Canadian Privacy Laws and Practices in the Private Sector
Ask AstroTutor
In 2007, four employees of TELUS Communications Corporation filed a complaint with the Privacy Commissioner of Canada in connection with the collection of what personal information?
AVoiceprint information.
BDrivers’ licenses.
CUrine samples.
DVideo images.
0
Question 2
Canadian Privacy Fundamentals
0
Question 3
Canadian Privacy Laws and Practices in the Private Sector
0
Question 4
Canadian Privacy Laws and Practices in the Public Sector
Which organization was the primary influence in the development of Canadian privacy with their publication of a set of eight privacy principles?
AThe Organization for Economic Co-operation and Development (OECD).
BThe Canadian Institute of Chartered Accountants (CICA).
CThe Center for Democracy and Technology (CDT).
DThe Canadian Standards Association (CSA).
According to the federal court ruling in the Eastman Case, video cameras in the workplace are considered to be collecting personal information?
AAt the moment a recording occurs.
BWhen a camera is on, even if it is not yet recording.
CAs soon as the data is saved to a workplace server.
DWhen someone within the organization views the recording.
Which province requires its government bodies to store and access personal information exclusively in Canada unless additional consent is obtained, or if outside storage is judged necessary?
ANova Scotia
BQuébec.
COntario.
DAlberta.
The movement toward comprehensive privacy and data protection laws can be attributed to a combination of three major factors: the need to remedy past injustices, the need to promote a digital economy and the need to ensure consistency with?
ASelf-regulatory laws.
BPan-European laws.
CPan-Asian laws.
DGlobal laws.
Question 6
Canadian Privacy Laws and Practices in the Private Sector
0
Question 7
Canadian Privacy Laws and Practices in the Private Sector
Question 8
Canadian Privacy Laws and Practices in the Private Sector
Question 9
Canadian Privacy Laws and Practices in the Private Sector
Question 10
Canadian Privacy Fundamentals
Question 11
Canadian Privacy Laws and Practices in the Private Sector
Question 12
Canadian Privacy Laws and Practices in the Public Sector
Question 13
Canadian Privacy Laws and Practices in the Public Sector
Question 14
Canadian Privacy Laws and Practices in the Public Sector
Question 15
Enforcement Agencies and Powers
Question 16
The Canadian Government and Legal System
Question 17
Canadian Privacy Laws and Practices in the Public Sector
Question 18
Canadian Privacy Laws and Practices in the Private Sector
Question 19
Canadian Privacy Laws and Practices in the Private Sector
Question 20
Canadian Privacy Laws and Practices in the Private Sector
Question 21
Canadian Privacy Fundamentals
Question 22
Canadian Privacy Laws and Practices in the Public Sector
Question 23
Canadian Privacy Laws and Practices in the Private Sector
Question 24
Canadian Privacy Laws and Practices in the Public Sector
Question 25
Canadian Privacy Laws and Practices in the Private Sector
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
According to the Alberta Personal Information Protection Act, which of the following data breach reporting notifications to the commissioner is NOT automatically triggered when real risk of significant harm (RROSH) has been determined?
AProviding a description of the steps the organization will take to notify the affected individual(s).
BProviding a description of the steps the organization has taken to reduce or mitigate that harm.
CProviding an estimate of the number of individuals affected by the breach.
DProviding a description of the personal information involved in the breach.
A commercial business in Canada is allowed to collect personal information without the knowledge or consent of the individual in all of the following circumstances EXCEPT when?
AThe collection is for journalistic or literary purposes.
BThe collection is in the interests of the individual and the consent cannot be obtained in a timely way.
CThe collection would lead to the creation of products that would benefit the public and consent would be difficult to obtain.
DThe collection, with the knowledge of the individual, would compromise the availability and accuracy of the information and the collection is reasonable for the purposes related to investigating a federal law.
Which of these employees would be subject to the Personal Information Protection and Electronic Documents Act (PIPEDA)?
AThe staff of an airline offering flights across Canada.
BUnderwriters for a New Brunswick insurance company.
CClerks at a Montreal credit union based out of Montreal.
DThe information technology department of the Saskatchewan Office of Residential Tenancies of Saskatchewan.
Which statement is TRUE regarding health information privacy laws in Canada?
AObligations regarding accountability for health information are transferred when control is outsourced to a third party.
BEmphasis is given to personal information protection over the maintenance of the publicly funded healthcare system.
CThere is a significant amount of variation among provinces regarding the definition of consent and how the consent requirement is addressed.
DIn provinces where there are no health information privacy statutes, a combination of the public health regulations and the private sector privacy legislation apply.
Which is NOT a Canadian Standards Association (CSA) Privacy Principle?
APersonal information shall be protected by the same security safeguards regardless of the sensitivity of the information.
BThe purpose for which personal information is collected shall be identified by the organization at or before the time the information is collected.
CThe degree to which personal information must be kept accurate and complete is determined by whether its original purpose has been achieved.
DUpon request, an individual shall be informed of the existence, use and disclosure of their personal information and shall be given access to that information.
A federally regulated company based in Ontario has customers in Ontario, Quebec, New Brunswick, Alberta and British Columbia. Unfortunately, a third-party vendor that provides marketing support to the company experiences a privacy breach which impacts the personal information of all its customers across the provinces where it operates.
The Privacy Officer determines that the breach causes a real risk of significant harm to their customers and is tasked with reporting the breach to the relevant regulators.
With which provincial privacy regulators does the company have to file a report?
AIt is unnecessary to file a report with any provinces because the company is federally regulated
BAll of the provinces where its customers are located
CNew Brunswick and British Columbia only
DQuébec and Alberta only
According to the federal Privacy Commissioner, what protection is missing from the Privacy Act regarding outsourcing of government work that contains personal information?
AA statement preventing the vendor to whom the information is outsourced to subcontract its processing.
BA statement granting the Privacy Commissioner the right to issue orders following an investigation into a possible data breach.
CA statement requiring the government agency to complete a Privacy Impact Assessment (PIA) prior to outsourcing to a third party.
DA statement indicating that the government institution from which the information is outsourced remains accountable for its security.
In which situation could a request for access to one’s personal information be denied under the Privacy Act?
AThe personal information was collected by the Royal Canadian Mounted Police while performing policing services for a province or municipality.
BThe personal information was obtained in confidence from a foreign state or agency which has consented to the disclosure of the information.
CThe release of the personal information could reasonably be expected to cause injury to a protected species of wildlife.
DThe personal information is more than 20 years old and relates to the detection or suppression of money laundering.
What must a federal government department do before it implements an electronic service (e-service)?
AConduct a preliminary PIA before acquiring the service
BComplete a PIA in accordance with Treasury Board guidelines.
CPublish a privacy statement in newspapers and on the government website.
DDetermine if the Office of the Privacy Commissioner must be notified of the launch of this new e-service
What can be concluded from the Blood Tribe case regarding the Privacy Commissioner's access to information?
AThe commissioner cannot receive information unless it is gathered under oath.
BThe commissioner cannot ask an organization to prove that a document is privileged.
CThe commissioner can compel the production of all documents that are relevant to the investigation.
DThe commissioner can officially request proof that desired information is subject to solicitor-client privilege.
Which of the following existing frameworks is least effective in addressing emerging AI issues while specific AI legislation is being decided?
AThe Canada Consumer Product Safety Act.
BThe Motor Vehicle Safety Act.
CThe Copyright Act.
DThe Criminal Code.
What is required through the "circle of care" concept under Canadian health information privacy law?
AHealth information custodians or trustees be specified only by applicable law or regulation
BAn individual’s consent may be implied unless the individual has refused consent or if the purpose of the disclosure is not to provide health care.
CNotification to the individual be made in the event of a data breach of personal health information (PHI) by an organization that is based in Canada
DConsent must be expressed or implied when a custodian discloses personal health information (PHI) to another custodian for the purpose of providing health care.
Which of the following specifically differentiates between regular personal information and employee-related or work-product information?
AThe Privacy Act.
BThe Quebec Act.
CBritish Columbia’s Personal Information Protection Act (PIPA).
DPersonal Information Protection and Electronic Documents Act (PIPEDA).
Under PIPEDA, each of the following situations requires an organization to obtain express consent to use personal information EXCEPT?
AIf the use is outside of the reasonable expectations of an individual.
BIf the information is publicly available as defined by the regulation.
CIf the use is inconsistent with the original purpose.
DIf there is no risk of significant harm.
What is required for a provincial law to be considered substantially similar to the Personal Information Protection and Electronic Documents Act (PIPEDA)?
AConsistency with at least eight of the ten privacy principles, an independent oversight body and a complaint handling mechanism.
BConsistency with the ten privacy principles, an independent oversight body and a process for accessing information.
CConsistency with the ten privacy principles, an independent oversight body and a redress mechanism.
DConsistency with the ten privacy principles, an appeal process and a redress mechanism.
According to the Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems, signatories commit to doing all of the following EXCEPT?
AContributing to the development and application of AI standards.
BSharing information and best practices of AI governance.
CSupporting public awareness and education on AI.
DAdopting low-risk uses of AI.
The Government of Canada’s Directive on Privacy Impact Assessments applies to all of the following EXCEPT?
AThe Ministry of Health
BThe Bank of Canada.
CCrown Corporations.
DThe Cabinet.
A company wants to invest in DEI initiatives within their organization and plans to survey employees by asking for locality, age, salary, gender, ethnicity, religion, sexual orientation, physical/mental disabilities, department, and job level.
The best solution to protect the personal information collected in the survey is to?
AUse a pseudonym to identify employees.
BChoose a survey tool located in Canada.
CEncrypt the sensitive information collected and stored.
DAdjust all survey questions so that no identifying information can be collected.
According to the Privacy Act, which of the following disclosures of personal information by a government institution would require the data subject’s consent?
AWhen disclosing to a law enforcement body.
BWhen disclosing to comply with a search warrant.
CWhen disclosing to a registered charitable organization.
DWhen disclosing to a member of parliament to assist in resolving a problem.
Under PIPEDA, each of the following are considered to be personal information EXCEPT?
AA public official’s salary published on a government web site.
BA person’s telephone number published in a public directory.
CA photograph taken in public and published in a newspaper.
DInformation about a defendant contained in court records.
