CERTIFICATION FOUNDATION PRACTICE TEST 45
QUESTIONS WITH VERIFIED ANSWERS 2025/2026
1) The correct answer is A: [Information privacy and territorial privacy.]
Information privacy and territorial privacy are of particular interest with regard to
data protection and privacy laws and practices. Information privacy is concerned
with establishing rules that govern the collection and handling of personal
information. Territorial privacy is concerned with placing limits on the ability to
intrude into another individual's environment. Foundations of Information Privacy
and Data Protection, p. 2. - CORRECT ANSWER 1. What are two of the four main
categories of data protection and privacy law and practices?
A. Information privacy and territorial privacy.
B. Territorial privacy and health privacy.
C. Communications privacy and health privacy.
D. Bodily privacy and spatial privacy.
2) The correct answer is C: [The right to respect for an individual's privacy and
family life.] Article 8 of the European Convention for the Protection of Human
Rights and Fundamental Freedoms provides that "[e]veryone has the right to
respect for his private and family life, his home and his correspondence." Note:
Article 8 of the treaty limits a public authority's interference with an individual's
right to privacy, but acknowledges an exception for actions in accordance with the
law that are necessary to preserve a democratic society. Foundations of
Information Privacy and Data Protection, p. 3. - CORRECT ANSWER 2. What is
provided in Article 8 of the European Convention for the Protection of Human
Rights and Fundamental Freedoms?
A. The right of every individual to vote in his or her own country.
B. The right of public authorities to collect certain necessary personal data.
,C. The right to respect for an individual's privacy and family life.
D. The right of consumers to freely choose their service provider.
3) The correct answer is B: [Public records, publicly available information and
nonpublic information are the three main sources of personal information.]
Depending on the source of the personal information, there are different ways
that it should be treated. Organizations should be alert to the possibility that the
same information may be public record, publicly available and nonpublic. For
example, if a person's name is in the phone book and on medical records, the
name in the phone book could be treated as publicly available information
whereas the name on the medical records should be treated as nonpublic
information. Foundations of Information Privacy and Data Protection and Data
Protection, p. 8. - CORRECT ANSWER 3. What are the three main sources of
personal information?
A. Public and private sector financial records, medical records and military service
records.
B. Public records, publicly available information and non-public information.
C. National insurance information, employment records and law enforcement
records.
D. Birth records, national and foreign government records and state/provincial
government information.
4) The correct answer is B: [Information about a company's leads or prospects.]
Information about a company's leads or prospects may be considered personal
information. In addition to customer contact and demographic information,
personal information may include purchase history, other history of interactions,
information about leads or prospects, former customers, market research
participants, voice recording of telephone calls, citizens or others who receive
benefits from the government and tax records and other records held by the
, government. Foundations of Information Privacy and Data Protection, p. 10. -
CORRECT ANSWER 4. Which of these elements may be considered personal
information?
A. Information relating to a company's primary competitors.
B. Information about a company's leads or prospects.
C. Company's financial information disclosed on its website.
D. The physical location of a company's headquarters.
5) The correct answer is D: [Department assignment.] The human resources data
element that is not generally considered personal data is the department
assignment. Typical elements of personal human resources information include
salary, job title, productivity and performance statistics, medical and pension
benefits, employee evaluations disabled, veteran or other relevant status, location
information, nationality. Typically, comprehensive data protection laws treat
employee and other human resources information under the general rules for
personal information, but some countries may have specific obligations for human
resources information. Foundations of Information Privacy and Data Protection, p.
9. - CORRECT ANSWER 5. Which human resources data element is not generally
considered personal data?
A. Employee evaluation.
B. Job title.
C. Salary.
D. Department assignment.
6) The correct answer is D: [An entity that holds personal data and determines the
purpose of use.] A data controller is an entity that holds personal data and
determines the purpose of use. The entity—an individual or an organization—has
the authority to decide how and why personal information is to be processed.
QUESTIONS WITH VERIFIED ANSWERS 2025/2026
1) The correct answer is A: [Information privacy and territorial privacy.]
Information privacy and territorial privacy are of particular interest with regard to
data protection and privacy laws and practices. Information privacy is concerned
with establishing rules that govern the collection and handling of personal
information. Territorial privacy is concerned with placing limits on the ability to
intrude into another individual's environment. Foundations of Information Privacy
and Data Protection, p. 2. - CORRECT ANSWER 1. What are two of the four main
categories of data protection and privacy law and practices?
A. Information privacy and territorial privacy.
B. Territorial privacy and health privacy.
C. Communications privacy and health privacy.
D. Bodily privacy and spatial privacy.
2) The correct answer is C: [The right to respect for an individual's privacy and
family life.] Article 8 of the European Convention for the Protection of Human
Rights and Fundamental Freedoms provides that "[e]veryone has the right to
respect for his private and family life, his home and his correspondence." Note:
Article 8 of the treaty limits a public authority's interference with an individual's
right to privacy, but acknowledges an exception for actions in accordance with the
law that are necessary to preserve a democratic society. Foundations of
Information Privacy and Data Protection, p. 3. - CORRECT ANSWER 2. What is
provided in Article 8 of the European Convention for the Protection of Human
Rights and Fundamental Freedoms?
A. The right of every individual to vote in his or her own country.
B. The right of public authorities to collect certain necessary personal data.
,C. The right to respect for an individual's privacy and family life.
D. The right of consumers to freely choose their service provider.
3) The correct answer is B: [Public records, publicly available information and
nonpublic information are the three main sources of personal information.]
Depending on the source of the personal information, there are different ways
that it should be treated. Organizations should be alert to the possibility that the
same information may be public record, publicly available and nonpublic. For
example, if a person's name is in the phone book and on medical records, the
name in the phone book could be treated as publicly available information
whereas the name on the medical records should be treated as nonpublic
information. Foundations of Information Privacy and Data Protection and Data
Protection, p. 8. - CORRECT ANSWER 3. What are the three main sources of
personal information?
A. Public and private sector financial records, medical records and military service
records.
B. Public records, publicly available information and non-public information.
C. National insurance information, employment records and law enforcement
records.
D. Birth records, national and foreign government records and state/provincial
government information.
4) The correct answer is B: [Information about a company's leads or prospects.]
Information about a company's leads or prospects may be considered personal
information. In addition to customer contact and demographic information,
personal information may include purchase history, other history of interactions,
information about leads or prospects, former customers, market research
participants, voice recording of telephone calls, citizens or others who receive
benefits from the government and tax records and other records held by the
, government. Foundations of Information Privacy and Data Protection, p. 10. -
CORRECT ANSWER 4. Which of these elements may be considered personal
information?
A. Information relating to a company's primary competitors.
B. Information about a company's leads or prospects.
C. Company's financial information disclosed on its website.
D. The physical location of a company's headquarters.
5) The correct answer is D: [Department assignment.] The human resources data
element that is not generally considered personal data is the department
assignment. Typical elements of personal human resources information include
salary, job title, productivity and performance statistics, medical and pension
benefits, employee evaluations disabled, veteran or other relevant status, location
information, nationality. Typically, comprehensive data protection laws treat
employee and other human resources information under the general rules for
personal information, but some countries may have specific obligations for human
resources information. Foundations of Information Privacy and Data Protection, p.
9. - CORRECT ANSWER 5. Which human resources data element is not generally
considered personal data?
A. Employee evaluation.
B. Job title.
C. Salary.
D. Department assignment.
6) The correct answer is D: [An entity that holds personal data and determines the
purpose of use.] A data controller is an entity that holds personal data and
determines the purpose of use. The entity—an individual or an organization—has
the authority to decide how and why personal information is to be processed.
