



































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
CIPP US PRACTICE EXAM 2 FINAL SCRIPT 2026 COMPLETE SOLUTION SET
Typology: Exams
1 / 43
This page cannot be seen from the preview
Don't miss anything!




































◉ What is the exception to the CA law? Answer: There is an exception for the good faith acquisition of PI by an employee or agent of the business, provided the PI is not used or subject to further unauthorized disclosure. ◉ When is a delay in providing notice permissible? Answer: When a delay is requested by law enforcement. ◉ Who enforces the CA law? Answer: The CA Attorney General enforces the law. ◉ True/false: the law provides for a private cause of action. Answer: True. ◉ What happens if one doesn't comply with the CA law? Answer: The CA attorney general or any citizen can file a civil lawsuit against you, seeking damages and forcing you to comply. ◉ Why does the CA data notification law exist? Answer: SB 1386 was enacted because there is a fear that security breaches of computerized databases cause identity theft and individuals should
be notified about the breach so that they can take steps to protect themselves. If you have a security breach that puts people at real risk of identity theft, you should consider notifying them even if you are not subject to this law. ◉ What is the FTC? Answer: The Federal Trade Commission is an independent agency governed by a chairman and four other commissioners. ◉ True/False: The FTC's decisions are under the president's control. Answer: FALSE ◉ What authority does the FTC have? Answer: Authority to enforce against "unfair and deceptive trade practices", as well as specific statutory responsibility for issues such as (a) children's privacy online and (b) commercial e-mail marketing. ◉ What are some of the ways that the FTC has played a prominent role in the development of US privacy standards? Answer: The FTC conducts public workshops on privacy issues, and reports on privacy policy and enforcement. ◉ Are there other federal agencies involved in privacy enforcement? Answer: Yes, although the FTC plays a leading role.
◉ What does the Fair Credit Reporting Act allow? Answer: It has a private right of action, which allows a person to sue a company if his consumer reports have been used inappropriately. ◉ What is criminal litigation? Answer: Criminal lit involves lawsuits brought by the government for violations of criminal laws. ◉ How is criminal litigation different from civil litigation? Answer: Civil lit involves an effort by a private party to correct specific harms. Criminal prosecution, brought by gov, can lead to imprisonment and criminal fines. ◉ Who prosecutes criminal laws? Answer: Department of Justice in the federal government. For states, the state attorney general and local officials (district attorney) usually have criminal prosecutorial power. ◉ What are administrative enforcement actions? Answer: These are carried out pursuant to the statutes that create and empower an agency, such as the FTC. ◉ Where are the rules found for agency enforcement actions in the federal government? Answer: the Administrative Procedure Act (APA).
◉ What does the APA contain? Answer: The APA sets forth basic rules for adjudication within an agency, where court-like hearings may take place before an administrative law judge. ◉ What is the appeals process for agency enforcement actions? Answer: Federal agency adjudications can generally be appealed to federal court. ◉ True/false: A federal agency may sue a party in federal court, with the agency as the plaintiff in a civil action. Answer: True. ◉ Which agencies are responsible for medical privacy? Answer: Office for Civil Rights in the Department of Health and Human Services (HHS), for the Health Insurance Portability and Accountability Act (HIPAA) ◉ Which agencies oversee financial privacy? Answer: Consumer Financial Protection Bureau for financial consumer protection issues generally; federal financial regulators such as the Federal Reserve and the Office of Comptroller of the Currency, for institutions under their jurisdiction under the Gramm-Leach-Bliley Act (GLBA) ◉ Which agencies are responsible for educational privacy? Answer: Department of Education for the Family Educational Rights and Privacy Act.
