Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPP/US 1.0 - IAPP > dump > Flashcards

dump Flashcards

1
Q

Selfie Shenanigans is planning to implement its newest feature in US (only). It will analyze all uploaded photos for visible signs of health issues. The data is sold to the user’s health insurer which law would least possibly be broken?

A. HIPAA
B. Children’s Online Privacy Protection Act
C. GDPR
D. HITECH

A

C. GDPR only applies to Europe this was in the US only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Selfie Shenanigans. You find out the website has a privacy notice that is shown before users sign up. What needs to happen?

A

A check whether the new practice is allowed for, according to the privacy notice, needs to be performed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the Communications Assistance to Law Enforcement Act also referred to?

A. The Pen Register
B. The Digital Telephony Bill
C. The Wire
D. Track and Trace

A

B. The Digital Telephony Bill

The Communications Assistance for Law Enforcement Act (CALEA), also known as the “Digital Telephony Act,” is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In 2016 the FBI was quarreling with Apple. What was the quarrel about?

A. new firmware slowing down phones
B. helping gain access to the data on a seized phone
C. the tablets in the Federal Bureau of Investigation’s office could not fit the micro-SD required for the investigation
D. a cloud security breach exposing pictures of celebrities

A

B. Helping gain access to the data on a seized phone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is not the result of an organization starting a privacy program?

A. awareness amongst employees
B. reduced risk of compliance issues
C. an increase in breach detection rate and breach response time
D. full future proof of compliance with privacy legislation

A

D. full future proof of compliance with privacy legislation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The word privacy is NOT mentioned in the U.S. Constitution

True/ False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or false?

Health insurance providers may, under some circumstances, implement higher premiums based on genetic information.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is COIT?

A

Consumerization of information technology (COIT): Use of personal computing devices in the workplace and online services (webmail, cloud storage, social media)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

<p>Which act was passed as part of the ECPA to address interception of electronic communications in facilities where electronic communication service is provided?</p>

<p>A. Privacy Protection Act (PPA)</p>

<p>B. Stored Communications Act (SCA)</p>

<p>C. Communications Assistance to Law Enforcement Act (CALEA)</p>

<p>D. Electronic Communications Privacy Act (ECPA)</p>

A

B. Stored Communications Act (SCA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which act requires giving a privacy notice to subscribers at the time of the initial agreement (and annually thereafter) including the nature of personal information collected, how it is used, and retention period, as well as how to access and correct information?

A. Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
B. Telecommunications Act
C. Cable Communications Policy Act
D. Video Privacy Protection Act (VPPA)

A

C. Cable Communications Policy Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following terms specifically means removing or blocking information from court documents?

A. Protective order
B. Protecting publicly available information (PPAI)
C. Electronic discovery
D. Redaction

A

D. Redaction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following are required for an entity to be considered a “business” under the California Consumer Privacy Act? Select all that apply.

A. An entity that makes $10 million in annual revenue
B. An entity that holds the personal information of 50,000 people, households or devices
C. An entity that makes at least half of its revenue from the sale of personal information
D. All of the above.

A

B. An entity that holds the personal information of 50,000 people, households or devices

C. An entity that makes at least half of its revenue from the sale of personal information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which are exceptions to state breach notification laws? Select all that apply.

A. Entities subject to other, more stringent data breach notification laws
B. Entities that already follow breach notification procedures that are compatible with state law
C. Entities enrolled in self-certification programs that meet industry security standards
D. None of the above.

A

A. Entities subject to other, more stringent data breach notification laws

B. Entities that already follow breach notification procedures that are compatible with state law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Is there an overarching employment privacy law in the U.S.?

A

EXAMPLE ANSWER: There is no overarching law for employment privacy.

  • Some constitutional, federal, state, tort and statutory laws impact privacy
  • Contracts between employer and employee may impact privacy agreements
  • There is considerable local variation and complexity on employment privacy issues
  • Many U.S. labor laws mandate employee data collection and management practices, such as conducting background checks and ensuring and documenting a safe workplace environment
  • Organizations also have incentives to gather information about employees and monitor the workplace to reduce the risk of being sued for negligent hiring or supervision
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Under the Fair Credit Reporting Act (FCRA), which are employer requirements for obtaining a consumer report on an applicant? Select all that apply.

A. Have a permissible purpose
B. Provide notification of the intention to run a consumer report
C. Allow the applicant to receive a copy of the report
D. Obtain written authorization from the applicant
E. Use a qualified credit reporting agency
F. Provide notice to the credit reporting agency outlining the intended purpose of the report
G. Provide the applicant with notice and a copy of the report for dispute prior to adverse action

A

A. Have a permissible purpose
B. Provide notification of the intention to run a consumer report
C. Allow the applicant to receive a copy of the report
D. Obtain written authorization from the applicant
E. Use a qualified credit reporting agency

G. Provide the applicant with notice and a copy of the report for dispute prior to adverse action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the four steps involved in the development of a privacy program?

A. Discover, build, communicate, evolve
B. Research, design, build, audit
C. Brainstorm, propose, implement, follow-through
D. Test, learn, revise, monitor

A

A. Discover, build, communicate, evolve

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which is a provision of the Cybersecurity Information Sharing Act (CISA)? Select all that apply.

A. Companies must remove personal information before sharing

B. Companies are protected from liability for monitoring activities

C. Companies that process the personal information of 100,000 individuals or more are required to participate

D. Sharing information with the federal government does not waive privileges

E. Shared information is exempt from federal and state Freedom of Information laws

A

A. Companies must remove personal information before sharing

B. Companies are protected from liability for monitoring activities

D. Sharing information with the federal government does not waive privileges

E. Shared information is exempt from federal and state Freedom of Information laws

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Rules that govern the collection and handling of personal information regarding internet activity can be categorized as what type of privacy?

A

Information privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

True or false?

