A private sector daycare’s portal for parents stores their children’s photos, allergy information and date of birth. A parent has asked about the portal’s security requirements and in three months still not has received an answer. What is missing from the daycare’s procedures?
Which case, brought before the Federal Court, helped determine that the Office of the Privacy Commissioner of Canada (OPC) had jurisdiction to investigate complaints about United States companies collecting, using and disclosing the personal information of individuals within Canada?
Which of the following describes a difference between the federal Privacy Commissioner and provincial commissioners?
An Alberta resident has signed up for a health wellness "app" developed by a British Columbia based software provider that stores the data in British Columbia. The application has various non-healthcare related uses. The individual inputs their name and email address in the application to subscribe to health and wellness tips.
The collection and use of the individual’s name and email address by the British Columbia based scheduling app would fall under what legislation?
According to PIPEDA, all of the following data is considered sensitive: physical disability, ethnicity, sexual orientation and?
According to the federal Privacy Act, before collecting personal information, public-sector organizations are required to ensure that any of the following are met EXCEPT?
According to the Canadian Standards Association (CSA) Model Code, how long should personal information be retained?
What is required for a provincial law to be considered substantially similar to the Personal Information Protection and Electronic Documents Act (PIPEDA)?
Which question is NOT part of the Office of the Privacy Commissioner of Canada’s (OPC’s) four-point test for establishing whether providing access to genetic testing results goes beyond what is necessary or reasonable?
Under PIPEDA, each of the following are considered to be personal information EXCEPT?
Which action will help a business prove compliance under Canada’s Anti-Spam Legislation (CASL)?
According to the Privacy Act, which of the following disclosures of personal information by a government institution would require the data subject’s consent?
In which situation could a request for access to one’s personal information be denied under the Privacy Act?
In which instance is your personal information deemed publicly available?
In what situation is the federal Privacy Commissioner authorized to proceed to federal court?
What is required of a private sector organization that is subject to a finding by a Canadian federal or
To whom does the Privacy Commissioner of Canada report?
What is a difference between the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Personal Information Privacy Act (PIPA) of both Alberta and British Columbia?
In which circumstance do private sector privacy laws permit collection of information without consent?
In comparing British Columbia’s privacy laws with the health information privacy acts of the remaining provinces, BC’s privacy laws?
The process of de-identification where new data elements are substituted for identifying information is?
In Ontario, a patient attends an appointment with a physician and reveals information about some new symptoms that she has been experiencing. Based on this information, the physician diagnoses the patient with a condition and prepares the report detailing the applicable history and diagnosis. The report is added to the patient’s record. The patient later regrets revealing certain facts and doesn’t want anyone else to know about these symptoms or the diagnosis. She acknowledges that the information she provided was correct and does not question the diagnosis.
Which of the following requests would the patient be most successful at pursuing?