Ch 4 - Principles of Information Mgmt Flashcards Preview

CIPP-US > Ch 4 - Principles of Information Mgmt > Flashcards

Flashcards in Ch 4 - Principles of Information Mgmt Deck (70)
Loading flashcards...
1

People with a “privacy fundamentalist” attitude towards privacy exhibit:
a. A strong desire to protect privacy
b. Low worries about privacy
c. Varying concern about privacy depending on context
d. None of the above

a. A strong desire to protect privacy

2

People with a “privacy unconcerned” attitude towards privacy exhibit:
a. A strong desire to protect privacy
b. Varying concern about privacy depending on context
c. Low worries about privacy
d. None of the above

c. Low worries about privacy

3

Which of the following is an attribute of a “privacy pragmatist”?
a. Level of concern is dependent on context
b. Willing to give up some privacy in exchange for benefits
c. Strong desire to protect privacy at any cost
d. Only a and b

d. Only a and b

4

Which of the following was a major contributing factor to privacy concerns related to government surveillance?
a. President Obama’s 2012 White House Report
b. Edward Snowden’s 2013 WikiLeaks about the NSA
c. 2013 Privacy Report published by the Federal Trade Commission
d. Only a and b

b. Edward Snowden’s 2013 WikiLeaks about the NSA

5

The role of a privacy professional includes:
a. Monitoring external environment for changes to regulations and laws
b. Alerting stakeholders to divergent perspectives within the industry and legal landscape
c. Identifying compliance challenges, and design policies to address ways to manage the risk
d. All of the above

d. All of the above

6

Which of the following best describes an element of legal risk?
a. Administrative efficiency of the organization’s privacy program
b. Ability of the organization to receive a return on investment in information and related activities.
c. Compliance with applicable state, federal and international laws concerning the use of personal information
d. All of the above

c. Compliance with applicable state, federal and international laws concerning the use of personal information

7

Which of the following best describes an element of legal risk?
a. Compliance with contractual commitments, privacy promises and commitments to follow industry standards
b. Administrative efficiency of the organization’s privacy program
c. Ability of the organization to receive a return on investment in information and related activities.
d. All of the above

a. Compliance with contractual commitments, privacy promises and commitments to follow industry standards

8

Which of the following best describes an element of reputational risk?
a. Compliance with contractual commitments, privacy promises and commitments to follow industry standards
b. Protecting the trust of consumers regarding the organization’s commitment to following through on its privacy policies
c. Compliance with applicable state, federal and international laws concerning the use of personal information
d. All of the above

b. Protecting the trust of consumers regarding the organization’s commitment to following through on its privacy policies

9

Which of the following best describes an element of operational risk?
a. Administrative efficiency of the organization’s privacy program
b. Ability of the organization to receive a return on investment in information and related activities.
c. Compliance with applicable state, federal and international laws concerning the use of personal information
d. All of the above

a. Administrative efficiency of the organization’s privacy program

10

Which of the following best describes an element of investment risk?
a. Administrative efficiency of the organization’s privacy program
b. Compliance with applicable state, federal and international laws concerning the use of personal information
c. Ability of the organization to receive a return on investment in information and related activities
d. All of the above

c. Ability of the organization to receive a return on investment in information and related activities

11

A good information management program
a. Uses a holistic approach in assessing the risks and benefits of processing personal information
b. Helps develop policies for important activities
c. Informs activities and processes used to comply with policies
d. All of the above

d. All of the above

12

Which of the following best describes the four basic steps for managing information?
a. Discover, analyze, build, and communicate
b. Discover, build, communicate, and evolve
c. Search, discover, communicate, and evolve
d. None of the above

b. Discover, build, communicate, and evolve

13

Which of the following occurs during the Discover phase of information management?
a. Issue identification and self-assessment
b. Procedure development and verification
c. Full implementation
d. All of the above

a. Issue identification and self-assessment

14

Which of the following occurs during the Discover phase of information management?
a. Issue identification
b. Self-assessment
c. Determination of best practices
d. All of the above

d. All of the above

15

Which of the following occurs during the Build phase of information management?
a. Procedure development and verification
b. Determination of best practices
c. Education
d. All of the above

a. Procedure development and verification

16

Which of the following occurs during the Build phase of information management?
a. Issue identification and self-assessment
b. Documentation
c. Full implementation
d. All of the above

c. Full implementation

17

Which of the following occurs during the Communicate phase of information management?
a. Adaptation
b. Procedure development and verification
c. Documentation
d. All of the above

c. Documentation

18

Which of the following occurs during the Communicate phase of information management?
a. Determination of best practices
b. Education
c. Full implementation
d. All of the above

b. Education

19

Which of the following occurs during the Evolve phase of information management?
a. Affirmation
b. Monitoring
c. Adaptation
d. All of the above

d. All of the above

20

A data inventory is required for businesses in some industries under:
a. Gramm-Leach-Bliley Act Privacy Rule
b. Gramm-Leach-Bliley Act Safeguards Rule
c. APEC Privacy Rule
d. None of the above

b. Gramm-Leach-Bliley Act Safeguards Rule

21

An organized and documented data inventory:
a. Identifies reputational and legal risks
b. Helps mitigate penalties
c. Should be reviewed and updated on a regular basis
d. All of the above

d. All of the above

22

Data classification:
a. Defines the level of protection needed for specific types of data based on its sensitivity
b. Identifies legal risks for data during a self-assessment
c. Determines which laws and regulations apply to the data flows occurring both internally and externally
d. All of the above

a. Defines the level of protection needed for specific types of data based on its sensitivity

23

Holding all data in one system:
a. Is a best practice for ensuring ease of management
b. May help reduce duplicate entries
c. May increase the impact of a single data breach
d. None of the above

c. May increase the impact of a single data breach

24

A documented well-organized data classification system helps an organization:
a. Respond to compliance audits for specific types of data
b. Respond more effectively to legal discovery requests
c. Efficiently use storage resources
d. All of the above

d. All of the above

25

Documenting data flows should include:
a. How to respond to legal discovery requests
b. Mapping of systems, applications and processes for handling data
c. A plan for responding to a data breach
d. All of the above

b. Mapping of systems, applications and processes for handling data

26

Which of the following is a primary consideration for addressing privacy risk in an organization as it relates to sensitive personal information?
a. Where, how, and how long the data is stored
b. Current laws for obtaining a search warrant
c. Number of team members in Human Resources
d. All of the above

a. Where, how, and how long the data is stored

27

Which of the following is a primary consideration for addressing privacy risk in an organization as it relates to sensitive personal information?
a. How a customer’s marital status is documented
b. Determining how sensitive the information is
c. Current laws for authenticating a customer
d. All of the above

b. Determining how sensitive the information is

28

Which of the following is a primary consideration for addressing privacy risk in an organization as it relates to sensitive personal information?
a. Whether or not the information should be encrypted
b. Whether or not the information will be transferred to other countries, and how it will be transferred
c. Data authorities who enforce the rules for the information
d. All of the above

d. All of the above

29

Which of the following is a primary consideration for addressing privacy risk in an organization as it relates to sensitive personal information?
a. Documenting a customer’s marital status
b. Best practices for providing personal information to law enforcement
c. How the information is processed and the activities performed to maintain the processes
d. All of the above

c. How the information is processed and the activities performed to maintain the processes

30

Which of the following is a primary consideration for addressing privacy risk in an organization as it relates to sensitive personal information?
a. Whether the use of the personal information is dependent upon other systems
b. Names of third parties processing data
c. Legal team’s knowledge in the area of privacy
d. All of the above

a. Whether the use of the personal information is dependent upon other systems