• Home
• IAPP Exams
• CIPP-C - Certified Information Privacy Professional/Canada (CIPP/C)

CIPP-C IAPP Practice Test Questions and Exam Dumps

Question 1

In Ontario, a patient attends an appointment with a physician and reveals information about some new symptoms that she has been experiencing. Based on this information, the physician diagnoses the patient with a condition and prepares the report detailing the applicable history and diagnosis. The report is added to the patient’s record. The patient later regrets revealing certain facts and doesn’t want anyone else to know about these symptoms or the diagnosis. She acknowledges that the information she provided was correct and does not question the diagnosis. 

Which of the following requests would the patient be most successful at pursuing?

A. That a correction be made to change the diagnosis based on the patient’s wishes.
B. That the information be restricted from disclosure to other health care providers.
C. That a copy of the record be kept by the patient for disclosure to physicians.
D. That details of the diagnosis be deleted from the patient’s health record.

Answer: B

Explanation:

In Ontario, patients have certain rights with respect to their health records under the Personal Health Information Protection Act (PHIPA), which governs the handling of personal health information. The key aspect of this scenario is that the patient acknowledges the accuracy of the diagnosis but wants to restrict the disclosure of the details to others. Let's examine each option in light of the rights the patient might have:

• A. That a correction be made to change the diagnosis based on the patient’s wishes.
  This option is unlikely to be successful because the diagnosis is accurate based on the physician's professional judgment. PHIPA provides patients with the right to request corrections to their health records, but these requests must be based on factual inaccuracies or mistakes in the record. Since the patient does not dispute the accuracy of the diagnosis and only wants to restrict its disclosure, this option is not applicable.

• B. That the information be restricted from disclosure to other health care providers.
  This is the most likely option for success. Under PHIPA, a patient has the right to request that their health information be restricted from disclosure to others, including other healthcare providers, unless it is required for providing care or is otherwise legally required to be shared. The patient can ask that certain information, such as the diagnosis, not be disclosed to other healthcare providers, especially if they feel it is unnecessary for ongoing care. However, this request would not affect the accuracy or content of the medical record, only its disclosure.

• C. That a copy of the record be kept by the patient for disclosure to physicians.
  This option is not relevant in the context of restricting disclosure. Patients have the right to request copies of their health records, but this does not directly address the patient's concern about preventing disclosure to healthcare providers. Keeping a copy of the record for their own use is not the same as restricting who can access or see the information.

• D. That details of the diagnosis be deleted from the patient’s health record.
  This request is unlikely to be successful under PHIPA. Health records are meant to reflect accurate, complete information about a patient’s care, and there are strict rules around the deletion or alteration of records. Deleting a diagnosis without a valid reason (such as it being incorrect) would not be permissible. The patient’s request to delete the diagnosis does not align with the requirements for record maintenance under the law.

The most accurate and achievable request in this situation is to ask for the restriction of the diagnosis and related information from being disclosed to other healthcare providers, as long as such disclosure is not necessary for the ongoing care or required by law. This aligns with the patient's rights under PHIPA to control the disclosure of their personal health information.

Therefore, the correct answer is: B.

Question 2

The Government of Canada’s Directive on Privacy Impact Assessments applies to all of the following EXCEPT?

A. The Ministry of Health
B. The Bank of Canada.
C. Crown Corporations.
D. The Cabinet.

Answer: D

Explanation:

The Government of Canada’s Directive on Privacy Impact Assessments (PIAs) is designed to ensure that government departments and agencies assess and mitigate privacy risks when developing or implementing new programs, activities, or technologies that involve the collection, use, or disclosure of personal information. Let’s break down each option to understand which one is exempt from this requirement:

• A. The Ministry of Health
  The Ministry of Health is a part of the government and thus subject to the Directive on Privacy Impact Assessments. Any program or initiative involving personal health data or other sensitive information within the Ministry of Health would require a privacy impact assessment to ensure compliance with privacy laws, such as the Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA).

• B. The Bank of Canada
  The Bank of Canada is a Crown Corporation, which is a government-owned entity. Crown Corporations are subject to various government directives, including the Privacy Impact Assessment directive, to ensure privacy protections are in place for any programs or technologies involving personal information.

