64091 Data Privacy Assessment Course Answers TCS

Question 1  

While collecting any personal information, you must:  

A. Collect as much information as possible as you would not know what information you might require later  

B. Be obscure about why you need this information or what you would use it for so that the user will not withhold any required information  

C. Limit the amount and type of information gathered to what is necessary to your identified purpose  

D. None of the above  

Correct Answer : C

Question 2  

Data privacy is a/an:  

A. Political right  

B. Employee desire  

C. Fundamental/Personal right  

D. None of the above  

Correct Answer : C

Question 3  

Which of the following is not a principle under Data Privacy?  

A. Transparency  

B. Accountability  

C. Data Utility  

D. Storage Limitation  

Correct Answer : C

Question 4  

Which of the following is true:  

A. A privacy incident need not always involve/cause a security breach  

B. A security incident need not always involve/cause a privacy breach  

C. Some incidents can be both a privacy incident as well as a security incident  

D. All of the above  

Correct Answer : D

Question 5  

I get emails from unknown sources in my TCS email box which consist of contact details of various individuals. What should I do?  

A. Raise a privacy incident in IMT  

B. Raise a security incident in IMT  

C. Reach out to those individuals to let them know about their PI being exposed  

D. Do nothing and delete such emails  

Correct Answer : B

Question 6  

Data Privacy is a matter of:  

A. Human desire  

B. Human dignity and personal liberty  

C. Human dreams  

D. None of the above  

Correct Answer : B

Question 7  

Which of the following is an example of Personal Information (PI) processing in TCS?  

A. Sharing employee ID  

B. Viewing date of joining  

C. Updating base location  

D. All of the above  

Correct Answer : D

Question 8  

Which of the following is not considered as processing of personal information?  

A. Deleting  

B. Anonymizing  

C. Pseudonymizing  

D. All are considered as processing  

Correct Answer : D

Question 9  

I have received an email from an individual asking for his/her PI handled by TCS. What should I do?  

A. Ignore the email  

B. Delete that email  

C. Consult your Supervisor, Unit/HR Function Business Privacy Lead or designated Privacy Champion in your account/sub-unit  

D. Reply to the individual with all PI you have about him/her  

Correct Answer : C

Question 10  

I have access to a lot of PI which I don't need for executing my day-to-day jobs, but since I am not using that PI, I can't be considered processing that PI. True or false?  

A. True, because processing is considered only if we use the PI  

B. True, because you don't have any purpose to use that PI  

C. False, because even accessing or storing PI is considered as processing of PI  

D. False, because you are not using that data for any documented purpose  

Correct Answer : C

Question 11  

What is more important - data security, data privacy, or data utility?  

A. Data security  

B. Data privacy  

C. Data utility  

D. All of them  

Correct Answer : D

Question 12  

Which of the following is NOT considered as Sensitive Personal Information (SPI)?  

A. Genetic data  

B. Political opinion  

C. Caste/racial origin  

D. Gender  

Correct Answer : D

Question 13  

Select the correct statement:  

A. One should throw physical copies of PI and other business confidential documents casually in trash bins or publicly, without proper shredding or tearing them off  

B. Keep minimal information for the approved period in approved locations  

C. One should always reply to all while sending emails containing personal information without determining intended/unintended recipients of the same  

D. One should always indulge in casual or informal discussions with anyone, which involves PI in it  

Correct Answer : B

Question 14  

You were working on something on your system, when you received an email to fill an Excel sheet to nominate for a sports event. You noticed in the Excel that many of your team members and your managers have nominated. What will you do?  

A. You will fill the Excel with all details and send  

B. You will delete others' data and fill in your details and send  

C. You will neither fill nor share the details with your manager  

D. You will delete the mail from your inbox and raise an incident in IMT  

Correct Answer : D

Question 15  

Which of the following is an example of Personal Information (PI) processing in TCS?  

A. Sharing employee ID  

B. Viewing date of joining  

C. Updating base location  

D. All of the above  

Correct Answer : D

Question 16  

What constitutes Personal Information (PI) in all jurisdictions?  

A. Information related to any individual or natural person  

B. Information related to a family  

C. Information related to TCS  

D. Information related to a client organization  

Correct Answer : A

Question 17  

Which of the following is not a cause for a privacy breach/incident?  

A. Human errors  

B. Unlawful processing of PI  

C. Controller responding to a criminal data request by concerned/regulatory authorities without consent from Data Subject  

D. Cyber attacks  

Correct Answer : C

Question 18  

Where would you generally find detailed roles and responsibilities of privacy office, officer, and other stakeholders?  

A. Privacy Requirements and Procedures Manual in iQMS  

B. RACI matrix in HR procedures manual  

C. Roles and Responsibilities document in iQMS  

Correct Answer : A

Question 19  

Mr. John has given the responsibility of taking care of his tax filing to a CA firm ABC. The firm ABC will prepare and process John's income and taxes as per the procedure defined by the taxation authority. ABC is a:  

A. Data Processor  

B. Data Controller  

C. Joint Controller  

D. Data Sub-Processor  

Correct Answer : B

Question 20  

A utilities organization (water, electricity) engages a company, which operates call centers to provide many of its customer services functions on its behalf. The call center staff has access to various information of the utilities organization, such as the company's customer records for providing those services. But, they may only use the information for specific purposes and in accordance with strict contractual arrangements. From the following options, select the statement that holds true:  

A. The utilities company remains the data controller, while the call center is the data processor  

B. The call center remains the data controller, while the utility company is the data processor  

C. The utilities company acts as both data controller and data processor  

D. The call center acts as data controller and data processor  

Correct Answer : A

Question 21  

Which of the following is true:  

A. A privacy incident need not always involve/cause a security breach  

B. A security incident need not always involve/cause a privacy breach  

C. Some incidents can be both a privacy incident as well as a security incident  

D. All of the above  

Correct Answer : D

Question 22  

From the following options, select the one that you should NOT do in order to keep your personal information secure:  

A. Keep passwords secure by changing them regularly and not sharing them with anyone  

B. Lock the screen/log off computers when you are not at your desk  

C. Dispose of confidential paper waste just by tearing and not shredding  

D. Prevent virus attacks by taking care when opening emails and attachments or visiting new websites  

Correct Answer : C

Question 23  

For troubleshooting, another vendor (customer's vendor or a third party like a storage/network team) requires a log/dump to be provided to them. You should:  

A. Share the information as this is required for official purposes  

B. Give them the user ID and password to generate the log/dump as you are involved in another critical task  

C. Secure your client's consent for sharing the file if that file contains PI or share it after removing the PI  

D. Warn them that the file contains PI, should not be used for any other purpose and should be destroyed after the incident is resolved  

Correct Answer : C

Question 24  

You want to run a survey across your team to gather their preferences on working hours. What should you do?  

A. Reach out to your unit/function Business Privacy Lead and to your unit/function's HR  

B. Draft the sample questions and start obtaining responses, as you are the team lead and have full rights to access any PI of your team members  

C. Instead of running a survey on a digitized portal, call each associate and document all preferences and other PI in your notebook  

D. Reach out to a team member and hand over a sheet to them to draft everyone's responses on that sheet  

Correct Answer : A

Question 25  

Which of the following is NOT considered as Sensitive Personal Information (SPI)?  

A. Genetic data  

B. Political opinion  

C. Caste/racial origin  

D. Gender  

Correct Answer : D