Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
CIPP/US Exam Questions With 100% Correct Answers 2024 Access - Correct Answer-The ability to view personal information held by an organization. This may be supplemented by allowing updates or corrections to the information. U.S. laws often provide for access and correction when the information is used for any type of substantive decision making, such as for credit reports. Americans with Disabilities Act (ADA) - Correct Answer-Bars discrimination against qualified individuals with disabilities; places restrictions on pre-employment medical screening. Consumer Financial Protection Bureau (CFPB) - Correct Answer-Has enforcement power for unfair, deceptive or abusive acts and practices for financial institutions. Choice - Correct Answer-The ability to specify whether personal information will be collected and/or how it will be used or disclosed. Choice can be express or implied.
Typology: Exams
1 / 28
Access - Correct Answer-The ability to view personal information held by an organization. This may be supplemented by allowing updates or corrections to the information. U.S. laws often provide for access and correction when the information is used for any type of substantive decision making, such as for credit reports. Americans with Disabilities Act (ADA) - Correct Answer-Bars discrimination against qualified individuals with disabilities; places restrictions on pre-employment medical screening. Consumer Financial Protection Bureau (CFPB) - Correct Answer-Has enforcement power for unfair, deceptive or abusive acts and practices for financial institutions. Choice - Correct Answer-The ability to specify whether personal information will be collected and/or how it will be used or disclosed. Choice can be express or implied.
Common Law - Correct Answer-Legal principles that have developed over time in judicial decisions (case law), often drawing on social customs and expectations. Consent Decree - Correct Answer-A judgment entered by consent of the parties (a federal or state agency and an adverse party) whereby the defendant agrees to stop alleged illegal activity, typically without admitting guilt or wrongdoing. Consumer Reporting Agency (CRA) - Correct Answer-Any person or entity that complies or evaluates personal information for the purpose of furnishing consumer reports to third parties for a fee. Data Breach - Correct Answer-The intentional or unintentional release of secure information to an untrusted environment. Data Classification - Correct Answer-Defines the clearance of individuals who can access or handle a given set of data, as well as the baseline level of protection that is appropriate for that data.
Deceptive Trade Practices - Correct Answer-Along with unfair trade practices, behavior of an organization that can be enforced against by the FTC. Defamation - Correct Answer-Any act or communication intending to harm the reputation of another as to lower him in the estimation of the community or to deter third persons from associating or dealing with him. Electronic Discovery (e-discovery) - Correct Answer-Discovery in civil litigation dealing with the exchange of information in electronic format, often requiring digital forensics analysis. Electronically Stored Information (ESI) - Correct Answer-A category of information that can include e-mail, word- processing documents, server logs, instant messaging transcripts, voicemail systems, social networking records, thumb drives, or data on SD cards. Equal Employment Opportunity Commission (EEOC) - Correct Answer-A federal agency overseeing many laws preventing discrimination in the workplace, include Title VII of the Civil Rights Act, the Age Discrimination in Employment Act of 1967
(ADEA) and Titles I and V of the Americans with Disabilities Act of 1990 (ADA). Evidentiary Privilege - Correct Answer-Privileges limiting or prohibiting disclosure of personal information in the context of investigations and litigation, such as attorney-client privilege. Fair Credit Reporting Act (FCRA) - Correct Answer-Enacted in 1970 to regulate the consumer reporting industry and provide privacy rights in consumer reports, FCRA mandates accurate and relevant data collection, provides consumers with the ability to access and correct their information, and limits the use of consumer reports to defined permissible purposes. Federal Trade Commission (FTC) - Correct Answer-An independent consumer protection agency governed by a chairman and four other commissioners with the authority to enforce against unfair and deceptive trade practices. Global Privacy Enforcement Network (GPEN) - Correct Answer- Established in 2010 by the FTC and enforcement authorities from around the world, the GPEN aims to promote cross- border information sharing as well as investigation and
enforcement cooperation among privacy authorities around the world. Gramm-Leach Bliley Act (GLBA) - Correct Answer-Alo known as the Financial Services Modernization Act of 1999, GLBA is a United States federal law to control the ways that financial institutions deal with the private information of individuals. Health Information - Correct Answer-Any information related to the past, present or future physical or mental condition, provision of health care or payment for health care for a specific individual. Health Insurance Portability and Accountability Act of 1996 (HIPAA) - Correct Answer-A U.S. law passed to create national standards for electronic healthcare transactions, among other purposes. HIPAA required the U.S. Department of Health and Human Services to promulgate regulations to protect the privacy and security of personal health information. The basic rule is that patients have to opt-in before their information can be shared with other organizations - although there are important exceptions such for treatment, payment and healthcare operations.
