Module 1. Students loans data breach (Canada)
Question 1. What does PIPEDA stand for?
- Personal Incidents of Privacy for Electronic Documents Act
- Personal Information Protection and Electronic Documents Act
- Privacy Information of Protections of Electronic Documents Act
- Privacy Institute of Protections of Electronic Documents Act
- Privacy Initiative for Protection of Electronic Data Act
Question 2. Which data privacy federal law does the case study incident fall under in Canada?
- The Private Citizens Act
- The Privacy Act
- The Personal Information Protection and Electronic Data Act (PIPEDA)
- The Personal Information Protection and Electronic Documents Act (PIPEDA)
- The Personal Internet Protection and Electronic Documents Act (PIPEDA)
Question 3. In the case study, why did the ESDC’s Canada Student Loans Program (CSLP) employee make a backup copy of the program information stored in the central computer?
- He/she knew someone in the data set and wanted to see the value of their loans
- To sell the data on the dark web
- To view the data at home
- To keep the data for personal use after he/she resigned from the organization
- To protect against an accidental loss or deletion of the files during a data migration
Module 2. Target corp (USA)
Question 1. Under The Personal Information Protection and Electronic Documents Act, PIPEDA, is credit card information considered ‘personal information’?
Question 2. Are bricks and mortar physical stores covered under the Personal Information Protection and Electronic Documents Act, PIPEDA?
Question 3. Is an online commercial business that sells jewelry online and has a maximum of 99 employees covered under the Personal Information Protection and Electronic Documents Act, PIPEDA?
Module 3. Think W3 (UK)
Question 1. According to General Business Law § 899-aa in the Doritex Corp. case, when should a company notify affected individuals and various government agencies of a data breach?
- In the most expedient time possible
- Within 7 days of the breach
- Within 5 business days of the breach
- Within 30 days of the breach
- At the end of the financial year
Question 2. Which of the 8 data protection principles did Think W3 UK infringe in the Case Study?
- First Principle – Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 is met and in the case of sensitive personal data, at least one of the conditions set out in Schedule 3 or either of the two Statutory Instruments below is met.
- Third principle – Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Fourth principle – Personal data shall be accurate and, where necessary, kept up to date.
- Seventh principle – Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Eighth principle – Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data
- subjects in relation to the processing of personal data.
Question 3. Which of the following statements is one of the 7 guiding principles of Privacy by Design?
- The 80/20 Rule, 20% of the team see 80% of the data
- Data access by pay grade
- Soft copy before hard copy
- Reduce waste
- Proactive not reactive
Module 4. Home depot (USA)
Question 1. Hackers deployed custom-built malware on which Home Depot system?
- Alarm system
- Surveillance system
- Self-checkout system
- Loyalty card system
- Company Intranet
Question 2. What can companies do to prevent hacks?
- Limit the number of password attempts in a short period
- Increase the number of users on the platform
- Pay lawyers to litigate any attempts at hacking
- Host the apps and websites on international servers
- Encourage employees to save their passwords in a ‘Passwords’ folder on the company network
Question 3. From what you learnt in the ‘Tips for strong passwords’ section, which of these is considered a strong password?
Question 4. How did hackers access the Home Depot network?
- A vendor’s username and password
- A vendor’s USB stick
- An open wifi network
- A card cloning machine
- A vendor’s mobile phone
Module 5. Privacy Tips
Question 1. Which of these is on the list of ‘worst password ideas’?
- Medical procedures
- Another family member’s name
- Made up words
- Phrase combinations
- Phrases in another language
Question 2. In the ’10 Privacy Tips of Companies’ list, on completion of projects, all materials relating to a project should be deleted, __________________
- including backups.
- excluding backups.
Data Privacy Fundamentals Cognitive Class Final Exam Answers
Question 1. Why did OneStopParking put off the website update?
- Because the update broke portions of the website
- Because the website was programmed to do automatic updates
- Because no one received the notification about an update
- Because the web administrator was on maternity leave
- Because no one knew how to do the update
Question 2.OneStopParking was able to determine exatly which customers were affected by the breach:
Question 3. How many days after OneStopParking learned about the breach did they remedy the situation?
- 6 days
- 21 days
- 15 days
- 17 days
- 3 days
The ‘Justin’ Case Study – Multiple Choice Answers
Question 4. Based on what you have learnt in this course, which of the following options is a good Privacy by Design feature in a database system?
- the database system auto saves passwords in the browser
- the database system allows multiple attempts after an incorrect password entry
- the database system include historical personal customer data that no one uses
- the database system prompts administrators to change the password regularly
- the database system lets administrators recycle passwords
- Yes – The request seems reasonable as long as you guess the correct password in under 5 attempts.
- No – The request seems unethical and you should advise Justin to report his password problem.
- No – The request seems unethical and you should not get involved.
- No – The request seems unethical and you should report Justin for his irresponsible password practices.
- Yes – You have the skills to help Justin with his password problem, you should offer your assistance without question.