Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
CIPP/US Exam Practice Questions With 100% Correct Answers 2024 Which of the following definitions best defines privacy as cited in the text and related to privacy law? A. The desire of people to freely choose the circumstances and the degree which individuals will expose their attitudes and behavior to others. B. The ability of an individual to not be observed or disturbed by other people. C. The desire of people to be free from surveillance by the government or undue public attention while residing on their personal property. D. The right of an individual or group to seclude themselves from other individuals or organizations. - Correct Answer-A. The desire of people to freely choose the circumstances and the degree which individuals will expose their attitudes and behavior to others.** In most cases, the FTC settles disputes through consent decrees and consent orders. What is the maximum length of a consent decree?
Typology: Exams
1 / 15
Which of the following definitions best defines privacy as cited in the text and related to privacy law? A. The desire of people to freely choose the circumstances and the degree which individuals will expose their attitudes and behavior to others. B. The ability of an individual to not be observed or disturbed by other people. C. The desire of people to be free from surveillance by the government or undue public attention while residing on their personal property. D. The right of an individual or group to seclude themselves from other individuals or organizations. - Correct Answer-A. The desire of people to freely choose the circumstances and the degree which individuals will expose their attitudes and behavior to others.** In most cases, the FTC settles disputes through consent decrees and consent orders. What is the maximum length of a consent decree?
A. 5 years B. 10 years C. 20 years D. Indefinitely - Correct Answer-C. 20 years Which step in developing an Information Management Program involves distributing privacy policies and privacy notices? A. Build B. Communicate C. Discover D. Regulate - Correct Answer-B. Communicate Regarding data information management, which of the following tasks can help with compliance audits, quickly comply with legal discovery requests, and ensure data is stored efficiently? A. Data Mapping B. Data Classification
C. Data Flow Documentation D. Data Protection Laws - Correct Answer-B. Data Classification Which of the following would NOT fall under the jurisdiction of the GDPR? A. A German company with assets in France and employees in both companies. B. An Italian company selling products and services worldwide. C. A Spanish company that processes data of US citizens. D. A US company who sells products and services in South America. - Correct Answer-D. A US company who sells products and services in South America. Which form of malicious online threat targets an individual user and pretends to be a legitimate party, such as a bank, to steal personal data? A. Spear Phishing B. Ransomware
C. Technical Based Attack D. Hacking - Correct Answer-A. Spear Phishing Which of the following entities is the PRIMARY enforcer of the HIPAA Privacy Rule and can assess civil monetary penalties? A. Federal Trade Commission B. Office of Civil Rights C. State Attorney General D. US Department of Justice - Correct Answer-B. Office of Civil Rights Which legislation provides privacy provisions for the exemption of disclosure of certain biomedical information, securing remote access to view PHI, prohibiting the blocking of information, certificates of confidentiality, and compassionate sharing of mental health or substance abuse information with family or caregivers? A. 21st Century Cures Act of 2016 B. GINA of 2008 C. HITECH of 2013
D. HIPAA Security Rule of 2003 - Correct Answer-A. 21st Century Cures Act of 2016 Who is responsible for notifying consumers when adverse action is taken based on information in a consumer credit report? A. The Credit Bureau B. The User C. The Credit Reporting Agency D. The Consumer Financial Protection Bureau - Correct Answer-B. The User Which two FCRA rules were added with the Fair and Accurate Credit Transitions Act in 2003? A. Disposal Rule and Red Flags Rule B. Privacy Rule and Safeguards Rule C. Disposal Rule and Safeguards Rule D. Privacy Rule and Red Flags Rule - Correct Answer-A. Disposal Rule and Red Flags Rule
Use the following scenario to answer questions 1 through 5 Don lives in California with his wife and two children. Sarah is 12 years old and in the 7th grade at her school. Robert is 15 and a Sophomore at his school. Don is concerned about his children and their online activities as they use social media and talk with their friends. Sarah has an Xbox One that she primarily uses to stream content from Netflix, Hulu, and YouTube, but she does play a few games on the system too. Robert has a PlayStation 4 and is an avid gamer. He loves cooperative multiplayer games with his friends. Sarah and Robert each received their gaming consoles as a gift from their parents last year. Upon first use, both had to setup user profiles and input some basic information