When federal laws do not provide a consumer protection that a state believes is necessary, the state may enact a law to provide the protection for its citizens.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

<p>Which of the following federal laws ensures that employee benefits programs are created fairly and administered properly?</p>

<p>A. The Health Insurance Portability and Accountability Act (HIPAA)</p>

<p>B. The Consolidated Omnibus Budget Reconciliation Act (COBRA)</p>

<p>C. The Employee Retirement Income Security Act (ERISA)</p>

<p>D. The Family and Medical Leave Act (FMLA)</p>

A

C. The Employee Retirement Income Security Act (ERISA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

<p>Which are provisions of the Fair Credit Reporting Act (FCRA)? Select all that apply.</p>

<p>A. Consumers have the ability to access and correct their information</p>

<p>B. Consumers may request annual updates and alerts</p>

<p>C. Use of consumer reports is limited to “permissible purposes”</p>

<p>D. Use of consumer reports is limited to three instances per six months</p>

A

<p>A. Consumers have the ability to access and correct their information</p>

<p>C. Use of consumer reports is limited to “permissible purposes</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

you must respond to requests of information in connection with criminal investigations and litigation, which laws did you have to comply when responding to such requests .

A

EXAMPLE ANSWERS:
• Acts involving the access of financial data

  • The Electronic Communications Privacy Act (ECPA)
  • The Communications Assistance to Law Enforcement Act (CALEA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

<p>What is a pen register?</p>

<p>A. A list of consumers who have requested to be notified if their personal information is shared with law enforcement</p>

<p>B. A list of law enforcement personnel who may obtain sensitive personal information without a court order</p>

<p>C. Records kept by financial institutions on certain financial transactions</p>

<p>D. A device that records the telephone numbers of all outgoing calls</p>

A

D. A device that records the telephone numbers of all outgoing calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

<p>Under the Right to Financial Privacy Act (RFPA), which of the following may allow a government authority access to customer financial records? Select all that apply.</p>

<p>A. Appropriate formal written request from an authorized government authority</p>

<p>B. Appropriate administrative subpoena or summons</p>

<p>C. Qualified search warrant</p>

<p>D. Legitimate interest of an authorized government authority</p>

<p>E. Customer authorization F. Appropriate judicial subpoena</p>

A

A. Appropriate formal written request from an authorized government authority

B. Appropriate administrative subpoena or summons

C. Qualified search warrant

E. Customer authorization

F. Appropriate judicial subpoena

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

From the standpoint of a privacy professional, how was the collection and storage of personal information impacted by the Snowden revelations?

A

The case study of Edward Snowden illustrates that further reforms were necessary.Snowden’s revelations led to reforms enacted via the USA FREEDOM Act.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What actions can an organization take to proactively protect personal information in the event it is required to turn over electronic data for litigation?

A

<p>• Place limits on using company email for personal use</p>

<p>• Discourage conducting company business on personal devices</p>

<p>• Implement policies and practices for when an employee leaves the organization</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

<p>True or false?</p>

<p>Materials submitted to courts during trials are usually publicly available</p>

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What U.S. laws and guidelines address data subject privacy preferences?

A

EXAMPLE ANSWERS: • Opt-in • COPPA • HIPAA • Fair Credit Reporting Act • Some email marketers (double opt-in)

  • Opt-out • GLBA • CAN-SPAM • Do Not Call rules
  • Access • HIPAA (medical records) • Fair Credit Reporting Act (credit reports) • Statements of fair information practices (e.g., OECD Guidelines, APEC Principles, Privacy Shield)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

<p>What are the pros of monitoring in the workplace? Select all that apply.</p>

<p>A. OSHA compliance</p>

<p>B. Employee morale</p>

<p>C. Physical security and cybersecurity</p>

<p>D. Training</p>

<p>E. Quality assurance</p>

A

A. OSHA compliance
C. Physical security and cybersecurity
D. Training
E. Quality assurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

True or false?

Some internet services fall within the scope of the Communications Assistance to Law Enforcement Act (CALEA).

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

<p>When a customer calls a company’s service support line and hears a recorded message that the call may be recorded for quality purposes, this qualifies as a legal exception to which act prohibiting the wiretapping of telephone calls?</p>

<p>A. Omnibus Crime Control and Safe Streets Act</p>

<p>B. Electronic Communications Privacy Act (ECPA)</p>

<p>C. Stored Communication Act (SCA)</p>

<p>D. Privacy Protection Act (PPA)</p>

A

A. Omnibus Crime Control and Safe Streets Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

<p>Which federal agency oversees “the welfare of the job seekers, wage earners, and retirees of the United States”?</p>

<p>A. Federal Trade Commission (FTC)</p>

<p>B. Department of Labor (DOL)</p>

<p>C. National Labor Relations Board (NLRB)</p>

<p>D. Occupational Safety and Health Act (OSHA)</p>

<p>E. Securities and Exchange Commission (SEC)</p>

<p>F. Equal Employment Opportunity Commission (EEOC)</p>

A

B. Department of Labor (DOL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

True or false? Restrictions on the processing of personal information may differ, depending on the source of the information.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

<p>Which is a component of the Privacy Protection Act (PPA)? Select all that apply.</p>

<p>A. Provides an extra layer of protection for members of the media and media organizations from government searches or seizures</p>

<p>B. Prohibits government officials engaged in criminal investigations from searches or seizures of media work products or documentary materials</p>

<p>C. Applies to government officers or employees at all levels of government</p>

A

<p>A. Provides an extra layer of protection for members of the media and media organizations from government searches or seizures</p>

<p>B. Prohibits government officials engaged in criminal investigations from searches or seizures of media work products or documentary materials</p>

<p>C. Applies to government officers or employees at all levels of government</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

If the PPA prohibits government officials from searching or seizing media work products or documentary materials, how could law enforcement obtain evidence from those engaged in these First Amendment activities

A

Law enforcement would need to rely on subpoenas or voluntary cooperation from the media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

<p>True or false?</p>

<p>The Telephone Consumer Protection Act (TCPA) implements the Telemarketing Sales Rule (TSR).</p>

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

True or false?
FISA was amended in 2008 because the flexible legal limits provided by the USA PATRIOT Act led to major legal, public relations and civil liberties issues

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

True or false?

All state laws regarding data breaches require third-party notification and notification to the state attorney general.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which U.S. statutes provide the FTC with additional enforcement authority over privacy issues?

