Certified Information Privacy Professional – Canada (CIPP/C) — Question 10

Which is NOT a Canadian Standards Association (CSA) Privacy Principle?

Answer options

• A. Personal information shall be protected by the same security safeguards regardless of the sensitivity of the information.
• B. The purpose for which personal information is collected shall be identified by the organization at or before the time the information is collected.
• C. The degree to which personal information must be kept accurate and complete is determined by whether its original purpose has been achieved.
• D. Upon request, an individual shall be informed of the existence, use and disclosure of their personal information and shall be given access to that information.

Correct answer: C

Explanation

Option C is correct because it misrepresents the CSA principles; the accuracy and completeness of personal information should be maintained regardless of whether its original purpose has been achieved. Options A, B, and D correctly reflect the CSA Privacy Principles regarding protection, purpose identification, and individual access rights.