DCPLA Free Sample Questions

A lead assessor is reviewing the data flow diagram of a mobile banking application. The diagram shows that the user's precise geolocation data is sent to a third-party marketing analytics provider to 'personalize offers'. This specific data flow and purpose was not disclosed in the customer-facing privacy notice. This is a direct contravention of which core privacy principle, central to the DAF-P assessment? ```mermaid graph TD A[Mobile App on User Device] -- Geolocation Data --> B(Third-Party Marketing Analytics) A -- Transaction Data --> C{Bank's Core Processing System} C --> D[Bank's Internal Analytics] ```

__________ calls for inclusion of data protection from the onset of the designing of systems. A.Agile ModelB.Privacy by DesignC.Logical DesignD.Safeguarding Approach

Which of the following are classified as Sensitive Personal Data or Information under Section 43A of ITAA, 2008? (Choose all that apply.) A.PasswordB.Financial informationC.Sexual orientationD.Caste and religious beliefsE.Biometric informationF.Medical records and history

Entities should collect personal information from user that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. This Privacy Principle is called: A.Collection LimitationB.Use LimitationC.AccountabilityD.Storage Limitation