CIPP-US Online Practice Questions and Answers
What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?
A. A consent decree
B. Stare decisis decree
C. A judgment rider
D. Common law judgment
SCENARIO
Please use the following to answer the next question:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.
"Doing your homework?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?"
"It's asking questions about my opinions."
"Let me see," Matt said, and began reading the list of questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten."
Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and
the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his
name, address, telephone number, and date of birth, and to answer questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and
he decided it was time to report the incident to the proper authorities.
How could the marketer have best changed its privacy management program to meet COPPA "Safe Harbor" requirements?
A. By receiving FTC approval for the content of its emails
B. By making a COPPA privacy notice available on website
C. By participating in an approved self-regulatory program
D. By regularly assessing the security risks to consumer privacy
A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than 500 individuals. According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?
A. Department of Health and Human Services
B. The affected individuals
C. The local media
D. Medical providers
What is the main purpose of the CAN-SPAM Act?
A. To diminish the use of electronic messages to send sexually explicit materials
B. To authorize the states to enforce federal privacy laws for electronic marketing
C. To empower the FTC to create rules for messages containing sexually explicit content
D. To ensure that organizations respect individual rights when using electronic advertising
The Video Privacy Protection Act of 1988 restricted which of the following?
A. Which purchase records of audio visual materials may be disclosed
B. When downloading of copyrighted audio visual materials is allowed
C. When a user's viewing of online video content can be monitored
D. Who advertisements for videos and video games may target
The Cable Communications Policy Act of 1984 requires which activity?
A. Delivery of an annual notice detailing how subscriber information is to be used
B. Destruction of personal information a maximum of six months after it is no longer needed
C. Notice to subscribers of any investigation involving unauthorized reception of cable services
D. Obtaining subscriber consent for disseminating any personal information necessary to render cable services
Which of the following best describes private-sector workplace monitoring in the United States?
A. Employers have broad authority to monitor their employees
B. U.S. federal law restricts monitoring only to industries for which it is necessary
C. Judgments in private lawsuits have severely limited the monitoring of employees
D. Most employees are protected from workplace monitoring by the U.S. Constitution
California's SB 1386 was the first law of its type in the United States to do what?
A. Require commercial entities to disclose a security data breach concerning personal information about the state's residents
B. Require notification of non-California residents of a breach that occurred in California
C. Require encryption of sensitive information stored on servers that are Internet connected
D. Require state attorney general enforcement of federal regulations against unfair and deceptive trade practices
Global Manufacturing Co's Human Resources department recently purchased a new software tool. This tool helps evaluate future candidates for executive roles by scanning emails to see what those candidates say and what is said about them. This provides the HR department with an automated "360 review" that lets them know how the candidate thinks and operates, what their peers and direct reports say about them, and how well they interact with each other.
What is the most important step for the Human Resources Department to take when implementing this new software?
A. Making sure that the software does not unintentionally discriminate against protected groups.
B. Ensuring that the software contains a privacy notice explaining that employees have no right to privacy as long as they are running this software on organization systems to scan email systems.
C. Confirming that employees have read and signed the employee handbook where they have been advised that they have no right to privacy as long as they are using the organization's systems, regardless of the protected group or laws enforced by EEOC.
D. Providing notice to employees that their emails will be scanned by the software and creating automated profiles.
Sarah lives in San Francisco, California. Based on a dramatic increase in unsolicited commercial emails, Sarah believes that a major social media platform with over 50 million users has collected a lot of personal information about her. The company that runs the platform is based in New York and France.
Why is Sarah entitled to ask the social media platform to delete the personal information they have collected about her?
A. Any company with a presence in Europe must comply with the General Data Protection Regulation globally, including in response to data subject deletion requests.
B. Under Section 5 of the FTC Act, the Federal Trade Commission has held that refusing to delete an individual's personal information upon request constitutes an unfair practice.
C. The California Consumer Privacy Act entitles Sarah to request deletion of her personal information.
D. The New York "Stop Hacks and Improve Electronic Data Security" (SHIELD) Act requires that businesses under New York's jurisdiction must delete customers' personal information upon request.
SCENARIO
Please use the following to answer the next question:
When there was a data breach involving customer personal and financial information at a large retail store, the company's directors were shocked. However, Roberta, a privacy analyst at the company and a victim of identity theft herself, was
not. Prior to the breach, she had been working on a privacy program report for the executives. How the company shared and handled data across its organization was a major concern. There were neither adequate rules about access to
customer information nor
procedures for purging and destroying outdated data. In her research, Roberta had discovered that even low-level employees had access to all of the company's customer data, including financial records, and that the company still had in its
possession obsolete customer data going back to the 1980s.
Her report recommended three main reforms. First, permit access on an as-needs-to-know basis. This would mean restricting employees' access to customer information to data that was relevant to the work performed. Second, create a
highly secure database for storing customers' financial information (e.g., credit card and bank account numbers) separate from less sensitive information. Third, identify outdated customer information and then develop a process for securely
disposing of it.
When the breach occurred, the company's executives called Roberta to a meeting where she presented the recommendations in her report. She explained that the company having a national customer base meant it would have to ensure that
it complied with all relevant state breach notification laws. Thanks to Roberta's guidance, the company was able to notify customers quickly and within the specific timeframes set by state breach notification laws.
Soon after, the executives approved the changes to the privacy program that Roberta recommended in her report. The privacy program is far more effective now because of these changes and, also, because privacy and security are now
considered the responsibility of every employee.
Based on the problems with the company's privacy security that Roberta identifies, what
is the most likely cause of the breach?
A. Mishandling of information caused by lack of access controls.
B. Unintended disclosure of information shared with a third party.
C. Fraud involving credit card theft at point-of-service terminals.
D. Lost company property such as a computer or flash drive.
In a case of civil litigation, what might a defendant who is being sued for distributing an employee's private information face?
A. Probation.
B. Criminal fines.
C. An injunction.
D. A jail sentence.
Which federal agency plays a role in privacy policy, but does NOT have regulatory authority?
A. The Office of the Comptroller of the Currency.
B. The Federal Communications Commission.
C. The Department of Transportation.
D. The Department of Commerce.
Under the Fair Credit Reporting Act (FCRA), what must a person who is denied employment based upon his credit history receive?
A. A prompt notification from the employer.
B. An opportunity to reapply with the employer.
C. Information from several consumer reporting agencies (CRAs).
D. A list of rights from the Consumer Financial Protection Bureau (CFPB).
Which of the following federal agencies does NOT have regulatory authority related to privacy?
A. Consumer Financial Protection Bureau.
B. U.S. Department of Transportation.
C. U.S. Department of Commerce.
D. Federal Reserve
Why select/choose certbus.com?
Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.
Copyright © 2004-2025 certbus.com, All Rights Reserved.