◉ What are some of the other functions of the OMB? Answer: OMB also issues guidance to agencies and contractors on privacy and information security issues, such as data breach disclosure and privacy impact assessments. ◉ To which agencies does the Privacy Act of 1974 apply? Answer: federal agencies and private sector contractors to those agencies. ◉ Which Department is subject to privacy rules concerning tax records, including disclosures of such records in the private sector? Answer: Internal Revenue Service (IRS) ◉ Describe one way in which other parts of the Department of Treasury are also involved with financial records issues. Answer: They are involved in money-laundering rules at the Financial Crimes Enforcement Network. ◉ What are some of the privacy issues faced by the Department of Homeland Security? Answer: E-Verify program for new employees, rules for air traveler records (Transportation Security Administration), and immigration and other border issues (Immigration and Customs Enforcement)
◉ What agencies are affected by the increasing development of smart grid? Answer: Smart grid development is making privacy an important issues for the electric utility system, involving the Department of Energy. ◉ Which agency is affected by the increasing use of Unmanned Aerial Vehicles (drones)? Answer: The surveillance implications have raised issues for the Federal Aviation Administration (FAA). ◉ True/false: Almost every agency in the federal government is or may soon become involved with privacy in some manner within that agency's jurisdiction. Answer: True. ◉ What is the sole federal agency to bring criminal enforcement actions which can results in imprisonment or criminal fines? Answer: Department of Justice. ◉ Name one statue that provides for both civil and criminal enforcement Answer: HIPAA. ◉ Where a statute provides for both civil and criminal enforcement, how is jurisdiction apportioned? Answer: Procedures exist for the roles of both HHS and the Department of Justice (in HIPAAs case)' ◉ When was the FTC founded? Answer: 1914
◉ Does FTC Act Section 5 say anything specifically about privacy or information security? Answer: No. ◉ True/false: The application of Section 5 to privacy and information security is clearly established today Answer: True. ◉ What marks the beginning of the FTC's enforcement of privacy violations? Answer: The Fair Credit Reporting Act of 1970. ◉ When did the FTC begin bringing privacy enforcement cases under its powers to address unfair and deceptive practices? Answer: During the 1990s. ◉ Name the ways in which Congress added privacy-related responsibilities to the FTC over time. Answer: The Children's Online Privacy Protection Act (COPPA) of 1998 and the Controlling the Assault of Non-Solicited Portnography and Marketing (CAN-SPAM) Act of 2003. ◉ What does Section 6 of the FTC Act do? Answer: It vests the commission with the authority to conduct investigations and to require businesses to submit investigatory reports under oath.
◉ To what does the FTC Act Section 5 apply and not apply? Answer: It applies to "unfair and deceptive practices in commerce" and does not apply to nonprofit organizations. It's powers also do not extend to certain industries, such as banks and other federally regulated financial institutions, as well as common carriers such as transportation and communications industries. ◉ What other issues does the FTC retain authority over? Answer: In addition to the authority granted under Section 5, the FTC retains separate and specific authority over privacy and security issues under other federal statutes. ◉ Until the creation of which agency did the FTC issue rules and guidance for the Fair Credit Reporting act and Gramm-Leach-Bliley Act? Answer: Consumer Financial Protection Bureau (CFPB) ◉ What amended the Fair Credit Reporting Act? Answer: The Fair and Accurate Credit Transactions Act of 2003. ◉ What authorities does the CFPB hold? Answer: Authority to issues rules and guidance for the FCRA and GLBA, and shares enforcement authority with the FTC for financial institutions that are not covered by a separate financial regulator. ◉ Who is the rule-making and enforcement agency for COPPA? Answer: FTC.
◉ Describe the situation surrounding FTC and the APA rule-making authority. Answer: FTC has supported congressional proposals to provide the FTC with APA rule-making authority; such proposal shave not been successful to date, in part due to opposition from companies that are against increased regulation. ◉ What begins the typical FTC enforcement action? Answer: A claim that a company has committed an unfair or deceptive practice OR has violated a specific consumer protection law. ◉ In what ways can the enforcement action be brought to the FTC's attention? Answer: "1. press reports covering the questionable practices ◉ 2. complaints from consumer groups of competitors" Answer: ◉ What options might the FTC exercise if the complaint is minor? Answer: FTC may work with the company to resolve the problem without launching a formal investigation. ◉ In what situations will the FTC proceed to full enforcement? Answer: Where the violation is significant or there is a pattern of noncompliance.
