Question 65 (practice exam 6)

  1. Question: What is considered Sensitive Personal Information (SPI) under GDPR? Answer: SPI under GDPR includes information about an individual's race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and also genetic data, biometric data for unique identification, health information, or data concerning a person’s sex life or sexual orientation.

  2. Question: How does Sensitive Personal Information (SPI) differ from Personally Identifiable Information (PII)? Answer: SPI is a subset of PII that includes details about an individual's beliefs, characteristics, or orientations that are given extra protection under privacy laws. PII can include any information that can be used to directly or indirectly identify a person, such as name, address, or ID numbers.

  3. Question: What type of information does the term Protected Health Information (PHI) refer to? Answer: PHI refers to any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a health care service, such as a diagnosis or treatment.

  4. Question: Describe the function of Data Loss Prevention (DLP) software. Answer: DLP software is designed to detect and prevent the unauthorized storage or transmission of sensitive data, ensuring that such information remains within the secure boundaries of a corporate network.

  5. Question: Why is information about an individual's race or ethnic origin classified differently from other personal information? Answer: Information about an individual's race or ethnic origin is classified as SPI because it is considered more sensitive and can be more impactful if misused or disclosed, and thus it is subject to stricter protection measures.

  6. Question: How does DLP contribute to the protection of SPI and PII? Answer: DLP solutions monitor and control data movement across an organization’s network, prevent unauthorized access and sharing, and ensure that sensitive information like SPI and PII is not leaked or lost, aligning with compliance requirements.