National Labor Relations Board (NLRB) - Correct Answer-An independent agency of the United States government responsible for investigating and remedying unfair labor practices. National Security Letter (NSL) - Correct Answer-A category of subpoena generally issued to seek records considered relevant to protect against international terrorism or clandestine intelligence activities. Negligence - Correct Answer-The failure to exercise the care that a reasonably prudent person would exercise in like circumstances, leading to unintended harm. Notice - Correct Answer-A description of an organization's information management practices, with the purposes of consumer education and corporate accountability. Organisation for Economic Co-operation and Development (OECD) - Correct Answer-A multinational organization with the goal of creating policies that contribute to the economic, environmental, and social well-being of its member countries.
Personal Health Information (PHI) - Correct Answer-Any individually indentifiable health information with data elements which could reasonably be expected to allow individual identification. Personal Health Record (PHR) - Correct Answer-A record maintained by the patient to track health and medical care information across a duration of time. Preemption - Correct Answer-The ability for one government's laws to supersede those of another, such as federal law overriding individual state law. Privacy Notice - Correct Answer-An external communication from an organization to consumers, customers or users to describe an organization's privacy practices. Privacy Policy - Correct Answer-An internal standards document to describe an organization's privacy practices. Private Right of Action - Correct Answer-The ability of an individual harmed by a violation of law to bring suit against the violator.
Privilege - Correct Answer-A rule of evidence that protects confidential information communicated between a client and legal advisor. Protective Order - Correct Answer-A judge-issued determination of what information contained in court records should not be made public and what conditions apply to who may access the protected information. Publicity Given to Private Life - Correct Answer-A tort claim that considers publicity given to an individual's private life by another is an invasion of privacy and subject to liability. Qualified Protection Order (QPO) - Correct Answer-Under HIPAA, a QPO prohibits the use of disclosure of PHI for any purpose other than the litigation for which the information was requested; it also requires the return of PHI to the covered entity at the close of litigation. Red Flags Rule - Correct Answer-Promulgated under FACTA, the Red Flags Rule requires certain financial entities to develop and implement identity theft detection programs to identify and respond to "red flags" that signal identity theft.
Redaction - Correct Answer-The practice of identifying and removing or blocking information from documents being produced pursuant to a discovery request or evidence in a court proceeding. Sedona Conference - Correct Answer-A nonprofit research and educational institute responsible for the establishment of standards and best practices for managing electronic discovery compliance through data retention policies. Stored Communications - Correct Answer-A category of data prohibited from unauthorized acquisitionn, alteration or blocking while stored in a facility through which electronic communications service is provided. Substitute Notice - Correct Answer-Pursuant to breach notification laws, certain entities must provide for substitute notice of data breach in a situation where insufficient or out- of-date contact information is held. Trust Marks - Correct Answer-Demonstration of compliance with self-regulatory programs by display of a seal, logo, or certification.