◉ What are some actions allowed under the FTC's broad investigative authority? Answer: "1. subpoenas of witnesses ◉ 2. civil investigative demands Answer: ◉ 3. requirements for businesses to submit written reports under oath" Answer: ◉ What may the commission do after an investigation? Answer: The commission may initiate an enforcement action if it has reason to believe a law is being or has been violated. It issues a complaint. ◉ What happens after the commission issues a complaint? Answer: An administrative trial can proceed before an administrative law judge (ALJ). ◉ Can the Administrative Law Judge's opinion be appealed? Answer: Yes, it can be appealed to the five commissioners. ◉ Can the decision of the five commissioners on appeal be appealed? Answer: Yes, it can be appealed to the federal district court.
◉ How have FTC privacy enforcement actions been settled in practice? Answer: Through consent decrees and accompanying consent orders. ◉ What is a consent decree? Answer: In a consent decree, the respondent does not admit fault, but promises to change its practices. ◉ Where are consent decrees posted? Answer: Publicly on the FTC's website. ◉ What can the details of these consent decrees be used to do? Answer: The details of these decrees provide guidance about what practices the FTC considers inappropriate. ◉ Once an individual or company has agreed to a consent decree, what can violations of that decree lead to? Answer: Following an FTC investigation, it can lead to enforcement in the federal district court, including civil penalties as discussed above. ◉ What can the federal court grant? Answer: It can grant injunctions and other forms of relief. ◉ Which FTC division monitors and litigates violates of consent decrees in cooperation with the Department of Justice? Answer: The
FTC's Enforcement Division within the Bureau of Consumer Protection. ◉ True/false: Consent decree terms vary depending on the violation. Answer: TRUE ◉ What does the consent decree usually state? Answer: What affirmative actions the respondent needs to take and which practices their respondent must refrain from engaging in. ◉ What does the consent decree require of the respondent? Answer: To maintain proof of compliance with the decree; inform all related individuals of the consent decree obligations; provide the FTC with confirmation of its compliance with the decree; inform the FTC if company changes will affect the respondent's ability to adhere to its terms. ◉ Can FTC respondents face civil penalties for noncompliance with a consent decree? Answer: Yes. ◉ What are companies increasingly subjected to or required to do re: privacy cases? Answer: Companies are subject to periodic outside audits or reviews of their practices, or they may be required to adopt and implement a comprehensive privacy program.
◉ True/false: Review of nonprivacy decrees can be instructive for lawyers or others who seek to understand the FTC's approach to and priorities for consumer protection consent decrees. Answer: True. ◉ What motivated the FTC and Commerce Department to begin convening public workshops and conduction other activities to highlight the importance of privacy protection on websites? Answer: An increase in commercial activity on the Internet that became significant in the mid-1990s. ◉ When did organizations begin to post public privacy notices on their websites? Answer: Mid-1990s. ◉ What purpose do privacy notices serve? Answer: Help inform customers about how their PI was being collected and used, as well as helping with enforcement purposes. ◉ How do privacy notices help with enforcement? Answer: If a company promised a certain level of privacy or security on a company website or elsewhere, and the company did not fulfill its promise, then the FTC considered that breach of promise a "deceptive" practice under Section 5 of the FTC Act. ◉ Is there an omnibus federal law requiring companies to have public privacy notices? Answer: No, Sector-specific statutes such as HIPAA, GLBA, and COPPA impose notice requirements
◉ What does California require of companies and organizations doing in-state business? Answer: To post privacy policies on their websites. ◉ Where there is no legal requirement to do so, do the vast majority of commercial websites post privacy websites? Answer: Yes, according to an FTC survey conducted in 2000. ◉ What does the FTC investigate when a company posts a privacy notice? Answer: Whether they adhere to their own policies; if not, the FTC will bring an enforcement action for deceptive trade practices. ◉ What was the first FTC Internet privacy enforcement action? Answer: In the Matter of GeoCities, Inc. ◉ What are the facts of the GeoCities case? Answer: GeoCities operated a website that provided an online community through which users could maintain personal home pages. To register and become a member of GeoCities, users were required to fill out an online form that requested PI, with which GeoCities created an extensive info database. GeoCities promised on its website that the collected information would not be sold or distributed without user consent.