




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
CIPP/US, CIPP/US Practice Questions, CIPP/US, CIPP US
Typology: Exams
1 / 173
This page cannot be seen from the preview
Don't miss anything!





























































































CIPP/US, CIPP/US Practice Questions, CIPP/US, CIPP US In what ways can the enforcement action be brought to the FTC's attention? - ANSWER 1. press reports covering the questionable practices2. complaints from consumer groups of competitors Which agencies are responsible for educational privacy? - ANSWER Department of Education for the Family Educational Rights and Privacy Act. What are some of the ways that the FTC has played a prominent role in the development of US privacy standards? - ANSWER The FTC conducts public workshops on privacy issues, and reports on privacy policy and enforcement. Access - ANSWER The ability to view personal information held by an organization. This may be supplemented by allowing updates or corrections to the information. U.S. laws often provide for access and correction when the information is used for any type of substantive decision making, such as for credit reports. Americans with Disabilities Act (ADA) - ANSWER Bars discrimination against qualified individuals with disabilities; places restrictions on pre-employment medical screening. Consumer Financial Protection Bureau (CFPB) - ANSWER Has enforcement power for unfair, deceptive or abusive acts and practices for financial institutions. Choice - ANSWER The ability to specify whether personal information will be collected and/or how it will be used or disclosed. Choice can be express or implied. Common Law - ANSWER Legal principles that have developed over time in judicial decisions (case law), often drawing on social customs and expectations. Consent Decree - ANSWER A judgment entered by consent of the parties (a federal or state agency and an adverse party) whereby the defendant agrees to stop alleged illegal activity, typically without admitting guilt or wrongdoing. Consumer Reporting Agency (CRA) - ANSWER Any person or entity that complies or evaluates personal information for the purpose of furnishing consumer reports to third parties for a fee.
Data Breach - ANSWER The intentional or unintentional release of secure information to an untrusted environment. Data Classification - ANSWER Defines the clearance of individuals who can access or handle a given set of data, as well as the baseline level of protection that is appropriate for that data. Deceptive Trade Practices - ANSWER Along with unfair trade practices, behavior of an organization that can be enforced against by the FTC. Defamation - ANSWER Any act or communication intending to harm the reputation of another as to lower him in the estimation of the community or to deter third persons from associating or dealing with him. Electronic Discovery (e-discovery) - ANSWER Discovery in civil litigation dealing with the exchange of information in electronic format, often requiring digital forensics analysis. Electronically Stored Information (ESI) - ANSWER A category of information that can include e-mail, word-processing documents, server logs, instant messaging transcripts, voicemail systems, social networking records, thumb drives, or data on SD cards. Equal Employment Opportunity Commission (EEOC) - ANSWER A federal agency overseeing many laws preventing discrimination in the workplace, include Title VII of the Civil Rights Act, the Age Discrimination in Employment Act of 1967 (ADEA) and Titles I and V of the Americans with Disabilities Act of 1990 (ADA). Evidentiary Privilege - ANSWER Privileges limiting or prohibiting disclosure of personal information in the context of investigations and litigation, such as attorney-client privilege. Fair Credit Reporting Act (FCRA) - ANSWER Enacted in 1970 to regulate the consumer reporting industry and provide privacy rights in consumer reports, FCRA mandates accurate and relevant data collection, provides consumers with the ability to access and correct their information, and limits the use of consumer reports to defined permissible purposes. Federal Trade Commission (FTC) - ANSWER An independent consumer protection agency governed by a chairman and four other commissioners with the authority to enforce against unfair and deceptive trade practices. Global Privacy Enforcement Network (GPEN) - ANSWER Established in 2010 by the FTC and enforcement authorities from around the world, the GPEN
Personal Health Information (PHI) - ANSWER Any individually indentifiable health information with data elements which could reasonably be expected to allow individual identification. Personal Health Record (PHR) - ANSWER A record maintained by the patient to track health and medical care information across a duration of time. Preemption - ANSWER The ability for one government's laws to supersede those of another, such as federal law overriding individual state law. Privacy Notice - ANSWER An external communication from an organization to consumers, customers or users to describe an organization's privacy practices. Privacy Policy - ANSWER An internal standards document to describe an organization's privacy practices. Private Right of Action - ANSWER The ability of an individual harmed by a violation of law to bring suit against the violator. Privilege - ANSWER A rule of evidence that protects confidential information communicated between a client and legal advisor. Protective Order - ANSWER A judge-issued determination of what information contained in court records should not be made public and what conditions apply to who may access the protected information. Publicity Given to Private Life - ANSWER A tort claim that considers publicity given to an individual's private life by another is an invasion of privacy and subject to liability. Qualified Protection Order (QPO) - ANSWER Under HIPAA, a QPO prohibits the use of disclosure of PHI for any purpose other than the litigation for which the information was requested; it also requires the return of PHI to the covered entity at the close of litigation. Red Flags Rule - ANSWER Promulgated under FACTA, the Red Flags Rule requires certain financial entities to develop and implement identity theft detection programs to identify and respond to "red flags" that signal identity theft. Redaction - ANSWER The practice of identifying and removing or blocking information from documents being produced pursuant to a discovery request or evidence in a court proceeding.
Sedona Conference - ANSWER A nonprofit research and educational institute responsible for the establishment of standards and best practices for managing electronic discovery compliance through data retention policies. Stored Communications - ANSWER A category of data prohibited from unauthorized acquisitionn, alteration or blocking while stored in a facility through which electronic communications service is provided. Substitute Notice - ANSWER Pursuant to breach notification laws, certain entities must provide for substitute notice of data breach in a situation where insufficient or out-of-date contact information is held. Trust Marks - ANSWER Demonstration of compliance with self-regulatory programs by display of a seal, logo, or certification. Unfair Trade Practices - ANSWER Along with deceptive trade practices, behavior of an organization that can be enforced against by the FTC. Authentication - ANSWER The identification of an individual account user based on a combination of security measures. Authorization - ANSWER After authentication, the proces of determining if the end user is permitted to have access to the desired resource, such as the information asset or the information system containing the asset. Choice and Consent - ANSWER Organizations should describe the choices available to individuals and should get implicit or explicit consent with respect to the collection, use, retention and disclosure of personal information. Consent is often considered especially important for disclosures of personal information to other data controllers. Comprehensive Model - ANSWER A method of data protection to govern the collection, use and dissemination of personal information in the public and private sectors, generally with an official or agency responsible for overseeing enforcement. Confidentiality - ANSWER The obligation of an individual, organization or business to protect personal information and not misuse or wrongfully disclose that information. Co-regulatory Model - ANSWER Used in Australia and New Zealand, this model emphasizes industry development of enforceable codes or standards for privacy and data protection, against the backdrop of legal requirements by the government.
Opt Out - ANSWER Opt out means that, in the absence of action by the individual, information can be shared with third parties (e.g., unless the individual checks a box to opt out, her information can go to another organization). What are the four phases of privacy program development? - ANSWER 1. Discover
Dodd-Frank Wall Street Reform and Consumer Protection Act (2010) - ANSWER 1. Created the Consumer Financial Protection Bureau (CFPB) within the Federal Reserve
Does the executive branch include federal agencies that report directly to the President? - ANSWER Yes What do federal agencies in the executive branch do? - ANSWER They implement the laws through rule making and enforce the laws through civil and criminal procedures. What are the lowest courts called in the federal court system (judicial branch)? - ANSWER District Courts. These serve as federal trial courts. Cases decided by a district court can be referred to what? - ANSWER A federal appellate court (also called a "circuit court"). What do federal circuit courts do? - ANSWER They are not trial courts; they serve as appeals courts for federal cases. The federal appeals courts are divided into how many circuits? - ANSWER 12 regional circuits; each district court is assigned to a appeals court which decides the appeals for that circuit. What are the other federal courts called? - ANSWER Special courts include the U.S. Court of Federal Claims and the U.S. Tax Court. What is the top court in the judicial branch? - ANSWER The U.S. Supreme Court. What does the U.S. Supreme Court do? - ANSWER Hears appeals from the circuit courts and decides questions of federal law; also interprets the U.S. Constitution. May also hear appeals from the highest state courts or function as a trial court in rare instances. In what circumstances do federal agencies wield power that is characteristic of all three branches of government? - ANSWER When they are given authority by Congress to promulgate and enforce rules pursuant to law. This means they operate under statutes that give them legislative power to issue rules, executive power to investigate and enforce violations of rules/statutes, and judicial power to settle particular disputes. What are the sources of law in the U.S.? - ANSWER Federal and state constitutions, legislation, case law (contracts and torts), and agency-issued regulations. What is the supreme law in the U.S.? - ANSWER The Constitution. Who drafted the Constitution and when? - ANSWER The Constitutional Convention drafted the Constitution in 1787.
True/False: The U.S. Constitution does not contain the word "Privacy". - ANSWER True. Which parts of the Constitution directly affect privacy? - ANSWER The Fourth Amendment limits on government searches. Which Supreme Court decisions affect privacy? - ANSWER The S.C. has held that a person has a right to privacy over personal issues such as contraception and abortion, arising from more general protections of due process of law. What are other sources of law affecting privacy? - ANSWER State constitutions may create stronger rights than are provided in the U.S. Constitution. Which state expressly recognizes a right to privacy in its constitution? - ANSWER California. What areas are regulated by laws enacted by federal Congress and state legislatures? - ANSWER applications of information (use of information for marketing or pre-employment screening), certain industries (such as financial institutions or healthcare providers), certain data elements (SSNs or driver's license info), or specific harms (identity theft or children's online privacy) How is law-making power distributed in the U.S.? - ANSWER Law-making power is shared between the national and state governments. What does the U.S. Constitution say about laws under the Constitution? - ANSWER It states that the Constitution and the laws passed pursuant to it, is "the supreme law of the land." When do states have the power to make laws? - ANSWER Where federal law does not prevent it, states have the power to make law. Which Amendment to the Constitution states "the powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."? - ANSWER The Tenth Amendment to the Constitution. What is one area of law where states may pass privacy/other laws with stricter requirements than federal law? - ANSWER HIPAA medical privacy rule.
What are common law's rules in regards to privacy? - ANSWER Common law upholds special privilege rules, even in the absence of statutes protecting that confidentiality. Name two special privilege rules. - ANSWER 1. Doctor-patient privilege2. attorney-client confidentiality. Does a consent decree typically admit guilt or wrongdoing? - ANSWER No. How are the courts involved in a consent decree? - ANSWER The document is approved by a judge. What does a consent decree accomplish? - ANSWER It formalizes an agreement reached between a federal or state agency and an adverse party. What are the contents of the consent decree? - ANSWER It describes the actions that the defendant will take and the decree may be subject to a public comment period. How much power does a consent decree hold? - ANSWER Once approved, the consent decree has the effect of a court decision. In what area has the FTC entered into numerous consent decrees with companies as a result of alleged violations of privacy laws. - ANSWER COPPA has allowed for several consent decrees, which require violators to pay money to the government and agree not to violate the relevant law in the future. What services do federal agencies provide? - ANSWER 1. promulgate rules and enforce them;2. provide guidance in the form of opinions. How are agency opinions interpreted and used? - ANSWER They do not carry the weight of law, but do give specific guidance to interested parties trying to interpret agency rules and regulations. What provisions might a privacy contract contain? - ANSWER data useage, data security, breach notification, jurisdiction, and damages. (A contract b/w an EU company and a US data processor might include provision requiring US co to be safe harbor certified/abide by framework) True/false: Every agreement is a legally binding contract. - ANSWER False. There are three fundamental requirements for forming a binding contract. What are the three factors required to form a contract? - ANSWER Offer, Acceptance, Consideration.
Which terms of the offer must be specific and definite? - ANSWER Price, quantity, and description. What ends the original offer? - ANSWER A counteroffer. What actions must be taken with an offer for it to qualify to form a contract? - ANSWER The offer must be communicated to another person and remain open until it is accepted, rejected, retracted or has expired. What is acceptance? - ANSWER The assent or agreement by the person to whom the offer was made that the offer is accepted. What requirements must the acceptance meet? - ANSWER The acceptance must comply with the terms of the offer and must be communicated to the person who proposed the deal. What is the bargained-for exchange? - ANSWER Consideration. What is consideration? - ANSWER The legal benefit received by one person and the legal detriment imposed on the other person. True/False: An agreement without consideration is not a contract. - ANSWER True. When may a privacy notice constitute a contract? - ANSWER If a consumer provides data to a company based on the company's promise to use the data in accordance with the terms of the notice. What are the goals of tort law? - ANSWER a. provide relief for damages incurred;b. deter others from committing the same wrongs. What are the three tort categories? - ANSWER Intentional torts, negligent torts, and strict liability torts. When did the concept of a personal privacy tort enter U.S. jurisprudence? - ANSWER The late 1890s. What are some current privacy torts? - ANSWER a. intrusion on seclusion;b. public revelation of private facts;c. interfering with a person's right to publicity;d. casting a person in a false light. What is a defense to some of the traditional privacy torts? - ANSWER The speaker is exercising free speech rights under the First Amendment. What are some other, more recent, privacy-related torts considered by courts? - ANSWER Allegations that a company was negligent for failing to provide adequate safeguards for PI, thus causing harm due to disclosure of