100+ Free CIPP/C Practice Questions

Pass your IAPP Certified Information Privacy Professional / Canada (CIPP/C) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

Not published Pass Rate

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

Which Canadian constitutional document is most often cited as the foundational source of privacy protections against unreasonable government intrusion?

The Constitution Act, 1867

The Canadian Charter of Rights and Freedoms

The Supreme Court Act

The Statute of Westminster

to track

2026 Statistics

Key Facts: CIPP/C Exam

Exam Questions

IAPP

300/500

Passing Score

IAPP scaled score

2.5 hours

Exam Duration

IAPP

$550

Exam Fee

IAPP store

BoK Domains

CIPP/C 2025-2026 BoK

PIPEDA Principles

Schedule 1 PIPEDA

The CIPP/C exam has 90 multiple-choice questions in 2.5 hours with a scheduled 15-minute break and a 300/500 scaled passing score. The 2025-2026 Body of Knowledge keeps four domains: Introduction to Privacy in Canada, Private Sector laws (PIPEDA, Quebec Law 25, Alberta and BC PIPA, CASL), Public Sector laws (Privacy Act and provincial equivalents), and Health Sector (PHIPA). The September 2025 BoK refresh adds responsible AI governance principles, consent exceptions, identity verification for access requests, and CASL penalties.

Sample CIPP/C Practice Questions

Try these sample questions to test your CIPP/C exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which Canadian constitutional document is most often cited as the foundational source of privacy protections against unreasonable government intrusion?

A.The Constitution Act, 1867

B.The Canadian Charter of Rights and Freedoms

C.The Supreme Court Act

D.The Statute of Westminster

Explanation: Section 8 of the Canadian Charter of Rights and Freedoms guarantees the right to be secure against unreasonable search or seizure and is the constitutional anchor for privacy in Canadian public law. Statutes such as the Privacy Act and PIPEDA build on this foundation.

2Which federal statute applies to the collection, use and disclosure of personal information by federal government institutions?

A.PIPEDA

B.The Privacy Act

C.The Access to Information Act

D.CASL

Explanation: The federal Privacy Act governs how federal government institutions handle personal information about individuals. PIPEDA covers the federal private sector, while the Access to Information Act addresses access to government records.

3Who is the federal regulator responsible for overseeing PIPEDA and the Privacy Act?

A.The Canadian Radio-television and Telecommunications Commission

B.The Office of the Privacy Commissioner of Canada (OPC)

C.The Competition Bureau

D.The Department of Justice Canada

Explanation: The Office of the Privacy Commissioner of Canada (OPC) is an Officer of Parliament that oversees both the Privacy Act (federal public sector) and PIPEDA (federal private sector).

4Which provincial statute regulates personal information handling by private-sector organizations operating wholly within Quebec?

A.PIPEDA

B.The Act respecting the protection of personal information in the private sector (as amended by Law 25)

C.The Privacy Act

D.Alberta PIPA

Explanation: Quebec's Private Sector Act, significantly modernized by Law 25 (formerly Bill 64), governs private-sector handling of personal information in the province. It has been declared substantially similar to PIPEDA.

5How many fair information principles are contained in Schedule 1 of PIPEDA?

A.8

B.10

C.12

D.7

Explanation: Schedule 1 of PIPEDA enumerates 10 fair information principles drawn from the CSA Model Code: accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance.

6Under PIPEDA, what is the threshold for reporting a breach of security safeguards to the OPC and notifying affected individuals?

A.Any unauthorized access to personal information

B.A reasonable belief that the breach creates a real risk of significant harm to an individual

C.Loss of more than 500 individual records

D.A breach involving sensitive financial data only

Explanation: PIPEDA's Breach of Security Safeguards regime requires notification when a breach creates a real risk of significant harm (RROSH) to an individual. Significant harm includes bodily harm, humiliation, damage to reputation, financial loss and identity theft.

7How long must an organization subject to PIPEDA retain breach records, even when no notification is required?

A.12 months from the date of the breach

B.24 months from the day the organization determined a breach occurred

C.5 years from the date of the breach

D.Records only need to be kept for breaches that meet RROSH

Explanation: PIPEDA's Breach of Security Safeguards Regulations require organizations to keep a record of every breach of security safeguards for at least 24 months from the day the organization determined a breach occurred, regardless of whether RROSH was met.

8Which provincial private-sector privacy laws have been declared substantially similar to PIPEDA by the federal government?

A.Quebec Private Sector Act, Alberta PIPA, and BC PIPA

B.Quebec PIPEDA, Ontario PIPEDA, and BC PIPA

C.Alberta PIPA, Ontario FIPPA, and Quebec Law 25

D.Manitoba PHIA, BC PIPA, and Alberta PIPA

Explanation: The Quebec Private Sector Act, Alberta's Personal Information Protection Act, and British Columbia's Personal Information Protection Act have all been declared substantially similar to PIPEDA. PIPEDA generally does not apply to intra-provincial commercial activity in those provinces.

9Which Canadian province's general health privacy law applies to 'health information custodians' such as hospitals and physicians?

A.Quebec

B.Ontario

C.British Columbia

D.Alberta

Explanation: Ontario's Personal Health Information Protection Act (PHIPA) applies to 'health information custodians' (HICs) such as hospitals, physicians, pharmacies and long-term care homes. PHIPA has been declared substantially similar to PIPEDA for personal health information.