• C. Crown Corporations
  Crown Corporations, as government entities, are required to comply with government policies and directives, including the Privacy Impact Assessment directive. These corporations are subject to the Privacy Act, which mandates that PIAs be conducted to protect personal information and mitigate any risks to privacy.

• D. The Cabinet
  The Cabinet is the executive branch of the Government of Canada, and it is not subject to the Privacy Impact Assessment directive. The Cabinet is more of a decision-making body and not an entity that develops or implements programs or services that collect, use, or disclose personal information in the same way as other government departments or Crown Corporations do. Therefore, the Cabinet is exempt from the requirements of the Privacy Impact Assessment directive.

The Cabinet is the only entity listed that is not required to adhere to the Privacy Impact Assessment directive, as it does not engage in the same activities related to personal information processing as other entities such as ministries or Crown Corporations.

Therefore, the correct answer is: D.

Question 3

Which falls under the jurisdiction of the Personal Information Protection and Electronic Documents Act (PIPEDA)?

A. Personal information collected by private businesses for journalistic or artistic purposes.
B. Personal health information (PHI) handled by private enterprises in provinces that have adopted substantially similar legislation.
C. Personal information disclosed across provincial or national borders by organizations such as credit reporting agencies or list marketers.
D. Personal information such as names, titles and contact information used by businesses to communicate with employees regarding their profession.

Answer: C

Explanation:

The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada's federal privacy law that governs how private-sector organizations handle personal information in the course of commercial activities. PIPEDA applies to personal information that is collected, used, or disclosed by organizations in the course of commercial activities, and it governs the protection of personal data in various contexts. Let’s break down each option to determine which one falls under the jurisdiction of PIPEDA:

• A. Personal information collected by private businesses for journalistic or artistic purposes.
  This option is excluded from PIPEDA. Under PIPEDA, personal information collected for journalistic, artistic, or literary purposes is not covered by the Act. This exemption is provided to ensure that freedom of expression and the public interest in journalism and the arts are not unduly restricted by privacy laws. As such, personal information collected for journalistic or artistic purposes does not fall under PIPEDA's jurisdiction.

• B. Personal health information (PHI) handled by private enterprises in provinces that have adopted substantially similar legislation.
  This option is also excluded from PIPEDA in certain cases. PIPEDA does not apply to personal health information handled by private organizations in provinces or territories that have their own substantially similar legislation to PIPEDA. For example, some provinces, such as Alberta, British Columbia, and Quebec, have enacted provincial health privacy laws that govern personal health information within their jurisdiction. In these cases, provincial health privacy legislation supersedes PIPEDA.

• C. Personal information disclosed across provincial or national borders by organizations such as credit reporting agencies or list marketers.
  This option falls under PIPEDA. PIPEDA applies to personal information that is disclosed across provincial or national borders, particularly in the context of commercial activities such as credit reporting or list marketing. For example, credit reporting agencies or companies that sell or share customer data with other companies across borders are required to comply with PIPEDA when handling personal data, regardless of whether it crosses provincial or national borders.

• D. Personal information such as names, titles and contact information used by businesses to communicate with employees regarding their profession.
  This option is exempt from PIPEDA. PIPEDA does not apply to personal information that is used exclusively for personal or domestic purposes. Specifically, information about employees that is used in a professional or employment context is not subject to PIPEDA, as long as it is not related to commercial activities. Information such as names, titles, and contact information used within the context of employment (to communicate with employees regarding their professional role) is outside the scope of PIPEDA.

The most accurate answer is C, because personal information disclosed across provincial or national borders by organizations such as credit reporting agencies or list marketers falls under the jurisdiction of PIPEDA. This law applies when personal data is transferred across borders for commercial purposes, as part of protecting individuals' privacy in commercial transactions.

Question 4

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), when engaging in a third-party transfer of personal information for processing, an organization is expected to have the technology to protect the information during transit and to?

A. Establish a contract outlining the individual outsourcing arrangement.
B. Obtain additional consent for the use of the information by the third party.
C. Confirm the jurisdictional protections of the receiving organization are the same as PIPEDA.
D. Review the cross-border data flow completed and approved by the Treasury Board of Canada Secretariat.

