Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPP/US 1.0 - IAPP > Ch. 3 Quiz Fed and State Regulators Enforcement Quiz > Flashcards

Ch. 3 Quiz Fed and State Regulators Enforcement Quiz Flashcards

1
Q

Sanctions and fines were imposed by the FTC on the following company for failure to evidence appropriate privacy training to employees:

A. Wells Fargo
B. Guess Jeans
C. Eli Lilly
D. Amazon.com

A

C. Eli Lilly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What privacy rules did the FTC accuse Gateway Learning of violating?

A. sharing customer information with third parties, as explained in its privacy policies
B. sharing customer information with third parties, against its privacy policies
C. sharing customer information without customer permission
D. videotaping customers in private areas

A

B. sharing customer information with third parties, against its privacy policies
C. sharing customer information without customer permission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In a settlement with the FTC, Gateway Learning was required to:

A. cease misrepresenting how it will use consumer information
B. pay back the money earned by renting consumer information
C. stop applying changes to its privacy policy retroactively
D. close down for business

A

A. cease misrepresenting how it will use consumer information
B. pay back the money earned by renting consumer information
C. stop applying changes to its privacy policy retroactively

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What was the issue in the Designerware, LLC case?

A. the leaking of a large amount of credit card numbers
B. key loggers, unexpected screenshots and photographs
C. a break-in on one of the servers that stored social security numbers
D. unauthorized disclosure of collected sensitive data

A

B. key loggers, unexpected screenshots and photographs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which authority supervises and enforces laws regarding advertising to children via the Internet?

A. The Office for Civil Rights
B. The Federal Trade Commission
C. The Federal Communications Commission
D. The Department of Homeland Security

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

According to Section 5 of the FTC Act, self-regulation primarily involves a company’s right to do what?

A. Determine which bodies will be involved in adjudication
B. Decide if any enforcement actions are justified
C. Adhere to its industry’s code of conduct
D. Appeal decisions made against it

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers”?

A. International data transfers
B. Large platform providers
C. Promoting enforceable self-regulatory codes
D. Do Not Track

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The “Consumer Privacy Bill of Rights” presented in a 2012 Obama administration report is generally based on?

A. The 1974 Privacy Act
B. Common law principles
C. European Union Directive
D. Traditional fair information practices

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which federal agency is the most visible proponent of privacy concerns in the U.S.?

A. Department of Commerce (DOC)
B. Department of Homeland Security (DHS)
C. Office for Civil Rights (HHS)
D. Federal Trade Commission (FTC)

A

D. Federal Trade Commission (FTC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

During which decade did the FTC’s perspective evolve into a harm-based model?

A. 1980s
B. 1990s
C. 2000s
D. 2010s

A

C. 2000s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This is any data connected with an individual:

A. personally identifiable information
B. personal data
C. data records
D. information

A

z

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This is a legal document stating an entity’s practices regarding use and disclosure of personal information.

A. notification
B. mission statement
C. privacy statement
D. personal data objective

A

C. privacy statement

?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following are privacy seal programs?

A. TRUSTe
B. BBBonline
C. phishing
D. Webtrust

A

A. TRUSTe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

According to the FTC Report of 2012, what is the main goal of Privacy by Design?

A. Obtaining consumer consent when collecting sensitive data for certain purposes
B. Establishing a system of self-regulatory codes for mobile-related services
C. Incorporating privacy protections throughout the development process
D. Implementing a system of standardization for privacy notices

A

C. Incorporating privacy protections throughout the development process

Reference: https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?

A. A consent decree
B. Stare decisis decree
C. A judgment rider
D. Common law judgment

A

A. A consent decree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The “Consumer Privacy Bill of Rights” presented in a 2012 Obama administration report is generally based on?

A. The 1974 Privacy Act
B. Common law principles
C. European Union Directive
D. Traditional fair information practices

A

C. European Union Directive

17
Q

Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers”?

A. International data transfers
B. Large platform providers
C. Promoting enforceable self-regulatory codes
D. Do Not Track

A

A. International data transfers

18
Q

According to Section 5 of the FTC Act, self-regulation primarily involves a company’s right to do what?

A. Determine which bodies will be involved in adjudication
B. Decide if any enforcement actions are justified
C. Adhere to its industry’s code of conduct
D. Appeal decisions made against it

A

A. Determine which bodies will be involved in adjudication

19
Q

In 1991, the Federal Sentencing Guidelines formalized a rule that requires senior execu- tives to take personal responsibility for information security matters. What is the name of this rule?

A. Due diligence rule
B. Personal liability rule
C. Prudent man rule
D. Due process rule

A

?

20
Q

<p>Which of the following BEST describes the FTC’s guidance in a 2012 report and 2015 update for making material retroactive changes to privacy policies?
<br></br>
<br></br>a. Notify affected consumers, and allow 60 days for an opt-out
<br></br>b. Notify affected consumers, and provide a mail-in opt-out notice
<br></br>c. Obtain express affirmative consent (opt-in) prior to making the change
<br></br>d. None of the above</p>

A

<p>c. Obtain express affirmative consent (opt-in) prior to making the change</p>

21
Q

Which of the following agencies is not responsible for privacy enforcement?

A. The FTC
B. Department of Education
C. FCC
D.Certain agencies of the executive branch

A

B. Department of Education

22
Q

What is true of the FTC?

A. The FTC is an independent agency
B. The FTC falls under direct control of the president
C. The FTC focuses solely on privacy
D. The FTC focuses solely on security

A

A. The FTC is an independent agency

23
Q

When is a data breach to be reported?

A. above 200 persons
B. above 100 persons
C. if minors are involved
D. depends on the state and breach size

A

D. depends on the state and breach size

24
Q

Is ransomware a data breach?

A. always
B. never
C. depends on whether unauthorized access has been established
D. not if the information was backed up

A

C. depends on whether unauthorized access has been established

Ransomware - (a type of malware)

(1) locks a user’s operating system, restricting the user’s access to their data &/ or device, or
(2) encrypts the data so that the user is prevented from accessing his or her files

25
Q

If an agency has authority, there are two types of authority that agency can have. Which type of authority does the FTC have?

A. general authority
B. specific authority
C. general authority as well as specific authority
D. operational authority

A

C. general authority as well as specific authority

26
Q

For which law does the FTC have specific authority?

A. GDPR
B. Children’s Online Privacy Protection Act
C. The APEC Privacy Framework
D. Fair Information Practices

A

B. Children’s Online Privacy Protection Act. Only US law, otherwise Fair Information Practices are mentioned.

27
Q

This US office enforces a number of different consumer protection, anti-trust, and privacy laws. It fights to prevent fraud and promote competitive markets:

A. the US Data Commissioner’s Office
B. the Consumer Protection Agency
C. the Department of Justice
D. the Federal Trade Commission

A

D. the Federal Trade Commission

28
Q

Which authorities oversee privacy-related issues in the U.S.? Select all that apply.

A. The Federal Trade Commission (FTC)
B. State attorneys general
C. The national data protection authority
D. Federal financial regulators

A

A. The Federal Trade Commission (FTC)
B. State attorneys general

D. Federal financial regulator

29
Q

List additional high-profile FTC consent decrees.

A

<p>• Eli Lilly and Company (2002)</p>

<p>• Nomi (2005)</p>

<p>• DesignerWare (2013)</p>

<p>• LabMD (2013)</p>

CIPP/US 1.0 - IAPP (39 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions