Free CIPP-C Practice Test Questions and Answers (2026) | Cert Empire

In Ontario, a patient attends an appointment with a physician and reveals information about some new symptoms that she has been experiencing. Based on this information, the physician diagnoses the patient with a condition and prepares the report detailing the applicable history and diagnosis. The report is added to the patient’s record. The patient later regrets revealing certain facts and doesn’t want anyone else to know about these symptoms or the diagnosis. She acknowledges that the information she provided was correct and does not question the diagnosis. Which of the following requests would the patient be most successful at pursuing?

The Government of Canada’s Directive on Privacy Impact Assessments applies to all of the following EXCEPT?

Why is biometric information considered sensitive personal information in almost all circumstances?

Which act also includes references to the Privacy Act?

A private organization called Vision 3072 must verify the information they are collecting is up to date in order to avoid misinformed actions or decisions. Which privacy principle is intended to make sure this verification is happening?

Of the key principles in the Personal Information Protection and Electronic Documents Act (PIPEDA), which principle in particular contributes to the increase in privacy policies in recent years?

A federally regulated company based in Ontario has customers in Ontario, Quebec, New Brunswick, Alberta and British Columbi a. Unfortunately, a third-party vendor that provides marketing support to the company experiences a privacy breach which impacts the personal information of all its customers across the provinces where it operates. The Privacy Officer determines that the breach causes a real risk of significant harm to their customers and is tasked with reporting the breach to the relevant regulators. With which provincial privacy regulators does the company have to file a report?

What is required of a private sector organization that is subject to a finding by a Canadian federal or

An Alberta resident has signed up for a health wellness "app" developed by a British Columbia based software provider that stores the data in British Columbi a. The application has various non-healthcare related uses. The individual inputs their name and email address in the application to subscribe to health and wellness tips. The collection and use of the individual’s name and email address by the British Columbia based scheduling app would fall under what legislation?