Answer: C

Explanation:

PIPEDA governs how organizations collect, use, and disclose personal information in the course of commercial activities. When organizations engage in third-party transfers of personal information, especially for processing, they are required to ensure that the personal data remains protected according to PIPEDA's standards. This includes safeguarding the data during transit and addressing issues of jurisdiction and protection laws. Let’s break down each option:

• A. Establish a contract outlining the individual outsourcing arrangement.
  While it is good practice for organizations to establish contracts when outsourcing the processing of personal information, PIPEDA does not explicitly mandate a contract outlining the outsourcing arrangement. However, a contract would be important for ensuring that the third party processes the data in compliance with PIPEDA’s requirements, including privacy safeguards. But this is not the specific requirement under PIPEDA with respect to data protection during transit.

• B. Obtain additional consent for the use of the information by the third party.
  This is not required under PIPEDA if the organization already obtained consent for the initial collection and use of the information. PIPEDA generally allows for third-party transfers for processing without requiring additional consent, as long as the original consent covers the intended use, and the third party is acting as a service provider to the organization. However, organizations must ensure that the third party follows the required privacy and security standards.

• C. Confirm the jurisdictional protections of the receiving organization are the same as PIPEDA.
  This is the correct answer. Under PIPEDA, when transferring personal information to third parties for processing, especially across borders, organizations must ensure that the receiving party's jurisdictional privacy protections align with PIPEDA. This is especially important when transferring personal information internationally, as the legal and regulatory frameworks in other countries may not offer the same level of protection as PIPEDA. This requirement ensures that the personal information remains protected even if it is processed in another jurisdiction.

• D. Review the cross-border data flow completed and approved by the Treasury Board of Canada Secretariat.
  While cross-border data flows may need to be reviewed for compliance with privacy laws, PIPEDA does not explicitly require the Treasury Board of Canada Secretariat to approve such transfers. The focus is on ensuring that organizations implement appropriate safeguards and confirm that the data is protected in accordance with PIPEDA when transferred across borders, but the approval process mentioned in this option is not a direct requirement under PIPEDA.

The correct requirement under PIPEDA is to confirm that the jurisdictional protections of the receiving organization are aligned with the protections required by PIPEDA. This ensures that personal information continues to be adequately protected even when processed outside of the original jurisdiction.

Therefore, the correct answer is: C.

Question 5

According to the Privacy Act, which of the following disclosures of personal information by a government institution would require the data subject’s consent?

A. When disclosing to a law enforcement body.
B. When disclosing to comply with a search warrant.
C. When disclosing to a registered charitable organization.
D. When disclosing to a member of parliament to assist in resolving a problem.

Answer: C

Explanation:

The Privacy Act in Canada regulates how federal government institutions handle personal information. It specifies the conditions under which personal information may be collected, used, and disclosed. The general rule is that personal information cannot be disclosed without the individual's consent, unless specific exceptions apply, such as legal obligations or the necessity to protect public interest. Let’s review each option based on this principle:

• A. When disclosing to a law enforcement body.
  Under the Privacy Act, personal information may be disclosed to law enforcement agencies without consent if it is necessary to enforce any law of Canada or a province, or if it is related to a legal investigation. This disclosure is allowed as an exception to consent. The information can be shared if it is required for law enforcement purposes, such as an investigation or prosecution.

• B. When disclosing to comply with a search warrant.
  This situation involves the disclosure of personal information when required by law to comply with a search warrant. The Privacy Act allows this kind of disclosure without the individual's consent because it is a legal requirement, which overrides the consent requirement. When a search warrant is issued, government institutions must comply, even if it involves disclosing personal information.

• C. When disclosing to a registered charitable organization.
  This is the correct answer. Under the Privacy Act, disclosures to a registered charitable organization require the data subject’s consent unless there is an explicit exception allowing the disclosure. Charitable organizations do not automatically have the right to receive personal information from government institutions. Therefore, the individual’s consent must be obtained prior to sharing their personal data with a charity.

• D. When disclosing to a member of parliament to assist in resolving a problem.
  This is an exception allowed under the Privacy Act. The Privacy Act permits the disclosure of personal information to a Member of Parliament when the disclosure is necessary for them to assist an individual in resolving an issue with a government department or agency. This type of disclosure is made in the context of helping a constituent and does not require the individual's consent, as it falls under a specified exception in the Privacy Act.

