Looking back at your first two years as the Director of Personal Information Protection and Compliance for the St. Anne’s Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data-not only records produced recently, but those still on-hand from years ago?
SCENARIO Please use the following to answer the next question: Looking back at your first two years as the Director of Personal Information Protection and Compliance for the St. Anne’s Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training...
Things (loT)?
Which of the following is an example of the privacy risks associated with the Internet of Things (loT)?A . A group of hackers infiltrate a power grid and cause a major blackout.B . An insurance company raises a person’s rates based on driving habits gathered from a connected car.C ....
What control would apply?
A user who owns a resource wants to give other individuals access to the resource . What control would apply?A . Mandatory access control.B . Role-based access controls.C . Discretionary access control.D . Context of authority controls.View AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/bs-latn-ba/azure/role-based-access-control/overview
Which Organization for Economic Co-operation and Development (OECD) privacy protection principle encourages an organization to obtain an individual s consent before transferring personal information?
Which Organization for Economic Co-operation and Development (OECD) privacy protection principle encourages an organization to obtain an individual s consent before transferring personal information?A . Individual participation.B . Purpose specification.C . Collection limitation.D . Accountability.View AnswerAnswer: C Explanation: Reference: http://oecdprivacy.org
What Privacy by Design (PbD) element should include a de-identification or deletion plan?
What Privacy by Design (PbD) element should include a de-identification or deletion plan?A . Categorization.B . Remediation.C . Retention.D . SecurityView AnswerAnswer: C
Which of the following is an example of drone “swarming”?
Which of the following is an example of drone “swarming”?A . A drone filming a cyclist from above as he rides.B . A drone flying over a building site to gather data.C . Drones delivering retailers’ packages to private homes.D . Drones communicating with each other to perform a search...
Regarding the app, which action is an example of a decisional interference violation?
SCENARIO Please use the following to answer the next question: Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based...
A key principle of an effective privacy policy is that it should be?
A key principle of an effective privacy policy is that it should be?A . Written in enough detail to cover the majority of likely scenarios.B . Made general enough to maximize flexibility in its application.C . Presented with external parties as the intended audience.D . Designed primarily by the organization's...
Before implementation, a privacy technologist should conduct which of the following?
An organization based in California, USA is implementing a new online helpdesk solution for recording customer call information. The organization considers the capture of personal data on the online helpdesk solution to be in the interest of the company in best servicing customer calls. Before implementation, a privacy technologist should...
Considering that LeadOps will host/process personal information on behalf of Clean-Q remotely, what is an appropriate next step for Clean-Q senior management to assess LeadOps' appropriateness?
SCENARIO Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in-house...