary motivation for a federal government entity to complete a Privacy Impact Assessment (PIA)?
A.
Introducing new legislation in the House of Commons
B.
Receiving program approvals from the Treasury Board of Canada.
C.
Obtaining program expertise from the Privacy Commissioner of Canada.
D.
Improving collection methods through its information technology systems.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
A company wants to invest in DEI initiatives within their organization and plans to survey employees by asking for locality, age, salary, gender, ethnicity, religion, sexual orientation, physical/mental disabilities, department, and job level. The best solution to protect the personal information collected in the survey is to?
A.
Use a pseudonym to identify employees.
B.
Choose a survey tool located in Canada.
C.
Encrypt the sensitive information collected and stored.
D.
Adjust all survey question so that no identifying information nan he collected
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
What must an organization do to fulfill the Personal Information Protection and Electronic Documents Act’s (PIPEDA) transparency requirements when transferring personal information to a foreign country?
A.
Inform customers if data is to be transferred outside of Canada and solicit additional consent.
B.
Give individuals with an existing business relationship the right to refuse transfer of their information.
C.
Advise customers that their data may be accessed by another jurisdiction's courts or law enforcement.
D.
Provide new customers with a measure-by-measure comparison of relevant foreign laws with Canadian laws.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
Which case, brought before the Federal Court, helped determine that the Office of the Privacy Commissioner of Canada (OPC) had jurisdiction to investigate complaints about United States companies collecting, using and disclosing the personal information of individuals within Canada?
A.
TJX Winners - Homesense.
B.
Facebook: 2019.
C.
Blood Tribe.
D.
Abika.com.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
A private sector daycare’s portal for parents stores their children’s photos, allergy information and date of birth. A parent has asked about the portal’s security requirements and in three months still not has received an answer. What is missing from the daycare’s procedures?
A.
Ensuring transparency.
B.
Responding to the parent's request within 30 days.
C.
Ensuring strong encryption and security measures.
D.
Completing a real risk of significant harm assessment (RROSH).
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
Which act also includes references to the Privacy Act?
A.
The Access to Information Act.
B.
The Children's Online Privacy Protection Act
C.
The Telecommunications Intercept and Access (TIA) Act.
D.
The Personal Information Protection and Electronic Documents Act