The only disclosure in this list that requires consent is when disclosing personal information to a registered charitable organization. This is because, in general, the Privacy Act does not allow such disclosures without the explicit consent of the individual, unless another legal exception applies.

Therefore, the correct answer is: C.

Question 6

Under PIPEDA, each of the following are considered to be personal information EXCEPT?

A. A public official’s salary published on a government website.
B. A person’s telephone number published in a public directory.
C. A photograph taken in public and published in a newspaper.
D. Information about a defendant contained in court records.

Answer: A

Explanation:

The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada's federal privacy law that governs how private sector organizations collect, use, and disclose personal information in the course of commercial activities. Under PIPEDA, personal information is defined as any information about an identifiable individual, excluding business contact information. However, certain types of information, even though they relate to individuals, may not be considered personal information under PIPEDA because they are already publicly available or relate to official duties.

Let’s break down each option:

• A. A public official’s salary published on a government website.
  This is not considered personal information under PIPEDA. Public officials' salaries are publicly available information, typically disclosed for transparency purposes. Since this information pertains to a person acting in an official capacity, and it is available to the public through government disclosure, it is not covered by PIPEDA. PIPEDA is designed to protect personal information that is not generally available to the public.

• B. A person’s telephone number published in a public directory.
  A person’s telephone number published in a public directory may be considered personal information under PIPEDA, but with certain exceptions. If the number is publicly available and the individual has consented to its publication in a public directory (such as in a phonebook or on a website), PIPEDA does not regulate how this information is used, as it is considered business contact information in many cases. However, if it’s personal information not intended to be publicly disclosed, it would fall under PIPEDA protections.

• C. A photograph taken in public and published in a newspaper.
  A photograph taken in public and published in a newspaper is considered personal information under PIPEDA if it can identify a person, even if the person is in a public setting. This is because it relates to the individual's identity and can be used to identify them. However, there are specific exceptions for journalistic purposes, as PIPEDA does not apply to personal information collected for journalistic, artistic, or literary purposes.

• D. Information about a defendant contained in court records.
  Information in court records, such as details about a defendant, is generally not considered personal information under PIPEDA in the context of public interest. Court records are often public documents, and information disclosed in those records is not covered by PIPEDA because it pertains to legal proceedings and is disclosed publicly for transparency and accountability.

The correct answer is A, because a public official’s salary published on a government website is publicly available information and is not considered personal information under PIPEDA.

Therefore, the correct answer is: A.

Question 7

How would an individual determine whether their personal information was used by the federal government for data matching?

A. By submitting written requests to the third party conducting data matching for the government
B. By noting the description of the Personal Information Banks available through Info Source
C. By proposing a Privacy Impact Assessment (PIA) within the specific government body
D. By reviewing the Privacy Commissioner’s annual report

Answer: B

Explanation:

Under Canadian law, particularly the Privacy Act, the federal government is required to be transparent about the ways in which personal information is collected, used, and disclosed. One of the key tools for ensuring transparency is the use of Personal Information Banks (PIBs), which are detailed records that describe how and why personal information is collected, stored, and used by federal government departments and agencies.

Here is a breakdown of the options:

• A. By submitting written requests to the third party conducting data matching for the government.
  This is not the correct approach. Under the Privacy Act, individuals do not typically have the right to directly contact third parties conducting data matching on behalf of the government to inquire about their personal information. Instead, requests related to personal data matching would generally be handled through the relevant government body or department.

• B. By noting the description of the Personal Information Banks available through Info Source.
  This is the correct approach. The Info Source database contains detailed descriptions of Personal Information Banks (PIBs) maintained by federal government departments and agencies. It is a key resource for individuals wishing to understand how their personal information may be used, including for purposes such as data matching. The PIBs provide information about how personal data is collected, the purpose for its use, and the entities with which it may be shared. By reviewing these descriptions, an individual can determine if their personal information is being used for data matching activities by a government department.

• C. By proposing a Privacy Impact Assessment (PIA) within the specific government body.
  This is incorrect. A Privacy Impact Assessment (PIA) is a tool used by government departments or agencies to assess the privacy risks of specific programs or activities involving personal information. While a PIA is crucial for ensuring privacy compliance, it is not something an individual can propose. PIAs are typically conducted by the relevant government body before implementing a new program or system that involves personal information.

