Paper 2 Ethics Issues Drills

These are original Paper 2-style practice questions. They use exact records, function names, and expected output evidence.

Detailed answers are in Paper 2 Ethics Issues Answers.

Revise the topic hub first:

Questions

Question 1: Privacy Checklist

Write privacy_issues(form) that returns a list of missing privacy items.

Required items:

  • purpose
  • consent
  • retention

Test:

form = {"name": "Amy", "phone": "91234567", "purpose": "event registration", "consent": True}
print(privacy_issues(form))

Expected output:

['retention']

[5]

Question 2: Access Log Analysis

Office hours are from 8 to 18, where the end time is not included. Write flag_after_hours(logs) to return user IDs for records with hour < 8 or hour >= 18.

Test:

logs = [
    {"user": "u1", "hour": 7},
    {"user": "u2", "hour": 9},
    {"user": "u3", "hour": 18},
    {"user": "u4", "hour": 17}
]
print(flag_after_hours(logs))

Expected output:

['u1', 'u3']

[6]

Each record stores a list of consented purposes. Write has_consent(record, purpose) that returns True only when the requested purpose is listed.

Test:

record = {"user": "u1", "consent": ["billing", "support"]}
print(has_consent(record, "billing"))
print(has_consent(record, "marketing"))

Expected output:

True
False

[6]

Question 4: Anonymisation

Write anonymise(records) that removes direct identifiers and keeps only age_group, region, and score.

Test:

records = [
    {"name": "Amy", "email": "amy@example.com", "age_group": "16-18", "region": "East", "score": 82}
]
print(anonymise(records))

Expected output:

[{'age_group': '16-18', 'region': 'East', 'score': 82}]

[6]

Question 5: Risk Register

Write risk_register() that returns these three (risk, mitigation) pairs:

RiskMitigation
unauthorised accessaccess control
excessive retentiondelete after 12 months
biased outputcompare approval rates

Expected output:

[('unauthorised access', 'access control'), ('excessive retention', 'delete after 12 months'), ('biased output', 'compare approval rates')]

[6]

Question 6: Audit Function

Write count_missing_consent(records) that counts records where consent is missing or False.

Test:

records = [
    {"user": "u1", "consent": True},
    {"user": "u2", "consent": False},
    {"user": "u3"}
]
print(count_missing_consent(records))

Expected output:

2

[5]

Question 7: Retention Rule

Write should_archive(record_date, cutoff_date) that returns True when record_date is earlier than cutoff_date.

Dates are ISO strings in YYYY-MM-DD format.

Test:

print(should_archive("2024-01-15", "2025-01-01"))
print(should_archive("2025-02-10", "2025-01-01"))

Expected output:

True
False

[6]

Question 8: Stakeholder Report

Write impact_counts(records) that counts how many impact records apply to each stakeholder.

Test:

records = [
    {"stakeholder": "students", "impact": "privacy concern"},
    {"stakeholder": "staff", "impact": "less manual work"},
    {"stakeholder": "students", "impact": "faster service"}
]
print(impact_counts(records))

Expected output:

{'students': 2, 'staff': 1}

[5]

Question 9: Bias Check

Write approval_rates(records) that returns approval rates for each group. A record has group and approved.

Test:

records = [
    {"group": "A", "approved": True},
    {"group": "A", "approved": True},
    {"group": "A", "approved": False},
    {"group": "B", "approved": True},
    {"group": "B", "approved": False},
    {"group": "B", "approved": False}
]
print(approval_rates(records))

Expected output:

{'A': 0.67, 'B': 0.33}

[7]

Question 10: Incident Response

Write ordered_incident_steps() that returns the incident response steps in this order:

  1. "contain leak"
  2. "preserve evidence"
  3. "assess affected data"
  4. "notify responsible parties"
  5. "fix cause"
  6. "review controls"

Expected output:

['contain leak', 'preserve evidence', 'assess affected data', 'notify responsible parties', 'fix cause', 'review controls']

[5]

Review Checklist

After attempting these questions, check whether you can:

  • turn ethics/privacy requirements into concrete checks;
  • process access logs, consent records, and retention dates;
  • anonymise by removing direct identifiers;
  • summarise stakeholder impacts and approval rates;
  • order incident-response steps sensibly.