New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

DSCI DCPP-01 Exam - Topic 1 Question 25 Discussion

Actual exam question for DSCI's DCPP-01 exam
Question #: 25
Topic #: 1
[All DCPP-01 Questions]

Under which of the following conditions can a company in India may transfer sensitive personal information (SPI) to any other company or a person in India, or located in any other country?

Show Suggested Answer Hide Answer
Suggested Answer: D

There are two sections under the IT (Amendment) Act, 2008 that outline liabilities. These are quoted below: Sec 43A - ''Where a body corporate possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.'' Compensation for failure to implement reasonable security practices can be upto Rs. 5 Crores (the Adjudicating Officer has the power to award this). A data subject can further approach a civil court if compensation desired is more than Rs. 5 Crore. Sec 72A - ''Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.''


by Delmy at Feb 03, 2023, 04:29 AM

Limited Time Offer

25%

Off

Get Premium DCPP-01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Sage
4 months ago
C is outdated, DeitY's role has changed over time.
upvoted 0 times
...
Bettye
4 months ago
Wait, can they really transfer data without consent? Sounds risky!
upvoted 0 times
...
Hobert
4 months ago
B seems too strict, approval from the Chief Information Commissioner?
upvoted 0 times
...
Adelle
4 months ago
I think D makes more sense, consent is key!
upvoted 0 times
...
Ellen
4 months ago
A is correct, companies need to ensure data protection.
upvoted 0 times
...
Valentin
5 months ago
I practiced a question similar to this, and I believe option A is the most likely answer since it emphasizes data protection standards.
upvoted 0 times
...
Mirta
5 months ago
I vaguely recall that the Chief Information Commissioner’s approval might be necessary, so option B could be relevant too.
upvoted 0 times
...
Dorinda
5 months ago
I'm not entirely sure, but I feel like option D could also be correct since consent is often a key factor in data transfers.
upvoted 0 times
...
Whitley
5 months ago
I think option A sounds familiar, something about ensuring the same level of data protection. I remember discussing that in class.
upvoted 0 times
...
Chanel
5 months ago
I'm a little confused on this one. I know safety stock is important for meeting demand, but I'm not sure which of these factors is the most important. I'll have to review my notes and try to reason through the logic.
upvoted 0 times
...
Dion
5 months ago
Okay, let me think this through. The question is asking about the true characteristics of accrual accounting, so I need to focus on the core concepts rather than specific examples.
upvoted 0 times
...
Bobbye
5 months ago
For AY 2010-11, I recall the standard deduction for housing loan interest was around Rs. 1,50,000. Option B looks promising.
upvoted 0 times
...
Gerald
5 months ago
Hmm, this seems straightforward. I'll just need to recall the operating temperature range for the Huawei E9000 server.
upvoted 0 times
...
Mendy
9 months ago
Wait, so we can't just send sensitive data to whoever we want? What is this, the Dark Ages? Option D seems like the only sane choice.
upvoted 0 times
...
Ellen
10 months ago
Haha, I bet the exam writers are just trying to trick us. They're probably looking for the most restrictive option. Option D it is!
upvoted 0 times
Tina
8 months ago
Yeah, they probably want us to choose the option that is necessary for lawful contract or with consent.
upvoted 0 times
...
Arlene
8 months ago
I agree, it seems like the most restrictive option.
upvoted 0 times
...
Na
9 months ago
I think option D is the correct one.
upvoted 0 times
...
...
Tijuana
10 months ago
Hold up, why do we need government approval to transfer data? That's just bureaucratic red tape. Option D is the clear winner here.
upvoted 0 times
Devora
8 months ago
Adolph: True, but getting government approval for every transfer seems like a hassle.
upvoted 0 times
...
Adolph
8 months ago
User 2: But what about ensuring data protection? Option A also makes sense.
upvoted 0 times
...
Carlee
9 months ago
User 1: I agree, option D seems like the most practical choice.
upvoted 0 times
...
...
Veta
10 months ago
Hmm, I think Option A is the way to go. As long as the receiving party ensures the same level of data protection, what's the harm in transferring the information?
upvoted 0 times
...
Genevieve
10 months ago
Option D seems to be the correct answer here. Transferring sensitive personal information should only be allowed if it's necessary for a lawful contract or the data subject has consented to it.
upvoted 0 times
Val
9 months ago
Option D seems to be the correct answer here. Transferring sensitive personal information should only be allowed if it's necessary for a lawful contract or the data subject has consented to it.
upvoted 0 times
...
Dudley
9 months ago
D) The transfer may be allowed only if it is necessary for the performance of the lawful contract or where the data subject has consented to data transfer
upvoted 0 times
...
Adria
9 months ago
C) The transfer of information is allowed only after taking approval of DeitY (Department of Electronics & Information Technology) in India
upvoted 0 times
...
Derick
9 months ago
B) The transfer of information is allowed only after taking approval of Chief Information Commissioner of India
upvoted 0 times
...
Lucy
9 months ago
A) Transfer of information is allowed to those who ensure the same level of data protection that is adhered to by the company as provided for under the Indian laws
upvoted 0 times
...
...
Rory
10 months ago
I believe the transfer should only be allowed if the recipient ensures the same level of data protection as required by Indian laws.
upvoted 0 times
...
Ruthann
10 months ago
I agree with Marylou. It should also be allowed if the data subject has consented to the transfer.
upvoted 0 times
...
Marylou
11 months ago
I think the company can transfer SPI if it's necessary for a lawful contract.
upvoted 0 times
...

Save Cancel