Certified Information Systems Security Professional (CISSP) — Question 183

One of Canada’s leading pharmaceutical firms recently hired a Chief Data Officer (CDO) to oversee its data privacy program. The CDO has discovered the firm’s marketing department has been collecting information from individuals without their knowledge and consent via the company website. Which of the following privacy regulations should concern the CDO regarding this practice?

Answer options

• A. The Health Insurance Portability and Accountability Act (HIPAA)
• B. The Privacy Act of 1974
• C. The Fair Information Practice Principles (FIPPs)
• D. The Personal Information Protection and Electronic Documents Act (PIPEDA)

Correct answer: D

Explanation

The correct answer is D, as PIPEDA applies to the collection of personal information in commercial activities in Canada and requires consent from individuals. The other options, while relevant to privacy, do not specifically address the consent requirements for personal information collection by businesses in Canada.