10What is the primary purpose of Canada's Anti-Spam Legislation (CASL)?

A.To regulate cross-border personal information transfers

B.To regulate commercial electronic messages, software installation and the alteration of transmission data

C.To set rules for federal public-sector data handling

D.To require Privacy Impact Assessments before new programs

Explanation: CASL governs the sending of commercial electronic messages (CEMs), the installation of computer programs without consent, and the alteration of transmission data. It also amends PIPEDA to address electronic address harvesting.

About the CIPP/C Exam

The Certified Information Privacy Professional / Canada (CIPP/C) validates knowledge of Canadian privacy laws, principles and practices at the federal, provincial and territorial levels. CIPP/C covers PIPEDA, the federal Privacy Act, Quebec Law 25, Alberta and BC PIPA, Ontario PHIPA, CASL and the role of the Office of the Privacy Commissioner of Canada (OPC).

Questions

90 scored questions

Time Limit

2.5 hours

Passing Score

300/500 scaled score

Exam Fee

$550 (IAPP / Pearson VUE)

CIPP/C Exam Content Outline

Domain I

Introduction to Privacy in Canada

Charter of Rights privacy basis, federal and provincial legal framework, OPC and provincial commissioner roles, AI governance (OECD, NIST AI RMF, Voluntary Code), court and commissioner rulings, cross-border data transfers

Domain II

Canadian Privacy Laws and Practices - Private Sector

PIPEDA's 10 fair information principles, accountability, consent and consent exceptions, breach reporting (real risk of significant harm), Quebec Law 25, Alberta PIPA, BC PIPA, CASL identification, consent and unsubscribe rules, CASL penalties

Domain III

Canadian Privacy Laws and Practices - Public Sector

Federal Privacy Act, provincial public-sector statutes (FIPPA Ontario, FOIP Alberta, FIPPA BC), access to personal information, Privacy Impact Assessments, what to include in a PIA report

Domain IV

Canadian Privacy Laws and Practices - Health Sector

Ontario PHIPA, health information custodians and agents, lockbox requests, implied consent in the circle of care, transparency and openness practices, health-sector breach notification

How to Pass the CIPP/C Exam

What You Need to Know

Passing score: 300/500 scaled score
Exam length: 90 questions
Time limit: 2.5 hours
Exam fee: $550

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

CIPP/C Study Tips from Top Performers

1Memorize PIPEDA's 10 fair information principles in order: accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, challenging compliance

2Learn the PIPEDA breach trigger phrase 'real risk of significant harm' (RROSH) and the 24-month record-keeping rule for all breaches

3Master Quebec Law 25 deadlines: privacy officer named (Sept 2022), breach notification and biometrics rules (Sept 2022), most rights and PIA requirements (Sept 2023), data portability (Sept 2024)

4Know the CASL CEM rules: identification of sender, working unsubscribe within 10 business days, plus express vs implied consent (existing business relationship)

5Distinguish 'substantially similar' provincial laws (Alberta PIPA, BC PIPA, Quebec Private Sector Act) from PIPEDA — PIPEDA still applies to interprovincial and international flows

6Understand PHIPA's 'circle of care' implied consent for health information custodians and the 'lockbox' patient instruction

7Study the OPC's investigation powers — recommendations only under PIPEDA, with binding orders going to Federal Court (Bill C-27/CPPA would change this)

8Memorize CASL maximum penalties — up to CAD $1 million for individuals and CAD $10 million for organizations per violation

Frequently Asked Questions

What is the CIPP/C exam format?

The CIPP/C exam has 90 multiple-choice questions to be completed in 2.5 hours, with a scheduled 15-minute break. Passing requires a scaled score of 300 out of 500. The exam is delivered at Pearson VUE test centers or remotely via OnVUE.

How much does the CIPP/C certification cost?

The CIPP/C exam costs $550 USD. After passing, you must either maintain an IAPP membership or pay a $250 Certification Maintenance Fee every two years. Optional official training runs about $1,195 and a digital practice exam is $55 ($45 for IAPP members).

What is on the CIPP/C Body of Knowledge?

The CIPP/C BoK has four domains: Introduction to Privacy in Canada, Private Sector laws (PIPEDA, Quebec Law 25, Alberta/BC PIPA, CASL), Public Sector laws (federal Privacy Act and provincial equivalents), and Health Sector laws (PHIPA). The September 2025 update added AI governance, consent exceptions, identity verification for access requests, and CASL penalties.

What is the breach notification threshold under PIPEDA?

Under PIPEDA's Breach of Security Safeguards regime, organizations must notify affected individuals and the OPC of any breach involving personal information that creates a 'real risk of significant harm' (RROSH). They must also keep a record of every breach for 24 months, even ones that do not meet the notification threshold.

How does Quebec Law 25 differ from PIPEDA?

Quebec Law 25 is more prescriptive than PIPEDA. It requires a designated privacy officer, mandatory Privacy Impact Assessments for higher-risk projects, transfer-impact assessments for cross-border transfers, individual rights including data portability, and administrative monetary penalties up to CAD $10 million or 2% of worldwide turnover, with penal fines up to CAD $25 million or 4%.