Which of the following mechanisms or steps are likely to be taken by an organization for implementing privacy program?
i Deploying physical and technology safeguards to protect personal information assets ii. Privacy consideration in product and service design iii. Privacy implementation to focus only on projects impacted by privacy breaches iv. Benchmarking against industry peers' privacy implementation v. Installing privacy enhancing tools and technologies for the projects dealing with organization's intellectual property Please select the correct set of statements from the below options:

• A.Only i, ii and iv
• B.All
• C.Only i, and ii
• D.All except iii

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements are true about the privacy statement of an organization?

• A.India's Information Technology (Amendment) Act, 2008 does not require that privacy policy be published on the website
• B.As per privacy laws generally it is mandatory to mention the phone contact details of the owner of organization in the online privacy statement where customers can reach out in case of a grievance or incident
• C.Online privacy statement is an instrument to demonstrate to stakeholders how the organization gathers, uses, discloses, and manages personal data
• D.Content of the online privacy statement of an organization will depend upon the applicable laws, and may need to address requirements across geographical boundaries and legal jurisdictions

Comment: *

Name: *

Email: *

Verification: *

As a privacy assessor, what would most likely be the first artifact you would ask for while assessing an organization which claims that it has implemented a privacy program?

• A.Privacy risk management framework
• B.Records of privacy specific training imparted to the employees handling personal information
• C.Personal information management policy
• D.Records of deployed privacy notices and statements

Comment: *

Name: *

Email: *

Verification: *

Which of the following statement about Personally Identifiable Information (PII) is true?

• A.None of the above
• B.PII is a subset of Sensitive Personal Information
• C.PII is any information about a legal entity including details of its registration or any information that
  may allow its easy identification
• D.PII is necessarily a single data element, not a combination of data elements, which can uniquely identify
  an individual

Comment: *

Name: *

Email: *

Verification: *

What does PHI stand for, as per HIPAA/ HITECH?

• A.Public health information
• B.Personal heuristic information
• C.Personal health information
• D.Protected health information

Comment: *

Name: *

Email: *

Verification: *