Download CIPP/U.S. Practice Exam Questions with 100% Correct Answers | Verified | Updated 2024 and more Exams Advanced Education in PDF only on Docsity! CIPP/U.S. Practice Exam Questions with 100% Correct Answers | Verified | Updated 2024 Which is the best description of the U.S. legal concept of "preemption"? - Correct Answer-The superior government has the right to supersede the lesser government's laws. The lesser government cannot pass a law that is inconsistent with the superior government's law. What is one reason consent decrees are posted publicly on the FTC website? - Correct Answer-to provide guidance about what practices the FTC finds inappropriate Which of the following is considered an acceptable method for U.S.-based multinational transportation companies to achieve compliance with the EU Data Protection Directive? - Correct Answer-binding corporate rules Which statement is true regarding transfers of personal information to locations outside of the U.S.? - Correct Answer- U.S. laws generally do not restrict geographic transfers of personal information. pg. 1 professoraxe l What is the primary basis of common law? - Correct Answer- legal precedent and social customs. What should a U.S.-based organization do before it shares personal information with a U.S.-based third party? - Correct Answer-assure appropriate privacy terms and conditions are included in a contract with the third party What is the role of a U.S.-based software-as-a-service provider that stores employee personal data for a global company headquartered in the U.S. with subsidiaries in the EU? - Correct Answer-data processor Which federal agency has specific statutory responsibility for issues such as children's privacy online and commercial email marketing? - Correct Answer-Federal Trade Commission Under the Children's Online Privacy Protection Act, which is an accepted means for an organization to validate parental consent when it intends to disclose a child's information to a third party? - Correct Answer-Email a consent form. The parent can provide consent by signing and mailing back the form. pg. 2 professoraxe l Based on Aerospaciale v. S.D. of Iowa, which is NOT a factor American courts will use to reconcile a conflict between U.S. and foreign law regarding electronic discovery requests? - Correct Answer-whether counsel for both parties are based in the U.S. What changes did the FISA Amendments Act of 2008 make to the original Foreign Intelligence Surveillance Act of 1978? - Correct Answer-legal authorization of some new surveillance practices Which two actions are required under the Fair Credit Reporting Act in order for an employer to obtain a consumer report on a job applicant? - Correct Answer-obtain applicant's written consent and provide applicant with a copy of the credit report before taking an adverse action All of the following are considered acceptable reasons for sharing records of U.S. employees with third parties without obtaining the consent of the employees except: - Correct Answer-test marketing the company's new products All of the following are considered acceptable lines of questioning by U.S. employers to applicants in the pre- pg. 5 professoraxe l employment process except: - Correct Answer-questions on whether an applicant has applied for or received worker's compensation In terms of U.S. employees' workplace privacy rights, all of the following are acceptable monitoring techniques available to employers except: - Correct Answer-secret surveillance All of the following are valid privacy protection procedures when terminating an employee who has access to sensitive personal information except: - Correct Answer-asking the employee to sign the privacy policy immediately before conducting the exit interview Security laws in U.S. states often restrict: - Correct Answer-the display of Social Security numbers on identification cards For those states that have security breach notification requirements, what general information must the breach-of- personally-identifiable-information notification letter to the individual include? - Correct Answer-brief description of the incident, type of information involved, and a toll-free number for answers to questions pg. 6 professoraxe l The act of video monitoring the workplace is likely to survive a legal challenge under U.S. law provided that: - Correct Answer-monitoring is limited to "non-private" areas of the workplace The loss of names and what other data point would require an employer to notify affected individuals? - Correct Answer- Social Security numbers If a company located in Massachusetts maintains all of its employees' personal information in a hosted online database in Florida, what must the third-party service provider agree to? - Correct Answer-a confidentiality provision pg. 7 professoraxe l