Database Management > QUESTIONS & ANSWERS > CIPP/E Examination Prep Study Guide (All)

CIPP/E Examination Prep Study Guide

Document Content and Description Below

CIPP/E Examination Prep Study Guide Prohibition of cross border data transfers under Data Privacy Directive 95/46/EC apply when - ANS - data transferred from a jurisdiction in the EU to a third country. What treaty or convention allowed the Data Protection Directive 95/46/EC to be used as a harmonising measure for European Member states. - ANS - The Treaty of Rome Direct marketing would include: - ANS - Email promoting new book on sale. What two opposing forces needed to be considered in formulating a privacy framework in the European Economic Community? - ANS - Concerns for personal freedom and privacy and ability to support free trade. What principle is contained in art 12 of the Human Rights Declaration? - ANS - The right to a private life and associated freedoms. What right is protected by art 19 of the Human Rights Declaration? - ANS - The right to freedom of opinion and expression. Which article of the Human Rights Declaration reconciles articles 12 and 19 and how is it stated? - ANS - Article 29(2) states that individual rights are not absolute and there are instances where a balance must be struck to limit their exercise. What was the purpose of the European Convention on Human Rights? - ANS - It was an international treaty to protect human rights and fundamental freedoms. Name special categories of data. - ANS - Racial or ethnic origin, political affiliations/opinions, health information, sex life, religious beliefs, trade union membership.p 58 What are the specific rights enumerated in the ECHR? - ANS - right to life, prohibition of torture, prohibition of slavery and forced labour, right to liberty and security, right to a fair trial, no punishment w/o law, respect for private and family life, freedom of thought, conscience and religion, freedom of expression, freedom of assembly and association, right to marry, right to an effective remedy and prohibition of discrimination. What are the two rights provided under article 8 of the ECHR? - ANS - 1. right to respect for private and family life and his correspondence. 2. No interference by public authority of this right except in accordance to law and is necessary in a democratic society in the interest of national security public safety... What does article 10 of the ECHR deal with? - ANS - Right to freedom of expression and to share information and ideas across borders but qualified so as to protect the privacy of individuals What are the obligations imposed on EU member states as seen under the Data Protection Directive 95/45/EC or the Data Protection Director or 'the Directive'? - ANS - The Directive sets out general principles and leaves the member states to implement these principles as they see fit. p 38 What are the exceptions to the consent required for cookies under the e-Privacy directive 2002/58/EC? - ANS - where 1) storage or access is for the sole purpose of carrying out transmission of communication over an electronic network and 2) strictly necessary for information service explicitly requested by user p 43 What is the most pertinent amendment to the e-Privacy Directive? - ANS - Cookies require prior information and consent. p 43 When could a data controller collect data from 3rd parties without notification to the data subjects under Data Protection Directive 95/49/EC? - ANS - A pre-approved marketing effort. p 43. Who makes sure directive are implemented properly by the member states? - ANS - The European Commission. p 27-28 What institution adopts adequacy findings(by which non members are regarded as providing adequate levels of data protections) for the European Union? - ANS - The European Commission. p 29 Which directive or convention contains specific provisions for data breaches? - ANS - The Privacy and Electronic Communications Directive. p 42 What is the exemption in the e-Privacy Directive 2002/58/EC allowing data controllers to send electronic marketing information? - ANS - The recipients are existing customers. p 43. Under the Data Protection Directive (95/46/EC) what type of data subject is not covered? - ANS - Legal persons would seem not to be but is not prohibited either(and some local laws afford some protection) and also deceased individuals do not constitute 'natural persons' although in some member states (Italy) data protection rules apply to deceased individuals under certain circumstances. p 63. Name some of the conditions to be satisfied in order to process personal data in line with European Data Protection concepts/principles. - ANS - Obtained and processed fairly and lawfully, for legitimate purposes, adequate/relevant/not excessive for purposes, accurate/up to date, preserved for no longer than required. p 81 Name an incompatible purpose for processing data beyond originally specified purpose. - ANS - Performance of a contract. If this were not true, then a mere contract would allow processing data for any purpose. One exception is research p 87- specifically allowed p 85-86. In the Data Protection Directive 95/46/EC what is "any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to persona data relating to him being processed"? - ANS - Unambiguous consent. p 94 Under Data Protection Directive 95/46/EC what info must be included in the notification of data processing? - ANS - Name of the data controller processing data and the purpose of the processing. p 109 If personal data is not obtained directly from the data subject when should fair processing information be provided? - ANS - At the time personal data is recorded or if disclosure to 3rd party contemplated then no later than at the time data is first disclosed. p 111 When should a company respond to a former employee's request for his personal information (email, etc.)? - ANS - ASAP-taking into account local data protection rules. p 126 Within what period of time must a company respond to a former employees data requrest? - ANS - As soon as possible and within the national legal requirement. p 126 What should a company do in response to a former employee's request for his email correspondence during his employment? - ANS - Since the company must not infringe the right to privacy of third parties also identified in the data, affected employees may need to be informed and consent obtained before rele

[Show More]

Last updated: 3 years ago

Preview 1 out of 9 pages

Buy Now

Instant download

We Accept: