Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CIPP/US Sample Questions With 100% Correct Answers With 100% Correct Answers 2024, Exams of Advanced Education

CIPP/US Sample Questions With 100% Correct Answers With 100% Correct Answers 2024 Which is the best description of the U.S. legal concept of "preemption"? A. States are prevented by federal law from passing any laws that regulate financial privacy. B. The superior government has the right to supersede the lesser governments' laws. C. State laws supersede federal law in certain areas, such as marketing. D. The EU General Data Protection Regulation (GDPR) takes precedence over U.S. law, federal or state. - Correct Answer-B. The superior government has the right to supersede the lesser governments' laws. What is one reason the FTC publicly posts consent decrees on its website? A. To announce the amount of civil penalties the FTC levies. B. To prove that companies have complied with FTC rulings. C. To punish companies that violate FTC rulings. D. To provide guidance about what practices the FTC finds inappropriate. - p

Typology: Exams

2023/2024

Available from 07/17/2024

professoraxel
professoraxel 🇺🇸

3.7

(26)

9.1K documents

1 / 20

Toggle sidebar

Related documents


Partial preview of the text

Download CIPP/US Sample Questions With 100% Correct Answers With 100% Correct Answers 2024 and more Exams Advanced Education in PDF only on Docsity! CIPP/US Sample Questions With 100% Correct Answers With 100% Correct Answers 2024 Which is the best description of the U.S. legal concept of "preemption"? A. States are prevented by federal law from passing any laws that regulate financial privacy. B. The superior government has the right to supersede the lesser governments' laws. C. State laws supersede federal law in certain areas, such as marketing. D. The EU General Data Protection Regulation (GDPR) takes precedence over U.S. law, federal or state. - Correct Answer-B. The superior government has the right to supersede the lesser governments' laws. What is one reason the FTC publicly posts consent decrees on its website? A. To announce the amount of civil penalties the FTC levies. B. To prove that companies have complied with FTC rulings. pg. 1 professoraxe l C. To punish companies that violate FTC rulings. D. To provide guidance about what practices the FTC finds inappropriate. - Correct Answer-D. To provide guidance about what practices the FTC finds inappropriate. A large hospital has contracted with a cloud provider to hose electronic patient medical records for access by doctors and other healthcare staff during routine care. The hospital has entered into a business associate agreement with the cloud provider. The cloud provider recently discovered a breach in their security and an unauthorized user accessed and downloaded the electronic medical records of 300 patients. Who does the cloud provider need to notify about the breach? A. The individuals affected by the breach. B. The hospital. C. Health and Human Services (HHS). D. The Federal Bureau of Investigation (FBI). - Correct Answer- B. The hospital. Each of the following are considered acceptable reasons for sharing records of U.S. employees with third parties without containing the consent of the employees EXCEPT: pg. 2 professoraxe l D. State attorneys general. - Correct Answer-B. The individuals who were impacted. A global company headquartered in the U.S. with subsidiaries in the EU hires a U.S.-based software as a service (SaaS) provider for storing employee personal data. What is the most-likely role of the SaaS provider? A. Data controller. B. Data owner. C. Data processor. D. Data subject. - Correct Answer-C. Data processor. Which federal agency has specific statutory responsibility for issues such as children's privacy online and commercial email marketing? A. Securities and Exchange Commission. B. Consumer Financial Protection Bureau. C. Department of Justice. D. Federal Trade Commission. - Correct Answer-D. Federal Trade Commission. pg. 5 professoraxe l Which of the following examples best illustrates the concept of "consumer report" for pre-employment screening as defined under the U.S. Fair Credit Reporting Act (FCRA)? A. Library records released by a municipal body. B. Driving history obtained from an information aggregator. C. Academic records obtained from an accredited university. D. Purchase transactions obtained from an online retailer. - Correct Answer-B. Driving history obtained from an information aggregator. Which statement is true regarding transfers of personal information to locations outside the U.S.? A. U.S. laws traditionally do not restrict geographic transfers of personal information. B. U.S. data exporters are not liable for inappropriate uses of the personal information. C. U.S. data exports are immune from legal enforcement if handled by service providers. pg. 6 professoraxe l D. U.S. laws have "reciprocity" arrangements with most national data protection laws. - Correct Answer-A. U.S. laws traditionally do not restrict geographic transfers of personal information. Data security laws in U.S. states often restrict: A. The collection of Social Security numbers via paper employment application. B. The business hours during which organizations can make telemarketing calls. C. The display of Social Security numbers on identification cards. D. The disclosure of biometric records to law enforcement agencies. - Correct Answer-C. The display of Social Security numbers on identification cards. Each of the following are examples of self-regulation and enforcement of privacy protections for U.S.-based companies EXCEPT: pg. 7 professoraxe l A. The consumer authorizes access. B. There is a qualified search warrant. C. There is an appropriate judicial subpoena. D. The financial records are reasonably described. - Correct Answer-D. The financial records are reasonably described. What should a U.S.-based organization do before it shares personal information of a U.S. citizen with a U.S.-based third party? A. Ensure the third party is a publicly traded company. B. Have a standard model clause in place. C. Include appropriate privacy terms and conditions in the third-party contract. D. Perform a test of the third party's disaster recovery/business contingency plan. - Correct Answer-C. Include appropriate privacy terms and conditions in the third- party contract. Each of the following statements are true regarding information management EXCEPT: pg. 10 professoraxe l A. Organizations in the U.S. may be legally required to develop a data inventory detailing what PI an organization collects, stores, uses, or discloses. B. Organizations in the U.S. may not be required to provide notices if personal information is sufficiently encrypted under most breach notification laws. C. Organizations should have privacy or information security professionals who are involved in the data management life cycle assign data classification sensitivity levels. D. Organizations should be familiar with privacy requirements of both origination and destination when transferring data internationally. - Correct Answer-C. Organizations should have privacy or information security professionals who are involved in the data management life cycle assign data classification sensitivity levels. Based on Aerospaciale. S.D. of Iowa, which is NOT a factor American courts will use to reconcile a conflict between U.S. and foreign law regarding electronic discovery requests? A. How specific the request is. B. Whether the information originated in the U.S. pg. 11 professoraxe l C. If counsel for both parties are based in the U.S. D. If there is another way to acquire the information. - Correct Answer-C. If counsel for both parties are based in the U.S. A fitness and apparel company, Bfitly, recently released a new fitness wearable device that will collect health data such as heart rate, blood oxygen level, and calories burned. Consumers can also manually enter their height, weight, and shoe size. Bfitly entered an agreement to share this consumer health data with a partner commercial organization that has agreed to use the data for market research purposes. Bfiitly failed to deidentify the data before sending it to the partner organization. Which of the following is an accurate statement as to Bfitly's actions under the Health Insurance Portability and Accountability Act (HIPAA)? A. Bfitly did not violate HIPAA. B. Bfitly violated the HIPAA Privacy Rule. C. Bfitly violated the HIPAA Red Flags Rule. D. Bfitly violated the HIPAA Security Rule. - Correct Answer-A. Bfitly did not violate HIPAA. pg. 12 professoraxe l Which government agency would be most likely to initiate an enforcement action? A. The Network Advertising Initiative (NAI). B. The Better Business Bureau (BBB). C. The Federal Communications Commission (FCC). D. The Federal Trade Commission (FTC). - Correct Answer-D. The Federal Trade Commission (FTC). Rules that govern the collection and handling of personal information regarding internet activity can be categorized as what type of privacy? A. Communications Privacy B. Information Privacy C. Bodily Privacy D. Territorial Privacy - Correct Answer-B. Information Privacy Which authority does NOT oversee privacy-related issues in the U.S.? pg. 15 professoraxe l A. The Federal Trade Commission (FTC) B. State Attorneys General C. The national data protection authority D. Federal financial regulators - Correct Answer-C. The national data protection authority Who wrote a treatise titled, "The Right to Privacy," in 1890? A. Porter and Smith B. Warren and Brandeis C. McLean and Sutton D. Johnson and Arthur - Correct Answer-B. Warren and Brandeis Which types of personal information may qualify as sensitive personal information? Select all that apply. A. Social Security Number B. Bank account number C. Driver's license number D. Home phone number pg. 16 professoraxe l E. Professional membership F. Medical history G. Business email address - Correct Answer-A. Social Security Number, B. Bank account number, C. Driver's license number, and F. Medical history True or false? Restrictions on the processing of personal information may differ, depending on the source of the information. - Correct Answer-True What is an agreement or settlement that resolves a dispute between a regulator and a private party without admission of guilt or liability? A. Common law B. Tort law C. Contract law D. Consent decree - Correct Answer-D. Consent decree pg. 17 professoraxe l