











































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Various aspects of privacy practices and compliance, including the differences between privacy notices and policies, the concept of a privacy dashboard, the top causes of data breaches, the role of the privacy office and legal office in declaring a breach, the differences between a breach and an incident, the purpose of privacy audits, the elements of data lifecycle management, the steps involved in the metric lifecycle, and the obligations of data processors under the general data protection regulation (gdpr). It also covers topics related to technical security controls, the use of personal data, data inventory analysis, privacy regulation enforcement, and the asia-pacific economic cooperation privacy framework. Insights into the importance of privacy practices, the legal and regulatory requirements, and the strategies for ensuring data protection and compliance.
Typology: Exams
1 / 83
This page cannot be seen from the preview
Don't miss anything!












































































CIPM Exam Study Guide {159 Questions and Answers} 1.What are the 5 phases of a privacy program audit: Planning, Preparation, Audit, Report, Followup
(these have been challenged recently and decisions are pending in the EUCJ)
ownership and responsibility of privacy within the business objectives.
(For example, within a U.S. healthcare organisation, a metrics audience may include a HIPAA privacy officer, medical interdisciplinary readiness team (MIRT), senior executive staff and covered entity workforce.)
It provides funds for legal defense in court, presents amicus curiae briefs, defends individuals and new technologies from what it considers abusive legal threats, works to expose government malfeasance, provides guidance to the government and courts, organizes political action and mass mailings, supports some new tech- nologies which it believes preserve personal freedoms and online civil liberties, maintains a database and web sites of related news and information, monitors and challenges potential legislation that it believes would infringe on personal liberties and fair use and solicits a list of what it considers abusive patents with intentions to defeat those that it considers without merit.
Triggered by Data Security Breaches
(Remember Info Security would be responsible for items like an information access policy where IT would actually be enabling systems access)
**so that they can order prescriptions online. Their team want to sell it in Europe. The European models are going to communicate with a data centre in Finland.
49. Case Study SuperHotel Chain Training: SuperHotel are a mega hotel and hospitality group (which seem very similar to that huge hotel group that have a name beginning with M and ending in
T that suffered a breach recently). They have hotels all over the world. Mike who works for SuperHotel was tasked with delivering training to new hires. Mike quickly realised that it would be more efficient to deilver the training electronically given that they have hotels all over the world so put together an online course. This was fiercely popular in the hotel group. With this success the team decided to sell the training external to the hotel. They developed the offering to be available externally and it was even more popular for many years. Their public facing offering captured users data including their credit card details to pay for their training. On their sign up page the option to have SuperHotel save their credit card details permanently was enabled by default. (Thus this was an opt out option). The training company then became its own separate entity from the hotel. Over the years the training market declined due to increased competition and the training company slowly went out of business. However, all their customer data (including credit card information) was kept on an archive server at SuperHotel group. SuperHotel group then got hacked, information about hotel guests was compromised AND the hackers managed to get into the training companies archive