A

The Children’s Online Privacy Protection Act (COPPA),

the Fair Credit Reporting Act (FCRA),

the Gramm-Leach Bliley Act (GLBA),

the CAN-SPAM Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

<p>What does NSL stand for?</p>

<p>A. National security landscape</p>

<p>B. National security letter</p>

<p>C. National security law</p>

<p>D. National security liability</p>

A

B. National security letter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

<p>Which act restricts accessing, using and disclosing customer proprietary network information (CPNI)?</p>

<p>A. Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)</p>

<p>B. Telecommunications Act</p>

<p>C. Cable Communications Policy Act</p>

<p>D. Video Privacy Protection Act (VPPA)</p>

A

B. Telecommunications Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What privacy concerns might arise as employers follow federal laws for employee benefits management in the workplace?

A

<p>EXAMPLE ANSWERS:</p>

<p>• The collection or continued maintenance of employee data when maintaining COBRA coverage</p>

<p>• The types of data that might be collected and maintained when complying with FMLA</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

<p>Which procedures should be considered regarding the termination of employment? Select all that apply.</p>

<p>A. Have a secure method to deactivate physical access badges, keys and smartcards</p>

<p>B. Disable access to computer accounts</p>

<p>C. Design IT systems to minimize disruption</p>

<p>D. Ensure the return of all devices and any company data that is held by the employee outside of the company’s systems</p>

A

<p>A. Have a secure method to deactivate physical access badges, keys and smartcards</p>

<p>B. Disable access to computer accounts</p>

<p>C. Design IT systems to minimize disruption</p>

<p>D. Ensure the return of all devices and any company data that is held by the employee outside of the company’s systems</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

<p>Which of the following is an agreement or settlement that resolves a dispute between two parties without admission of guilt or liability?</p>

<p>A. Common law</p>

<p>B. Tort law</p>

<p>C. Contract law</p>

<p>D. Consent decree</p>

A

D. Consent decree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

True or false?

The USA PATRIOT Act was passed in response to the Edward Snowden revelations.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

A. see how a company uses its personal information
B. view what personal information a company may have on record
C. correct any wrong personal information an entity may have on record
D. comprehensive approach

A

A. Relies on a confidence and trust business model

And

B. more self-regulation than government regulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

“Social engineering” is the technique by which:

A. Information security managers establish controls that protect the integrity of sensitive or personal data within an organization
B. Policy makers formulate procedural guidelines for the use, sharing or disclosure of sensitive or personal data within a community
C. Hackers or exploit artists use psychological persuasion or coercion in order to gain access to sensitive or personal data
D. Scientists and academics determine public attitudes concerning the handling of sensitive or personal data by governments, businesses and other organizations

A

C. Hackers or exploit artists use psychological persuasion or coercion in order to gain access to sensitive or personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Which of the following sources of law affect privacy for private-sector employees? Select all that apply.

A. Federal constitutional law
B. Contract law
C. Torts
D. Statutes

A

B. Contract law
C. Torts
D. Statutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

True or false?

Health insurance providers may, under some circumstances, implement higher premiums based on genetic information.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which authorities oversee privacy-related issues in the U.S.? Select all that apply.

A. The Federal Trade Commission (FTC)
B. State attorneys general
C. The national data protection authority
D. Federal financial regulators

A

A. The Federal Trade Commission (FTC)
B. State attorneys general

D. Federal financial regulator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

you must respond to requests of information in connection with criminal investigations and litigation, which laws did you have to comply when responding to such requests .

A

EXAMPLE ANSWERS:
• Acts involving the access of financial data

  • The Electronic Communications Privacy Act (ECPA)
  • The Communications Assistance to Law Enforcement Act (CALEA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

From the standpoint of a privacy professional, how was the collection and storage of personal information impacted by the Snowden revelations?

A

The case study of Edward Snowden illustrates that further reforms were necessary.Snowden’s revelations led to reforms enacted via the USA FREEDOM Act.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What actions can an organization take to proactively protect personal information in the event it is required to turn over electronic data for litigation?

A
  • Place limits on using company email for personal use
  • Discourage conducting company business on personal devices
  • Implement policies and practices for when an employee leaves the organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

True or false?

Materials submitted to courts during trials are usually publicly available

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

True or false?

Data destruction requirements are often built into state data security laws

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What U.S. laws and guidelines address data subject privacy preferences?

A

EXAMPLE ANSWERS: • Opt-in • COPPA • HIPAA • Fair Credit Reporting Act • Some email marketers (double opt-in)

  • Opt-out • GLBA • CAN-SPAM • Do Not Call rules
  • Access • HIPAA (medical records) • Fair Credit Reporting Act (credit reports) • Statements of fair information practices (e.g., OECD Guidelines, APEC Principles, Privacy Shield)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

List additional high-profile FTC consent decrees.

A
  • Eli Lilly and Company (2002)
  • Nomi (2005)
  • DesignerWare (2013)
  • LabMD (2013)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

True or false?

Some internet services fall within the scope of the Communications Assistance to Law Enforcement Act (CALEA).

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

The Civil Rights Act bars discrimination due to what? Select all that apply.

A. Race 
B. Color 
C. Religion 
D. Disabilities 
E. Sex 
F. National origin 
G. Genetic information
A 
A. Race 
B. Color 
C. Religion 
E. Sex 
F. National origin
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

True or false? Restrictions on the processing of personal information may differ, depending on the source of the information.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Which is a component of the Privacy Protection Act (PPA)? Select all that apply.

A. Provides an extra layer of protection for members of the media and media organizations from government searches or seizures

B. Prohibits government officials engaged in criminal investigations from searches or seizures of media work products or documentary materials

C. Applies to government officers or employees at all levels of government

A

A. Provides an extra layer of protection for members of the media and media organizations from government searches or seizures

B. Prohibits government officials engaged in criminal investigations from searches or seizures of media work products or documentary materials

C. Applies to government officers or employees at all levels of government

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

If the PPA prohibits government officials from searching or seizing media work products or documentary materials, how could law enforcement obtain evidence from those engaged in these First Amendment activities

A

Law enforcement would need to rely on subpoenas or voluntary cooperation from the media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

True or false?
FISA was amended in 2008 because the flexible legal limits provided by the USA PATRIOT Act led to major legal, public relations and civil liberties issues

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

True or false?