• D. By reviewing the Privacy Commissioner’s annual report.
  This is not the most direct way to determine if personal information has been used for data matching. The Privacy Commissioner’s annual report provides an overview of the activities and findings related to privacy protection in Canada, but it does not offer specific, detailed information about how personal information is used or matched by the government for each individual. The report focuses on broader privacy issues and trends.

To determine if their personal information was used for data matching by the federal government, an individual would most effectively consult the Personal Information Banks (PIBs) described in Info Source, which provides detailed information about how personal data is handled by federal government bodies.

Therefore, the correct answer is: B.

Question 8

Which health information custodians may NOT rely on an implied consent model under Ontario's Personal Health Information Protection Act (PHIPA)?

A. Private insurance companies.
B. Long-term care homes.
C. Ambulance services.
D. Pharmacies

Answer: A

Explanation:

Ontario's Personal Health Information Protection Act (PHIPA) governs the collection, use, and disclosure of personal health information (PHI) by health information custodians in Ontario. Under PHIPA, health information custodians are permitted to use implied consent in certain situations, but the rules vary depending on the type of custodian and the circumstances.

• A. Private insurance companies.
  Private insurance companies cannot rely on an implied consent model under PHIPA. In Ontario, PHIPA requires that explicit consent be obtained from an individual before a private insurance company can collect, use, or disclose their personal health information. Since private insurance companies are not directly involved in providing healthcare, they do not have the same implied consent privileges as healthcare providers who are in direct contact with patients. Implied consent generally applies in situations where the individual would reasonably expect that their information would be shared within a healthcare setting (for example, between a doctor and a pharmacy), but private insurers must obtain explicit consent from individuals to access and process health data.

• B. Long-term care homes.
  Long-term care homes are considered healthcare providers under PHIPA and may rely on implied consent to collect, use, and disclose health information as long as the individual is receiving care or services. Implied consent is commonly applied in these settings, where patients implicitly agree to the use of their health information as part of their treatment, care, and service provision. However, explicit consent must be obtained when necessary, such as when disclosing information to third parties not directly involved in care.

• C. Ambulance services.
  Ambulance services are also healthcare providers under PHIPA and can rely on implied consent when providing emergency medical care. When an individual calls for emergency medical services, their health information is typically used and disclosed under the assumption that they consent to treatment and the sharing of relevant information with the necessary healthcare providers involved in their care. Implied consent is generally appropriate in emergency situations where it is reasonable to assume that the individual would consent to the use of their health information.

• D. Pharmacies.
  Pharmacies are typically healthcare custodians under PHIPA and can also rely on implied consent for certain activities. For example, when a patient fills a prescription, the pharmacy can use the patient’s health information to process the prescription and provide the required medication. The use of personal health information in this case is assumed to be implied as part of the healthcare service being provided. However, if a pharmacy intends to use personal health information for other purposes, such as marketing or research, explicit consent would be required.

The correct answer is A, private insurance companies are not permitted to rely on the implied consent model under PHIPA. They must obtain explicit consent from individuals before using their personal health information for purposes such as determining benefits or processing claims.

Therefore, the correct answer is: A.

Question 9

In what situation is the federal Privacy Commissioner authorized to proceed to federal court?

A. For a determination on a ruling regarding privacy matters relating to the Charter of Rights and Freedom.
B. For a determination of whether or not personal information was properly withheld from release.
C. For a determination on a ruling by an administrative tribunal regarding privacy.
D. For a determination on a ruling by a provincial Privacy Commissioner.

Answer: B

Explanation:

The Privacy Commissioner of Canada plays a key role in overseeing and enforcing the Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA), which govern the handling of personal information by federal government institutions and private sector organizations, respectively.

Here is an explanation of each option:

• A. For a determination on a ruling regarding privacy matters relating to the Charter of Rights and Freedom.
  This is not the correct answer. The Charter of Rights and Freedoms protects individual rights in the context of various legal matters, including privacy rights, but it is outside the scope of the Privacy Commissioner’s direct authority to make determinations regarding Charter issues. Privacy concerns related to the Charter typically involve court challenges and legal interpretations, not matters that would directly involve the Privacy Commissioner.

• B. For a determination of whether or not personal information was properly withheld from release.
  This is the correct answer. Under both the Privacy Act and PIPEDA, the Privacy Commissioner of Canada has the authority to investigate complaints related to the handling of personal information, including whether an organization improperly withheld information from being released. If the Commissioner’s recommendations for resolving the issue are not followed, the Privacy Commissioner can proceed to federal court to seek enforcement. This process involves determining whether or not personal information has been improperly withheld, such as in cases where an individual has requested access to their personal information held by a federal government institution or private organization.

• C. For a determination on a ruling by an administrative tribunal regarding privacy.
  This is incorrect. The Privacy Commissioner does not have the authority to take matters to court simply for rulings made by administrative tribunals. Instead, the Commissioner can engage with administrative processes and make recommendations, but actual court proceedings related to administrative rulings would be a separate legal process.

• D. For a determination on a ruling by a provincial Privacy Commissioner.
  This is incorrect. The federal Privacy Commissioner does not have the authority to challenge or appeal decisions made by provincial Privacy Commissioners. Each provincial or territorial Privacy Commissioner has jurisdiction over matters within their own jurisdiction (i.e., privacy laws specific to that province or territory), and the federal Privacy Commissioner operates independently at the federal level, typically addressing issues concerning federal matters, like those under PIPEDA or the Privacy Act.

The Privacy Commissioner of Canada is authorized to proceed to federal court when there is a dispute regarding whether personal information was properly withheld from release, typically in response to a request for access to personal information under the Privacy Act or PIPEDA. If an organization refuses to comply with a recommendation or decision, the Privacy Commissioner can escalate the matter to federal court for a judicial determination.

Therefore, the correct answer is: B.

Question 10

What is the primary motivation for a federal government entity to complete a Privacy Impact Assessment (PIA)?

A. Introducing new legislation in the House of Commons
B. Receiving program approvals from the Treasury Board of Canada.
C. Obtaining program expertise from the Privacy Commissioner of Canada.
D. Improving collection methods through its information technology systems.

Answer: B

Explanation:

A Privacy Impact Assessment (PIA) is an essential process for federal government entities in Canada to evaluate the potential privacy risks associated with new or modified programs, projects, or systems that collect, use, or disclose personal information. It helps ensure that privacy protections are incorporated into the design and operation of government initiatives, in compliance with privacy laws such as the Privacy Act.

Let’s break down the motivations for completing a PIA:

• A. Introducing new legislation in the House of Commons
  This is not the correct answer. While new legislation could impact how personal information is handled, a PIA is not primarily motivated by the need to introduce new legislation. Instead, it focuses on assessing privacy risks related to the handling of personal data within existing or proposed programs, not legislative processes.

• B. Receiving program approvals from the Treasury Board of Canada
  This is the correct answer. The primary motivation for completing a PIA is to comply with requirements set by the Treasury Board of Canada for program approvals. Under the Treasury Board Secretariat's Policy on Privacy Protection, government departments and agencies must complete a PIA when they initiate or modify a program or system that involves the collection, use, or disclosure of personal information. The PIA ensures that privacy considerations are integrated into the project’s design and operation, making it a critical step in receiving the necessary program approvals from the Treasury Board.

• C. Obtaining program expertise from the Privacy Commissioner of Canada
  This is not the primary motivation. While the Privacy Commissioner of Canada provides guidance and advice on privacy matters, the PIA is not primarily conducted to obtain expertise from the Commissioner. The PIA is a tool used internally by federal entities to assess privacy risks before involving the Commissioner, although the Commissioner can review and provide feedback on the PIA if necessary.

• D. Improving collection methods through its information technology systems
  This is not the correct answer. While a PIA may identify areas where information collection methods could be improved, its primary motivation is not to focus on improving IT systems or collection methods per se. Instead, the PIA is used to assess the privacy impact of systems and practices that collect personal information, ensuring that any changes or developments in systems respect privacy principles and legal requirements.

The primary motivation for a federal government entity to complete a Privacy Impact Assessment (PIA) is to ensure that privacy risks are assessed and mitigated as part of the approval process for new programs or systems that handle personal information. This process is essential for receiving program approvals from the Treasury Board of Canada before implementing any changes that may impact the privacy of individuals.

Therefore, the correct answer is: B.