C. Identifying favorite shows on streaming services
C. Allow the children to turn on location-based services on their gaming consoles, but not their smart phones.
C. Red Flags Rule D. Safeguard Rule - Correct Answer-D. Safeguard Rule General health records data for private schools who accept no federal funding are subject to A. FERPA B. PPRA C. HIPAA D. No Child Left Behind - Correct Answer-C. HIPAA The criteria for an existing business relationship, as defined by TSR, includes A. A transaction taking place within the last 18 months. B. A transaction taking place within the past two years. C. An offer has been requested within the past year. D. An offer has been requested within the last six months - Correct Answer-A. A transaction taking place within the last 18 months.
Who has the right to private action regarding violations of the CAN SPAM Act? A. Businesses who receive unsolicited advertisements to business email addresses. B. Governmental agencies who receive unsolicited advertisements to .gov addresses. C. Individuals who receive unsolicited advertisements to personal email addresses. D. Internet Service Providers attempting to protect their customers from unsolicited email advertisements. - Correct Answer-D. Internet Service Providers attempting to protect their customers from unsolicited email advertisements. Use the following scenario to answer questions 1 through 5 Lawrence works in the billing office of TH Medical Clinic. Lawrence is 30 years old with a bachelor's degree in finance. Lawrence received training during his orientation that included what PHI is collected, when it is collected, how it is stored, when it is destroyed, when it is updated, and an overview of HIPAA requirements as they related to his position.
Since he is in billing, Lawrence has the highest security classification in at the medical clinic since he sees PHI for the patient, payment information for the patient, insurance information, and billing codes related to each patient's diagnosis and treatment at the clinic. Lawrence has been asked to be a trainer in the future for new employees who will need to understand HIPAA and various processes in the company related to the data. Therefore, Lawrence is reviewing his own materials to refresh his me - Correct Answer-1. What was the primary reason for the creation of HIPAA? B. To increase the efficiency of electronic healthcare payments.
B. The candidate must receive written notice that a report will be requested. C. The candidate must give written consent before the report is obtained. D. The candidate must receive notice whether adverse action was taken or not.** - Correct Answer-D. The candidate must receive notice whether adverse action was taken or not. Under Section 702 of FISA, which surveillance program allows data requests of Internet Service Providers? A. PRISM B. MAGENTA C. RAINBOW D. Upstream - Correct Answer-A. PRISM In which of the following laws is disclosure forbidden unless a person has expressly opted in? A. Bank Secrecy Act B. COPPA C. GLBA
D. US Patriot Act - Correct Answer-B. COPPA Based on current US employment privacy laws, which of the following should NOT be expected to happen while employed with a company? A. Taking a polygraph test due to a theft at work. B. Video monitoring only for workplace safety compliance. C. GPS tracking while making deliveries for work. D. A manager accessing your computer to get an needed file while you are on vacation. - Correct Answer-A. Taking a polygraph test due to a theft at work. "Third party doctrine" as it relates to the fourth amendment of the US constitution concerns: A. Three authorities are required for creating and administering a warrant. B. Someone referring to themselves in the third person is hiding something. C. Data or information a suspect shares with a third party is not privacy protected.
D. A third party can wiretap a suspect without a warrant and then give the data to the police. - Correct Answer-C. Data or information a suspect shares with a third party is not privacy protected.** Which legislation provides protection to the media from government searches unless they have committed a crime or threaten to commit a crime? A. US Communications Assistance to Law Enforcement B. Stored Communications Act C. Privacy Protection Act D. Cybersecurity Information Sharing Act - Correct Answer-C. Privacy Protection Act