HIPAA preempts stricter state laws.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

True or false?

All state laws regarding data breaches require third-party notification and notification to the state attorney general.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

True or false?

The USA PATRIOT Act was passed in response to the Edward Snowden revelations.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

True or false?

All U.S. state laws preempt federal laws.

A

False

68
Q

True or false?

The FACTA Disposal Rule requires any entity that uses a consumer report for a business purpose to dispose of it in a way that prevents unauthorized access and misuse of the data.

A

True

69
Q

What qualifies as individually identifiable health information?

A

EXAMPLE ANSWERS: Name, address, phone number

70
Q

What are the key privacy provisions found in Title V, Subtitle A of the Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999?

A

Financial institutions must:
• Respect their customers’ privacy
• Keep their customers’ nonpublic personal information secure
• “Establish appropriate administrative, technical, and physical safeguard standards”
• Store personal information in a secure manner
• Provide notice of their sharing policies • Provide consumers an option to opt out of third-party sharing

71
Q

Which of the following provisions should be included in third party contracts to ensure an understanding of the data controller’s expectations for safeguarding consumer personal information?

a. Confidentiality provision
b. Indemnification clause
c. Arbitration clause
d. All of the above

A

a. Confidentiality provision

72
Q

Which of the following provisions should be included in third party contracts to ensure an understanding of the data controller’s expectations for safeguarding consumer personal information?

a. Agreement to settle disputes with a third party mediator
b. Agreement to indemnify data controller
c. Agreement to no further use of shared information
d. All of the above

A

c. Agreement to no further use of shared information

73
Q

Which of the following provisions should be included in third party contracts to ensure an understanding of the data controller’s expectations for safeguarding consumer personal information?

a. Agreement to require all subcontractors to follow their internal procedures
b. Agreement to require all subcontractors to attend specific privacy and security training
c. Agreement to require all subcontractors to follow privacy and security protection provisions
d. All of the above

A

c. Agreement to require all subcontractors to follow privacy and security protection provisions

74
Q

When a data processor uses subcontractors for collection, analysis, or other data management services, which of the following is not a recommended requirement of the subcontractor contract?

a. Follow privacy and security protection terms of the vendor’s contract
b. Indemnification from liability related to data breaches
c. Disclosure of transborder data flows
d. None of the above

A

b. Indemnification from liability related to data breaches

75
Q

Under the Fair Credit Reporting Act (FCRA), which are employer requirements for obtaining a consumer report on an applicant? Select all that apply.

A. Have a permissible purpose
B. Provide notification of the intention to run a consumer report
C. Allow the applicant to receive a copy of the report
D. Obtain written authorization from the applicant
E. Use a qualified credit reporting agency
F. Provide notice to the credit reporting agency outlining the intended purpose of the report
G. Provide the applicant with notice and a copy of the report for dispute prior to adverse action

A

A. Have a permissible purpose
B. Provide notification of the intention to run a consumer report
C. Allow the applicant to receive a copy of the report
D. Obtain written authorization from the applicant
E. Use a qualified credit reporting agency

G. Provide the applicant with notice and a copy of the report for dispute prior to adverse action

76
Q

Which of the examples of personal information may qualify as sensitive personal information? Select all that apply.

A. Social Security number
B. Bank account number
C. Driver’s license number D. Home phone number
E. Professional membership F. Medical history
G. Business email address

A

A. Social Security number
B. Bank account number
C. Driver’s license number
F. Medical history

77
Q

What is a pen register?

A. A list of consumers who have requested to be notified if their personal information is shared with law enforcement
B. A list of law enforcement personnel who may obtain sensitive personal information without a court order
C. Records kept by financial institutions on certain financial transactions
D. A device that records the telephone numbers of all outgoing calls

A

D. A device that records the telephone numbers of all outgoing calls

78
Q

Which legislation provides rights to parents of minors regarding sensitive information from students via surveys?

A. Family Educational Rights and Privacy Act (FERPA)
B. Protection of Pupil Rights Amendment (PPRA)
C. Children’s Online Privacy Protection Act (COPPA)

A

B. Protection of Pupil Rights Amendment (PPRA)

79
Q

What types of risk should an organization consider when designing and administering a privacy program? Select all that apply.

A. Legal 
B. Reputational 
C. Operational 
D. Investment 
E. Resources
A

A. Legal
B. Reputational
C. Operational
D. Investment

80
Q

When a customer calls a company’s service support line and hears a recorded message that the call may be recorded for quality purposes, this qualifies as a legal exception to which act prohibiting the wiretapping of telephone calls?

A. Omnibus Crime Control and Safe Streets Act
B. Electronic Communications Privacy Act (ECPA)
C. Stored Communication Act (SCA)
D. Privacy Protection Act (PPA)

A

A. Omnibus Crime Control and Safe Streets Act

81
Q

Which of the following were COPPA and other privacy related violations addressed in the FTC Enforcement Case against Gateway Learn- Hooked on Phonics?

A. collecting PII from children under the age of 13 without parental consent
B. disclosing information collected from children under the 13 to third parties without parental consent
C. retroactively changing privacy policies
D. failing to notify parents regarding changes in privacy policies

A

B. disclosing information collected from children under the 13 to third parties without parental consent

C. retroactively changing privacy policies

D. failing to notify parents regarding changes in privacy policies

82
Q

What does NSL stand for?

A. National security landscape
B. National security letter
C. National security law
D. National security liability

A

B. National security letter

83
Q

Under the U.S. National Do Not Call (DNC) Registry, how often must telemarketers update their call lists?

A. Annually
B. Every 31 days
C. Every two months
D. Semi-annually

A

B. Every 31 days

84
Q

What does MSCM stand for?

