A multinational company with operations in several parts within EU and outside EU, involves international
data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in
size, the organization has a works council. Most of the data transferred is personal, and some of the data that
the organization collects is sensitive in nature, the processing of some of which is also outsourced to its
branches in Asian countries.
Which of the following are not mandatory pre-requisite before transferring sensitive personal data to its Asian
branches?

• A.Self-certifying to Safe Harbor practices and reporting to Federal Trade Commission
• B.Determining adequacy status of the country
• C.Notifying the data subject
• D.Conducting risk assessment for the processing involved

Comment: *

Name: *

Email: *

Verification: *

Which of the following doesn't contribute, or contributes the least, to the growing data privacy challenges in today's digital age?

• A.Social media
• B.Mass surveillance
• C.Use of secure wireless connections
• D.Increase in digitization of personal information

Comment: *

Name: *

Email: *

Verification: *

Which of the following categories of information are generally protected under privacy laws?

• A.Personally Identifiable Information (PII)
• B.Sensitive Personal Information (SPI)
• C.Trademark, copyright and patent information
• D.Organizations' confidential business information

Comment: *

Name: *

Email: *

Verification: *

Which of the following laid foundation for the development of OECD privacy principles for the promotion of
free international trade and trans border data flows?

• A.Fair information Privacy Practices of US, 1974
• B.WTO's Free Trade Agreement
• C.Safe Harbor Framework
• D.EU Data Protection Directive

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements is true in respect of the India specific government projects such as Aadhaar, National Population Register (NPR), etc. that can have privacy implications?

• A.Collection of biometrics in India is a statutory requirement
• B.Proper and adequate notification is not provided to data subjects before and during the collection of their personal information
• C.Data subjects are not limited in their ability to exercise control over the ways their personal information is being used, once it has been shared by them as part of the projects
• D.Citizens are being given the choice to opt out from submitting their biometric details and are allowed to complete the environment without submitting their biometrics

Comment: *

Name: *

Email: *

Verification: *