Unfair Trade Practices - Correct Answer-Along with deceptive trade practices, behavior of an organization that can be enforced against by the FTC. Authentication - Correct Answer-The identification of an individual account user based on a combination of security measures. Authorization - Correct Answer-After authentication, the proces of determining if the end user is permitted to have access to the desired resource, such as the information asset or the information system containing the asset. Choice and Consent - Correct Answer-Organizations should describe the choices available to individuals and should get implicit or explicit consent with respect to the collection, use, retention and disclosure of personal information. Consent is often considered especially important for disclosures of personal information to other data controllers. Comprehensive Model - Correct Answer-A method of data protection to govern the collection, use and dissemination of personal information in the public and private sectors,
generally with an official or agency responsible for overseeing enforcement. Confidentiality - Correct Answer-The obligation of an individual, organization or business to protect personal information and not misuse or wrongfully disclose that information. Co-regulatory Model - Correct Answer-Used in Australia and New Zealand, this model emphasizes industry development of enforceable codes or standards for privacy and data protection, against the backdrop of legal requirements by the government. Data Controller - Correct Answer-An organization that has the authority to decide how and why personal information is to be processed. The data controller may be an individual or an organization that is legally treated as an individual, such as a corporation or partnership. Data Processor - Correct Answer-An individual or organization, often a third-party outsourcing service, that processes data on behalf of the data controller.
Data Protection Authority (DPA) - Correct Answer-An official, or body, who ensures compliance with the law and investigates alleged breaches of the law's provisions. Data Subject - Correct Answer-The individual about whom information is being processed, such as the patient at a medical facility, the employee of a company, or the customer of a retail store. EU Data Protection Directive - Correct Answer-The EU Directive was adopted in 1995 and became effective in 1998 and protects individuals' privacy and personal data use. The Directive recognizes the European view that privacy is a fundamental human right, and establishes a general comprehensive legal framework that is aimed at protecting individuals and promoting individual choice regarding the processing of personal data. Habeas Data - Correct Answer-Constitutional guarantees that the citizenry may "have the data" archived about them by governmental and commercial repositories. Privacy Impact Assessment (PIA) - Correct Answer-Checklists or tools to ensure that a personal information system is
evaluated for privacy risks and designed with life cycle principles in mind. An effective PIA evaluates the sufficiency of privacy practices and policies with respect to legal, regulatory and industry standards, and maintains consistency between policy and practice. Sectoral Model - Correct Answer-This framework protects personal information by enacting laws that address a particular industry sector. Sensitive Personal Information - Correct Answer-That which is more significantly related to the notion of a reasonable expectation of privacy. One's medical or financial information is often considered sensitive personal information (SPI), but other types of personal information might be as well. Opt In - Correct Answer-Opt in means an individual actively affirms that information can be shared with third parties (e.g., an individual checks a box stating that she wants her information to go to another organization). Opt Out - Correct Answer-Opt out means that, in the absence of action by the individual, information can be shared with
third parties (e.g., unless the individual checks a box to opt out, her information can go to another organization). What are the four phases of privacy program development? - Correct Answer-1. Discover
What are the two elements of vendor management? - Correct Answer-1. Contracts
Where is privacy mentioned in the U.S. Constitution? - Correct Answer-It's not. Usually privacy falls under the 4th amendment. What federal agency is the most active in enforcing privacy rights? - Correct Answer-FTC How does punishment differ in civil and criminal cases? - Correct Answer-Civil punishments are compensation such as monetary and injunctive while criminal punishments include fine, incarceration, and death. When an FTC investigation finds a company guilty of violating privacy, what are its two recourses? - Correct Answer-1. Administrative trial
What is the burden of proof for criminal litigation? - Correct Answer-Reyond a reasonable doubt List the five theories of legal liability - Correct Answer-1. Negligence - absence of, or failure to exercise, proper or ordinary care.
What is Children's Online Privacy Protection Act of 1998 (COPPA)? - Correct Answer-1. Regulates collection and use of children's information by commercial website operators.
Who handles the enforcement of COPPA? - Correct Answer- FTC Who handles the enforcement of CAN-SPAM? - Correct Answer-FTC What does the FTC consider a deceptive practice? - Correct Answer-Saying one thing and completely going against it What does the FTC consider an unfair practice? - Correct Answer-When reasonable practice are not being followed What does the "Consumer Privacy Bill of Rights" emphasize? - Correct Answer-1. Privacy by Design
What does HIPAA require? - Correct Answer-Covered entities to protect health information that is transmitted or maintained in any form or medium List the three HIPAA covered entities - Correct Answer-1. Healthcare providers that conduct transactions in electronic form
The Fair Credit Reporting Act of 1970 (FCRA) - Correct Answer-