A. Multi-storage cached media
B. Microdata sets for customer metrics
C. Mobile service commercial message
D. Model for secure cyber metadata

A

C. Mobile service commercial message

85
Q

Access is a fair information principle under which an individual must be allowed to:

A. see how a company uses its personal information
B. view what personal information a company may have on record
C. correct any wrong personal information an entity may have on record
D. ask the company to remove personal information from its record

A

A. see how a company uses its personal information

B. view what personal information a company may have on record

C. correct any wrong personal information an entity may have on record

86
Q

When collecting data, what information must be given to the individual from the collector?

A. why data is being collected
B. who is collecting the data
C. any additional entities that may have access to the data
D. all of the above

A

D. all of the above

87
Q

An entity that has the power to hear and rule on a court case is said to have —- . (lower case)

A

z

88
Q

What is a member state?

A. any of the 50 states
B. any US region or state which can vote in presidential elections
C. full members of the European Union
D. all countries in the European Union plus potential candidates

A

z

89
Q

What is the name of legislation passed in 2001 which gave the US government increased access to personal data and electronic activities?

A. CAN-SPAM Act
B. the Patriot Act
C. the Gramm-Leach Biley Act

A

z

90
Q

What new requirement did the Patriot Act place on financial institutions regarding personal data?

A. stricter security systems to prevent unauthorized access
B. disallowed business with individuals the government had classified as suspicious C. required to share all personal data with the US government
D. required to report transactions which might relate to suspicious activity to the US government

A

z

91
Q

This is any individual with natural rights or any entity, such as a corporation with legal rights:

A. person
B. being
C. man
D. protected individual

A

z

92
Q

This is any data that can be used to identify and individual

A. personally identifiable information
B. personal data
C. data records
D. information

A

z

93
Q

This was written by the World Wide Web Consortium to set standards for the creation and use of privacy friendly applications on the internet:
A. list of deceptive trade practices
B. Platform for Privacy Preferences Project (P3P)
C. digital certificates
D. TRUSTe

A

z

94
Q

This is when one government’s laws override the laws of an inferior government:

A. bypass
B. pretexting
C. legislative overruling
D. preemption

A

a

95
Q

The ability to withhold or limit the amount of information an individual may share about his or herself is considered:

A. privacy
B. evasion
C. disguise
D. freedom of speech

A

A. privacy

96
Q

This is any activity performed with personal data:

A. database management
B. use and disclosure
C. customer management
D. processing of personal data

A

D. processing of personal data

97
Q

Profile Information such as an individual’s car, zip code, or favorite movie is:

A. not considered personally identifiable information
B. considered personally identifiable information
C. considered public information
D. not protected under privacy law

A

z

98
Q

This set of rules governs how data is formatted and transmitted, particularly within a network.

A. HTTP
B. HTML
C. Protocol
D. Encryption Management

A

C. Protocol

99
Q

Based on the scenario, which of the following would have helped Janice to better meet the company’s needs?

A. Creating a more comprehensive plan for implementing a new policy
B. Spending more time understanding the company’s information goals
C. Explaining the importance of transparency in implementing a new policy
D. Removing the financial burden of the company’s employee training program

A

B. Spending more time understanding the company’s information goals

100
Q

What is the main problem with Cheryl’s suggested method of communicating the new privacy policy?

A. The policy would not be considered valid if not communicated in full.
B. The policy might not be implemented consistency across departments.
C. Employees would not be comfortable with a policy that is put into action over time.
D. Employees might not understand how the documents relate to the policy as a whole.

A

B. The policy might not be implemented consistency across departments.

101
Q

What is the most likely risk of Fitness Coach, Inc. adopting Janice’s first draft of the privacy policy?

A. Leaving the company susceptible to violations by setting unrealistic goals
B. Failing to meet the needs of customers who are concerned about privacy
C. Showing a lack of trust in the organization’s privacy practices
D. Not being in standard compliance with applicable laws

A

A. Leaving the company susceptible to violations by setting unrealistic goals

102
Q

Read this notice:

Our website uses cookies. Cookies allow us to identify the computer or device you’re using to access the site, but they don’t identify you personally. For instructions on setting your Web browser to refuse cookies, click here.

What type of legal choice does not notice provide?

A. Mandatory
B. Implied consent
C. Opt-in
D. Opt-out

A

B. Implied consent

103
Q

Which authority supervises and enforces laws regarding advertising to children via the Internet?

A. The Office for Civil Rights
B. The Federal Trade Commission
C. The Federal Communications Commission
D. The Department of Homeland Security

A

B. The Federal Trade Commission

104
Q

Which jurisdiction must courts have in order to hear a particular case?

A. Subject matter jurisdiction and regulatory jurisdiction
B. Subject matter jurisdiction and professional jurisdiction
C. Personal jurisdiction and subject matter jurisdiction
D. Personal jurisdiction and professional jurisdiction

A

C. Personal jurisdiction and subject matter jurisdiction

105
Q

What is the final step of a quantitative risk analysis?

A. Determine asset value.
B. Assess the annualized rate of occurrence.
C. Derive the annualized loss expectancy.
D. Conduct a cost/benefit analysis.

A

?

106
Q

Under the Digital Millennium Copyright Act (DMCA), what type of offenses do not require prompt action by an internet service provider after it receives a notification of infringement claim from a copyright holder?

A. Storage of information by a customer on a provider’s server
B. Caching of information by the provider
C. Transmission of information over the provider’s network by a customer
D. Caching of information in a provider search engine

A

?

107
Q

FlyAway Travel has offices in both the European Union (EU) and the United States and transfers personal information between those offices regularly. They have recently received a request from an EU customer requesting that their account be terminated. Under the General Data Protection Regulation (GDPR), which requirement for processing personal information states that individuals may request that their data no longer be disseminated or processed?

A. The right to access
B. Privacy by design
C. The right to be forgotten
D. The right of data portability

A

?

108
Q

Which one of the following is not one of the three common threat modeling techniques?

A. Focused on assets
B. Focused on attackers
C. Focused on software
D. Focused on social engineering

A

?

109
Q

Which one of the following elements of information is not considered personally identifiable information that would trigger most United States (U.S.) state data breach laws?

A. Student identification number
B. Social Security number
C. Driver’s license number
D. Credit card number

A

?

110
Q

Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve multi-factor authentication?

A. Username
B. Personal identification number (PIN)
C. Security question
D. Fingerprint scan

A

?

111
Q

Yolanda is the chief privacy officer for a financial institution and is researching privacy issues related to customer checking accounts. Which one of the following laws is most likely to apply to this situation?

A. GLBA
B. SOX
C. HIPAA
D. FERPA

A

?

112
Q

Is PCI-DSS an example of:

data privacy regulation
data protection regulation
a security standard
a security protocol

A

A security standard

113
Q

Which is the best reason to perform a BIA?

to help determine current state of risk
to analyze the effect on the business

A

to help determine current state of risk

114
Q

The Housing Education and Welfare Report of 1973 lead directly to the creation of which of the following?

A. the Privacy Act of 1974
B. the Gramm-Leach-Bliley Act
C. the Freedom of Information Act
D. the Fair Information Practice Principles

A

A. the Privacy Act of 1974
And
D. The Fair Information Practice Principles

115
Q

Which of the following was a major contributing factor to privacy concerns related to government surveillance?

a. President Obama’s 2012 White House Report
b. Edward Snowden’s 2013 WikiLeaks about the NSA
c. 2013 Privacy Report published by the Federal Trade Commission
d. Only a and b

A

b. Edward Snowden’s 2013 WikiLeaks about the NSA

116
Q

<p>Which of the following are definitions used by federal agencies for entities considered ‘processors’ who process personal data on behalf of a controller?
<br></br>
<br></br>a. Business associate
<br></br>b. Service provider
<br></br>c. Encryptor
<br></br>d. Only a and b</p>

A

<p>d. Only a and b</p>

117
Q

<p>Situations that would require an express affirmative consent (opt-in), under the FTC’s guidance, prior to making the change include:
<br></br>
<br></br>a. Sharing consumer information with a third party after committing at the time of collection not to share the data
<br></br>b. Making material changes to privacy practices that differ from the practices outlined in the privacy notice given to consumers at the time of collection
<br></br>c. Changing a third-party vendor for activities outlined in the privacy notice given to customers at the time of collection
<br></br>d. Only a and b</p>

A

<p>d. Only a and b</p>

118
Q

<p>Which of the following BEST describes a situation that would warrant an organization offering ‘no consumer choice’ or ‘no option’ to a consumer in sharing personal information with a third-party?
<br></br>
<br></br>a. To process a transaction
<br></br>b. To market its own products to the consumer
<br></br>c. To respond to a legitimate legal request
<br></br>d. All of the above</p>

A

<p>d. All of the above</p>

119
Q

<p>Which of the following is NOT generally a challenge in managing user preferences for opting in or out?
<br></br>
<br></br>a. Mechanism for consumer to provide opt-in or out
<br></br>b. Identifying the consumer who requested the opt-in or out
<br></br>c. Linking a user’s interactions through multiple channels throughout the organization
<br></br>d. Scope or how broadly the user preference will apply</p>

A

<p>b. Identifying the consumer who requested the opt-in or out</p>

120
Q

<p>Which of the following is NOT generally a challenge in managing user preferences for opting in or out?
<br></br>
<br></br>a. Confirming the consumer’s opt-out or opt-in
<br></br>b. Ensuring the time period for the opt-out or opt-in meets legal requirements
<br></br>c. Linking a user’s interactions through multiple channels throughout the organization
<br></br>d. Ensuring third-party vendors process PI according to user preferences expressed to the data controller</p>

A

<p>a. Confirming the consumer’s opt-out or opt-in</p>

121
Q

<p>Under the APEC Principles, when an organization is establishing its guidelines related to access requests, which of the following should individuals be able to do?
<br></br>
<br></br>a. Obtain a response as to whether or not the organization has their personal information
<br></br>b. Obtain the personal information the organization has about them within a reasonable time, at no or minimal charge, in a reasonable manner, and in a form that’s easy to understand
<br></br>c. Challenge the information held about them and have inaccuracies corrected
<br></br>d. All of the above</p>

A

<p>d. All of the above</p>

122
Q

Which of the following is not tort that can be relied on as an employee in a privacy case?

A. intrusion upon seclusion
B. publicity given to private life
C. defamation
D. intellectual property

A

D. intellectual property

123
Q

Certain national laws preempt state law. Out of the following choices, how can preempting best be described?

A. privacy notice, under many circumstances, can be overruled by state law
B. laws of an inferior government can be superseded by those of a superior government
C. if a state has no law, it is preempted by national law
D. federal judges can preempt the president and a large part of the executive branch

A

B. laws of an inferior government can be superseded by those of a superior government

124
Q

Although there are many actions an individual can take to battle injustice, which of the following most accurately describes the private right of action?

A. to carry a concealed weapon and use it protect your privacy when someone attempts to enter your domicile
B. to start a lawsuit when a law is violated
C. to enforce the binding rules of a privacy notice
D. to forbid organizations from processing the data of minors that you are the legal guardian of

A

B. to start a lawsuit when a law is violated

125
Q

What is the name of the guidelines developed by the Asia-Pacific Economic Cooperation?

A. the OECD guidelines
B. The IT Act
C. The Fair Information Practices
D. The APEC Privacy framework

A

D. The APEC Privacy framework

126
Q

<p>Which act was passed during the Cold War to enable national security to track the activities of agents of the Soviet Union and its foreign allies?</p>

<p>A. USA PATRIOT Act</p>

<p>B. Foreign Intelligence Surveillance Act (FISA)</p>

<p>C. Cybersecurity Information Sharing Act (CISA)</p>

<p>D. USA FREEDOM Act</p>

A

B. Foreign Intelligence Surveillance Act (FISA)

127
Q

<p>Which of the following has provided standards and best practices for managing electronic discovery compliance through data retention policies?</p>

<p>A. “E-discovery” rules</p>

<p>B. The Hague Convention on the Taking of Evidence</p>

<p>C. The Sedona Conference</p>

<p>D. The GDPR</p>

A

C. The Sedona Conference

128
Q

True or false?

Data destruction requirements are often built into state data security laws

A

False

129
Q

Briefly summarize the FTC’s powers.

A

Preventing unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce,

seeking monetary redress and other relief for conduct injurious to consumers,

prescribing trade regulation rules, defining with specificity acts or practices that are unfair or deceptive,

establishing requirements designed to prevent such acts or practices.

130
Q

<p>True or false?</p>

<p>All U.S. state laws preempt federal laws.</p>

A

False

131
Q

<p>Which amendment to the United States Constitution articulates many of the fundamental concepts used by privacy professionals in the U.S.?</p>

<p>A. First Amendment</p>

<p>B. Second Amendment</p>

<p>C. Third Amendment</p>

<p>D. Fourth Amendment</p>

A

D. Fourth Amendment

132
Q

<p>In the event of a data breach, Connecticut’s breach notification law defines personal information as the first name (or initial) and last name in combination with one or more what? Select all that apply.</p>

<p>A. Social Security number</p>

<p>B. Driver’s license number</p>

<p>C. Mailing address</p>

<p>D. Phone number</p>

<p>E. Bank account or card number in combination with a security or access code</p>

A

<p>A. Social Security number</p>

<p>B. Driver’s license number</p>

<p>E. Bank account or card number in combination with a security or access code</p>

133
Q

<p>Which federal agency is the most visible proponent of privacy concerns in the U.S.?</p>

<p>A. Department of Commerce (DOC)</p>

<p>B. Department of Homeland Security (DHS)</p>

<p>C. Office for Civil Rights (HHS)</p>

<p>D. Federal Trade Commission (FTC)</p>

A

D. Federal Trade Commission (FTC)

134
Q

True or false?

The No Child Left Behind Act (NCLBA) broadened the Protection of Pupil Rights Amendment (PPRA).

A

True

135
Q

What additional technologies or areas that may be of concern to the FTC now or in the near future?

A

<p>• Algorithms</p>

<p>• Artificial intelligence</p>

<p>• Predictive analytics</p>

136
Q

<p>What does MSCM stand for?</p>

<p>A. Multi-storage cached media</p>

<p>B. Microdata sets for customer metrics</p>

<p>C. Mobile service commercial message</p>

<p>D. Model for secure cyber metadata</p>

A

C. Mobile service commercial message

137
Q

<p>What theory of legal liability is described as the absence of or failure to exercise proper or ordinary care?</p>

<p>A. Defamation</p>

<p>B. Negligence</p>

<p>C. Breach of warranty</p>

<p>D. Strict tort liability</p>

A

B. Negligence

138
Q

<p>True or False</p>

<p>The Employee Polygraph Protection Act (EPPA) prohibits employers from using lie detectors and taking adverse action against an employee who refuses to take a test.</p>

A

True

139
Q

<p>During which decade did the FTC’s perspective evolve into a harm-based model?</p>

<p>A. 1980s</p>

<p>B. 1990s</p>

<p>C. 2000s</p>

<p>D. 2010s</p>

A

C. 2000s

140
Q

You must be super careful with personal data related to children.

A

Age limit for this specific protection depends on the country: 13 for USA, 14 for South Korea, 18 for most of the other countries. There are several guidelines to protect children and avoid cyber-bullying, sexual crimes, etc.

141
Q

<p>How can courts prohibit the disclosure of personal information used or generated in litigation?</p>

<p>A. The court can issue a protective order</p>

<p>B. The court can issue a restrictive order</p>

<p>C. The court can issue a reactive order</p>

<p>D. The court can issue a national security letter</p>

A

A. The court can issue a protective order

142
Q

Federalism–what is it and how does it apply to Section 218?

A

The heart of this question goes to power and authority to act as a government, which is termed sovereignty. As a republic, the United States is a federalist form of government in which sovereignty is divided between a central authority and member state authorities. The citizens and the States granted authority to this central authority now known as the federal government. To make federalism work, the U.S. Constitution imposes certain restraints on the national and State governments. For example, States are prohibited from making treaties with foreign governments. The national government, in turn, is required by the Constitution to refrain from exercising its powers, especially its powers to tax and to regulate interstate commerce, in such a way as to interfere substantially with the ability of the states to perform their responsibilities. The 10th Amendment of the U.S. Constitution reinforces this tenant by stating that the powers not granted by the Constitution to the federal government are reserved to the states or the people.

This understanding of sovereignty and federalism was the reason that Congress did not include State and local government employers and employees in the original Social Security Act of 1935. To overcome this problem, Section 218 of the Social Security Act was enacted that allowed the States and their political subdivisions, through their States, to enter into voluntary agreements with the federal government (SSA) to provide coverage and benefits to their employees.

143
Q

Why doesn’t the Section 218 Agreement that governs voluntary Social Security and Medicare-only coverage of State and local government employees have to be changed when federal laws are amended?

A

According to the United States Constitution (Article VI), federal laws have supremacy over all laws adopted by the States. Any changes in federal law automatically change the requirements imposed on the states and local governments throughout the United States.

144
Q

Which one of the following statements is true regarding the emerging online threat of “phishing”?

A. Phishing begins most often with a telephone call
B. Phishing occurs when an Internet user is lured to a fraudulent Website
C. Phishing is a violation of the CAN-SPAM Act
D. Phishing is also known as spoofing

A

B. Phishing occurs when an Internet user is lured to a fraudulent Website

145
Q

What are the advantages and disadvantages of BYOD programs in the workplace?

A

Advantages:
• Same home/work technology
• More flexibility • Efficiency and productivity
• Employer increased accessibility to employee

  • Disadvantages:
  • Lack of employer control
  • Exposure of organization to security vulnerabilities and threats
146
Q

Which Federal law provides a model for how Government security programs should be developed and implemented?

A. the Privacy Act of 1974
B. the Federal Information Security Management Act
C. OMB Circular A-130
D. Data Quality Act

A

?

147
Q

Which federal office or department frequently issues memoranda that modify or expand upon privacy laws already enforced?

A. the Department of Health and Human Services, Office of Civil Rights
B. the Federal Trade Commission
C. the Office of the President
D. the Office of Management and Budget

A

B. the Federal Trade Commission

148
Q

Under the Fair Credit Reporting Act (FCRA), an organization that uses a consumer report is required to:

A. Ensure that data for substantive decision-making must be appropriately accurate, current and complete
B. Provide notice to consumers when a report’s data is used to make adverse decisions about them
C. Allow consumers to have access to their consumer reports and an opportunity to dispute and correct errors
D. All of the above

A

D. All of the above

149
Q

Which one of the following categories defines data elements that are considered non-public personal information under the Gramm-Leach-Bliley Act?

A. A consumer’s full name
B. A consumer’s home mailing address
C. A consumer’s home telephone number
D. A consumer’s home email address

A

D. A consumer’s home email address

150
Q

Which of the following laws cover essentially the same thing as the GLBA (Gramm- Leach-Bliley Act)?

A. California SB 1
B. HIPAA
C. COPPA
D. TSR

A

A. California SB 1

151
Q

The California SB 1 requires all of the following EXCEPT:

A. FIs (financial institutions) are prohibited from sharing personal information with non-affiliates.

B. FIs must offer an opt-out if they share personal information with affiliates.

C. FIs can only share personal information with non-affiliates with opt-in consent.

D. FIs must offer an opt-out if they share personal information with joint marketing partners.

A

A. FIs (financial institutions) are prohibited from sharing personal information with non-affiliates.

152
Q
  1. What is the central bank of the United States?

A. Treasury
B. Federal Reserve
C. Department of Commerce
D. IRS

A

D. IRS

153
Q

FACTA (Fair and Accurate Credit Transactions Act) permits third-party workplace investigations, for all of the following situations, EXCEPT:

A. If the report is only given to the employer, government regulators and self- regulatory organizations.

B. If the report is a result of an investigation conducted for specific purposes (i.e. due to suspected misconduct).

C. If the report is released to future employers, it is treated as highly sensitive
data.

D. If the report does not include an investigation of credit worthiness.

A

zC. If the report is released to future employers, it is treated as highly sensitive
data.

154
Q

Who may need privacy training? Select all that apply.

A. Customer service representatives 
B. Leaders at the executive level 
C. Marketing managers 
D. Sales executives 
E. IT staff
A 
A. Customer service representatives 
B. Leaders at the executive level 
C. Marketing managers 
D. Sales executives 
E. IT staff
155
Q

Consumer Reporting Agencies (CRAs) reasons for compiling personal records.

A

The “big three” are Equifax, TransUnion and Experian, but there are thousands of smaller CRAs that compile personal records, such as criminal records and driving histories, for other consumer reporting purposes, such as preemployment screening.

156
Q

What are the key privacy provisions found in Title V, Subtitle A of the Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999?

A

Financial institutions must:
• Respect their customers’ privacy
• Keep their customers’ nonpublic personal information secure
• “Establish appropriate administrative, technical, and physical safeguard standards”
• Store personal information in a secure manner
• Provide notice of their sharing policies
Provide consumers an option to opt out of third-party sharing

157
Q

How can the disposal rule be most accurately described?

A

A way to ensure that a consumer report is disposed of properly after it is no longer needed or allowed to be used

Rule: requires any individual or entity that uses a consumer report, or info derived from consumer report, for a business purpose to dispose of that consumer info in a way that prevents unauthorized access & misuse of the data. Applies to both small & large orgs, including consumer reporting agencies, lenders, employers, insurers, landlords, car dealers, attorneys, debt collectors & gov’t agencies

158
Q

What was US Bancorp accused of?

A

Sharing detailed customer information to a telemarketing firm

159
Q

The FCC regulates:

A. consumers
B. banks
C. Congress
D. telecommunications

A

D. telecommunications

160
Q

Examples of biometric identifiers include:

A. fingerprint patterns
B. DNA
C. facial characteristics
D. all of the above

A

D. all of the above

161
Q

——– are the routine activities undertaken by a company to ensure to their customers, retailers, warehouses and related groups that the company’s services continue to run without interruption.

A

business continuity

162
Q

This high-level business executive is in charge of making sure the company complies with all privacy laws and regulations.

A. privacy manager
B. Chief Executive Officer
C. Chief Privacy Officer
D. Chief Information Officer

A

C. Chief Privacy Officer

163
Q

Choice is defined as:

A. an individual’s ability to decide between different products or services
B. an individual’s ability to regulate how their personal information may be used by a company
C. an inalienable right
D. an individual’s ability to navigate the Web freely

A

B. an individual’s ability to regulate how their personal information may be used by a company

164
Q

Which of the following is included under the Integrity/security fair information
principle?

A. the use of reputable sources
B. creating a standardized policy for the authorization and access of data between companies
C. taking steps against the destruction and unauthorized disclosure and access to data.
D. establishing a set span of time for which information is relevant

A

A. the use of reputable sources

C. taking steps against the destruction and unauthorized disclosure and access to data.

165
Q

Which of the following is not one of the four key guidelines from Sedona Conference?

A. Professionals from several disciplines should provide input into the e-mail retention policy
B. E-mail retention policies should continually be developed
C. A Chief Information Security Officer in charge of e-discovery
D. Industry standards should be taken into account

A

C. A Chief Information Security Officer in charge of e-discovery.

Rule:

  1. Email retention policies should be administered by interdisciplinary teams composed of participants across a diverse array of business units;
  2. such teams should continually develop their understanding of the policies and practices in place and identify the gaps between policy and practice;
  3. interdisciplinary teams should reach consensus as to policies while looking to industry standards;
  4. technical solutions should meet and parallel the functional requirements of the organization.
166
Q

What is one reason the European Union has enacted more comprehensive privacy laws than the United States?

A. To ensure adequate enforcement of existing laws
B. To ensure there is adequate funding for enforcement
C. To allow separate industries to set privacy standards
D. To allow the free movement of data between member countries

A

D. To allow the free movement of data between member countries

167
Q

What is the main function of the Asia-Pacific Economic Cooperation Privacy Framework?

A. Enabling regional data transfers
B. Protecting data from parties outside the region
C. Establishing legal requirements for privacy protection in the region
D. Marketing privacy protection technologies developed in the region

A

A. Enabling regional data transfers

CIPP/US 1.0 - IAPP (39 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions