Independence Day - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia

CIPP-US Sample Questions Answers

Questions 4

Within what time period must a commercial message sender remove a recipient’s address once they have asked to stop receiving future e-mail?

Options:

A.

7 days

B.

10 days

C.

15 days

D.

21 days

Buy Now
Questions 5

Chanel Hair Studio is a busy high-end hair salon. In an effort to maximize efficiency of its operations and reduce wait times for appointments, Chanel decides to implement artificial intelligence software that will use client profiles and history to predict which clients will likely be late for their appointments. Information used to create the client profile included appointment history, distance from the salon, and any references to being tardy pulled from the client’s social media accounts. If a client is predicted to be late, their appointment will be cancelled within 5 minutes.

Based on the details, what is the biggest potential privacy concern related to Chanel’s use of this new software?

Options:

A.

Scanning a client’s social media accounts to use in a client profile without notice to the client.

B.

Calculating client profile address distance from the salon to determine location from salon to help predict if the client will be late.

C.

Using client profile information for any purpose other than setting up an appointment.

D.

Assessing client tardiness history with the salon for predictive purposes.

Buy Now
Questions 6

Which statement is FALSE regarding the provisions of the Employee Polygraph Protection Act of 1988 (EPPA)?

Options:

A.

The EPPA requires that employers post essential information about the Act in a conspicuous location.

B.

The EPPA includes an exception that allows polygraph tests in professions in which employee honesty is necessary for public safety.

C.

Employers are prohibited from administering psychological testing based on personality traits such as honesty, preferences or habits.

D.

Employers involved in the manufacture of controlled substances may terminate employees based on polygraph results if other evidence exists.

Buy Now
Questions 7

Federal laws establish which of the following requirements for collecting personal information of minors under the age of 13?

Options:

A.

Implied consent from a minor’s parent or guardian, or affirmative consent from the minor.

B.

Affirmative consent from a minor’s parent or guardian before collecting the minor’s personal information online.

C.

Implied consent from a minor’s parent or guardian before collecting a minor’s personal information online, such as when they permit the minor to use the internet.

D.

Affirmative consent of a parent or guardian before collecting personal information of a minor offline (e.g., in person), which also satisfies any requirements for online consent.

Buy Now
Questions 8

Which of the following best describes how federal anti-discrimination laws protect the privacy of private-sector employees in the United States?

Options:

A.

They prescribe working environments that are safe and comfortable.

B.

They limit the amount of time a potential employee can be interviewed.

C.

They promote a workforce of employees with diverse skills and interests.

D.

They limit the types of information that employers can collect about employees.

Buy Now
Questions 9

What practice does the USA FREEDOM Act NOT authorize?

Options:

A.

Emergency exceptions that allows the government to target roamers

B.

An increase in the maximum penalty for material support to terrorism

C.

An extension of the expiration for roving wiretaps

D.

The bulk collection of telephone data and internet metadata

Buy Now
Questions 10

What was unique about the action that the Federal Trade Commission took against B.J.’s Wholesale Club in 2005?

Options:

A.

It made third-party audits a penalty for policy violations.

B.

It was based on matters of fairness rather than deception.

C.

It was the first substantial U.S.-EU Safe Harbor enforcement.

D.

It made user consent mandatory after any revisions of policy.

Buy Now
Questions 11

Which of the following best describes what a “private right of action” is?

Options:

A.

The right of individuals to keep their information private.

B.

The right of individuals to submit a request to access their information.

C.

The right of individuals harmed by data processing to have their information deleted.

D.

The right of individuals harmed by a violation of a law to file a lawsuit against the violation.

Buy Now
Questions 12

When may a financial institution share consumer information with non-affiliated third parties for marketing purposes?

Options:

A.

After disclosing information-sharing practices to customers and after giving them an opportunity to opt in.

B.

After disclosing marketing practices to customers and after giving them an opportunity to opt in.

C.

After disclosing information-sharing practices to customers and after giving them an opportunity to opt out.

D.

After disclosing marketing practices to customers and after giving them an opportunity to opt out.

Buy Now
Questions 13

What important action should a health care provider take if the she wants to qualify for funds under the Health Information Technology for Economic and Clinical Health Act (HITECH)?

Options:

A.

Make electronic health records (EHRs) part of regular care

B.

Bill the majority of patients electronically for their health care

C.

Send health information and appointment reminders to patients electronically

D.

Keep electronic updates about the Health Insurance Portability and Accountability Act

Buy Now
Questions 14

Under the Fair Credit Reporting Act (FCRA), what must a person who is denied employment based upon his credit history receive?

Options:

A.

A prompt notification from the employer.

B.

An opportunity to reapply with the employer.

C.

Information from several consumer reporting agencies (CRAs).

D.

A list of rights from the Consumer Financial Protection Bureau (CFPB).

Buy Now
Questions 15

Based on the 2012 Federal Trade Commission report “Protecting Consumer Privacy in an Era of Rapid Change”, which of the following directives is most important for businesses?

Options:

A.

Announcing the tracking of online behavior for advertising purposes.

B.

Integrating privacy protections during product development.

C.

Allowing consumers to opt in before collecting any data.

D.

Mitigating harm to consumers after a security breach.

Buy Now
Questions 16

Which statute is considered part of U.S. federal privacy law?

Options:

A.

The Fair Credit Reporting Act.

B.

SB 1386.

C.

The Personal Information Protection and Electronic Documents Act.

D.

The e-Privacy Directive.

Buy Now
Questions 17

Which jurisdiction must courts have in order to hear a particular case?

Options:

A.

Subject matter jurisdiction and regulatory jurisdiction

B.

Subject matter jurisdiction and professional jurisdiction

C.

Personal jurisdiction and subject matter jurisdiction

D.

Personal jurisdiction and professional jurisdiction

Buy Now
Questions 18

All of the following are tasks in the “Discover” phase of building an information management program EXCEPT?

Options:

A.

Facilitating participation across departments and levels

B.

Developing a process for review and update of privacy policies

C.

Deciding how aggressive to be in the use of personal information

D.

Understanding the laws that regulate a company’s collection of information

Buy Now
Questions 19

SCENARIO

Please use the following to answer the next QUESTION:

Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state’s Do Not Call list, as well as the people on it. “If they were really serious about not being bothered,” Evan said, “They’d be on the national DNC list. That’s the only one we’re required to follow. At SunriseLynx, we call until they ask us not to.”

Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call “another time.” This, to Larry, is a clear indication that they don’t want to be called at all. Evan doesn’t see it that way.

Larry believes that Evan’s arrogance also affects the way he treats employees. The U.S. Constitution protects American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly, even connecting with employees on social media. However, following Evan’s political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.

Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan’s leadership.

Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentionedthis to a coworker, his concern was met with a shrug. It was the coworker’s belief that employees agreed to be monitored when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.

Larry wants to take action, but is uncertain how to proceed.

In what area does Larry have a misconception about private-sector employee rights?

Options:

A.

The applicability of federal law

B.

The enforceability of local law

C.

The strict nature of state law

D.

The definition of tort law

Buy Now
Questions 20

Which federal act does NOT contain provisions for preempting stricter state laws?

Options:

A.

The CAN-SPAM Act

B.

The Children’s Online Privacy Protection Act (COPPA)

C.

The Fair and Accurate Credit Transactions Act (FACTA)

D.

The Telemarketing Consumer Protection and Fraud Prevention Act

Buy Now
Questions 21

Privacy Is Hiring Inc., a CA-based company, is an online specialty recruiting firm focusing on placing privacy professionals in roles at major companies. Job candidates create online profiles

outlining their experience and credentials, and can pay $19.99/month via credit card to have their profiles promoted to potential employers. Privacy Is Hiring Inc. keeps all customer data at rest encrypted on its servers.

Under what circumstances would Privacy Is Hiring Inc., need to notify affected individuals in the event of a data breach?

Options:

A.

If law enforcement has completed its investigation and has authorized Privacy Is Hiring Inc. to provide the notification to clients and applicable regulators.

B.

If the job candidates’ credit card information and the encryption keys were among the information taken.

C.

If Privacy Is Hiring Inc., reasonably believes that job candidates will be harmed by the data breach.

D.

If the personal information stolen included the individuals’ names and credit card pin numbers.

Buy Now
Questions 22

SCENARIO

Please use the following to answer the next QUESTION:

A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices.

The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her

withdrawal of consent and request for erasure of her personal data. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: “Please act immediately by identifying all personal data received from our company.”

This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup’s rapid market penetration.

As the Company’s data privacy leader, you are sensitive to the criticality of the relationship with the retailer.

Under the General Data Protection Regulation (GDPR), how would the U.S.-based startup company most likely be classified?

Options:

A.

As a data supervisor

B.

As a data processor

C.

As a data controller

D.

As a data manager

Buy Now
Questions 23

All of the following common law torts are relevant to employee privacy under US law EXCEPT?

Options:

A.

Infliction of emotional distress.

B.

Intrusion upon seclusion.

C.

Defamation

D.

Conversion.

Buy Now
Questions 24

Mega Corp. is a U.S.-based business with employees in California, Virginia, and Colorado. Which of the following must Mega Corp. comply with in regard to its human resources data?

Options:

A.

California Privacy Rights Act.

B.

California Privacy Rights Act and Virginia Consumer Data Protection Act.

C.

California Privacy Rights Act and Colorado Privacy Act.

D.

California Privacy Rights Act, Virginia Consumer Data Protection Act, and Colorado Privacy Act.

Buy Now
Questions 25

SCENARIO

Please use the following to answer the next QUESTION:

A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices.

The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal data. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: “Please act immediately by identifying all personal data received from our company.”

This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup’s rapid market penetration.

As the Company’s data privacy leader, you are sensitive to the criticality of the relationship with the retailer.

Under the GDPR, the complainant’s request regarding her personal information is known as what?

Options:

A.

Right of Access

B.

Right of Removal

C.

Right of Rectification

D.

Right to Be Forgotten

Buy Now
Questions 26

What is the main reason some supporters of the European approach to privacy are skeptical about self- regulation of privacy practices?

Options:

A.

A large amount of money may have to be sent on improved technology and security

B.

Industries may not be strict enough in the creation and enforcement of rules

C.

A new business owner may not understand the regulations

D.

Human rights may be disregarded for the sake of privacy

Buy Now
Questions 27

John, a California resident, receives notification that a major corporation with $500 million in annual revenue has experienced a data breach. John’s personal information in their possession has been stolen, including his full name and social security numb. John also learns that the corporation did not have reasonable cybersecurity measures in place to safeguard his personal information.

Which of the following answers most accurately reflects John’s ability to pursue a legal claim against the corporation under the California Consumer Privacy Act (CCPA)?

Options:

A.

John has no right to sue the corporation because the CCPA does not address any data breach rights.

B.

John cannot sue the corporation for the data breach because only the state’s Attoney General has authority to file suit under the CCPA.

C.

John can sue the corporation for the data breach but only to recover monetary damages he actually suffered as a result of the data breach.

D.

John can sue the corporation for the data breach to recover monetary damages suffered as a result of the data breach, and in some circumstances seek statutory damages irrespective of whether he suffered any financial harm.

Buy Now
Questions 28

SCENARIO

Please use the following to answer the next QUESTION:

Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical fitness goals through classes, individual instruction, and access to an extensive indoor gym. She has owned the company for ten years and has always been concerned about protecting customer’s privacy while maintaining the highest level of service. She is proud that she has built long-lasting customer relationships.

Although Cheryl and her staff have tried to make privacy protection a priority, the company has no formal privacy policy. So Cheryl hired Janice, a privacy professional, to help her develop one.

After an initial assessment, Janice created a first of a new policy. Cheryl read through the draft and was concerned about the many changes the policy would bring throughout the company. For example, the draft policy stipulates that a customer’s personal information can only be held for one year after paying for a service such as a session with personal trainer. It also promises that customer information will not be shared with third parties without the written consent of the customer. The wording of these rules worry Cheryl since stored personal information often helps her company to serve her customers, even if there are long pauses between their visits. In addition, there are some third parties that provide crucial services, such as aerobics instructors who teach classes on a contract basis. Having access to customer files and understanding the fitness levels of their students helps instructors to organize their classes.

Janice understood Cheryl’s concerns and was already formulating some ideas for revision. She tried to put Cheryl at ease by pointing out that customer data can still be kept, but that it should be classified according to levels of sensitivity. However, Cheryl was skeptical. It seemed that classifying data and treating each type differently would cause undue difficulties in the company’s day-to-day operations. Cheryl wants one simple data storage and access system that any employee can access if needed.

Even though the privacy policy was only a draft, she was beginning to see that changes within her company were going to be necessary. She told Janice that she would be more comfortable with implementing the new policy gradually over a period of several months, one department at a time. She was also interested in a layered approach by creating documents listing applicable parts of the new policy for each department.

What is the most likely risk of Fitness Coach, Inc. adopting Janice’s first draft of the privacy policy?

Options:

A.

Leaving the company susceptible to violations by setting unrealistic goals

B.

Failing to meet the needs of customers who are concerned about privacy

C.

Showing a lack of trust in the organization’s privacy practices

D.

Not being in standard compliance with applicable laws

Buy Now
Questions 29

What is the main challenge financial institutions face when managing user preferences?

Options:

A.

Ensuring they are in compliance with numerous complex state and federal privacy laws

B.

Developing a mechanism for opting out that is easy for their consumers to navigate

C.

Ensuring that preferences are applied consistently across channels and platforms

D.

Determining the legal requirements for sharing preferences with their affiliates

Buy Now
Questions 30

What type of material is exempt from an individual’s right to disclosure under the Privacy Act?

Options:

A.

Material requires by statute to be maintained and used solely for research purposes.

B.

Material reporting investigative efforts to prevent unlawful persecution of an individual.

C.

Material used to determine potential collaboration with foreign governments in negotiation of trade deals.

D.

Material reporting investigative efforts pertaining to the enforcement of criminal law.

Buy Now
Questions 31

Which of the following is an important implication of the Dodd-Frank Wall Street Reform and Consumer Protection Act?

Options:

A.

Financial institutions must avoid collecting a customer’s sensitive personal information

B.

Financial institutions must help ensure a customer’s understanding of products and services

C.

Financial institutions must use a prescribed level of encryption for most types of customer records

D.

Financial institutions must cease sending e-mails and other forms of advertising to customers who opt out of direct marketing

Buy Now
Questions 32

In what way is the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act intended to help consumers?

Options:

A.

By providing consumers with free spam-filtering software.

B.

By requiring a company to receive an opt-in before sending any advertising e-mails.

C.

By prohibiting companies from sending objectionable content through unsolicited e-mails.

D.

By requiring companies to allow consumers to opt-out of future e-mails.

Buy Now
Questions 33

Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers”?

Options:

A.

International data transfers

B.

Large platform providers

C.

Promoting enforceable self-regulatory codes

D.

Do Not Track

Buy Now
Questions 34

Which federal agency plays a role in privacy policy, but does NOT have regulatory authority?

Options:

A.

The Office of the Comptroller of the Currency.

B.

The Federal Communications Commission.

C.

The Department of Transportation.

D.

The Department of Commerce.

Buy Now
Questions 35

A financial services company install "bossware" software on its employees' remote computers to monitor performance. The software logs screenshots, mouse movements, and keystrokes to determine whether an employee is being productive. The software can also enable the computer webcams to record video footage.

Which of the following would best support an employee claim for an intrusion upon seclusion tort?

Options:

A.

The webcam is enabled to record video any time the computer is turned on.

B.

The company creates and saves a biometric template for each employee based upon keystroke dynamics.

C.

The software automatically sends a notification to a supervisor any time the employee's mouse is dormant for more than five minutes.

D.

The webcam records video of an employee using a company laptop to perform personal business while at a coffee shop during work hours.

Buy Now
Questions 36

SCENARIO

Please use the following to answer the next QUESTION:

A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices.

The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal data. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: “Please act immediately by identifying all personal data received from our company.”

This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup’s rapid market penetration.

As the Company’s data privacy leader, you are sensitive to the criticality of the relationship with the retailer.

At this stage of the investigation, what should the data privacy leader review first?

Options:

A.

Available data flow diagrams

B.

The text of the original complaint

C.

The company’s data privacy policies

D.

Prevailing regulation on this subject

Buy Now
Questions 37

Which of the following types of information would an organization generally NOT be required to disclose to law enforcement?

Options:

A.

Information about medication errors under the Food, Drug and Cosmetic Act

B.

Money laundering information under the Bank Secrecy Act of 1970

C.

Information about workspace injuries under OSHA requirements

D.

Personal health information under the HIPAA Privacy Rule

Buy Now
Questions 38

SCENARIO

Please use the following to answer the next QUESTION

Felicia has spent much of her adult life overseas, and has just recently returned to the U.S. to help her friend Celeste open a jewelry store in California. Felicia, despite being excited at the prospect, has a number of security concerns, and has only grudgingly accepted the need to hire other employees. In order to guard against the loss of valuable merchandise, Felicia wants to carefully screen applicants. With their permission, Felicia would like to run credit checks, administer polygraph tests, and scrutinize videos of interviews. She intends to read applicants’ postings on social media, ask QUESTION NO:s about drug addiction, and solicit character references. Felicia believes that if potential employees are serious about becoming part of a dynamic new business, they will readily agree to these requirements.

Felicia is also in favor of strict employee oversight. In addition to protecting the inventory, she wants to prevent mistakes during transactions, which will require video monitoring. She also wants to regularly check the company vehicle’s GPS for locations visited by employees. She also believes that employees who use their own devices for work-related purposes should agree to a certain amount of supervision.

Given her high standards, Felicia is skeptical about the proposed location of the store. She has been told that many types of background checks are not allowed under California law. Her friend Celeste thinks these worries are unfounded, as long as applicants verbally agree to the checks and are offered access to the results. Nor does Celeste share Felicia’s concern about state breach notification laws, which, she claims, would be costly to implement even on a minor scale. Celeste believes that

even if the business grows a customer database of a few thousand, it’s unlikely that a state agency would hassle an honest business if an accidental security incident were to occur.

In any case, Celeste feels that all they need is common sense – like remembering to tear up sensitive documents before throwing them in the recycling bin. Felicia hopes that she’s right, and that all of her concerns will be put to rest next month when their new business consultant (who is also a privacy professional) arrives from North Carolina.

Based on Felicia’s Bring Your Own Device (BYOD) plan, the business consultant will most likely advise Felicia and Celeste to do what?

Options:

A.

Reconsider the plan in favor of a policy of dedicated work devices.

B.

Adopt the same kind of monitoring policies used for work-issued devices.

C.

Weigh any productivity benefits of the plan against the risk of privacy issues.

D.

Make employment decisions based on those willing to consent to the plan in writing.

Buy Now
Questions 39

U.S. federal laws protect individuals from employment discrimination based on all of the following EXCEPT?

Options:

A.

Age.

B.

Pregnancy.

C.

Marital status.

D.

Genetic information.

Buy Now
Questions 40

Which act violates the Family Educational Rights and Privacy Act of 1974 (FERPA)?

Options:

A.

A K-12 assessment vendor obtains a student’s signed essay about her hometown from her school to use as an exemplar for public release

B.

A university posts a public student directory that includes names, hometowns, e-mail addresses, and majors

C.

A newspaper prints the names, grade levels, and hometowns of students who made the quarterly honor roll

D.

University police provide an arrest report to a student’s hometown police, who suspect him of a similar crime

Buy Now
Questions 41

In what way does the “Red Flags Rule” under the Fair and Accurate Credit Transactions Act (FACTA) relate to the owner of a grocery store who uses a money wire service?

Options:

A.

It mandates the use of updated technology for securing credit records

B.

It requires the owner to implement an identity theft warning system

C.

It is not usually enforced in the case of a small financial institution

D.

It does not apply because the owner is not a creditor

Buy Now
Questions 42

Who has rulemaking authority for the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA)?

Options:

A.

State Attorneys General

B.

The Federal Trade Commission

C.

The Department of Commerce

D.

The Consumer Financial Protection Bureau

Buy Now
Questions 43

The “Consumer Privacy Bill of Rights” presented in a 2012 Obama administration report is generally based on?

Options:

A.

The 1974 Privacy Act

B.

Common law principles

C.

European Union Directive

D.

Traditional fair information practices

Buy Now
Questions 44

Which entities must comply with the Telemarketing Sales Rule?

Options:

A.

For-profit organizations and for-profit telefunders regarding charitable solicitations

B.

Nonprofit organizations calling on their own behalf

C.

For-profit organizations calling businesses when a binding contract exists between them

D.

For-profit and not-for-profit organizations when selling additional services to establish customers

Buy Now
Questions 45

What is the main purpose of the CAN-SPAM Act?

Options:

A.

To diminish the use of electronic messages to send sexually explicit materials

B.

To authorize the states to enforce federal privacy laws for electronic marketing

C.

To empower the FTC to create rules for messages containing sexually explicit content

D.

To ensure that organizations respect individual rights when using electronic advertising

Buy Now
Questions 46

SCENARIO

Please use the following to answer the next QUESTION:

Matt went into his son’s bedroom one evening and found him stretched out on his bed typing on his laptop. “Doing your network?” Matt asked hopefully.

“No,” the boy said. “I’m filling out a survey.”

Matt looked over his son’s shoulder at his computer screen. “What kind of survey?” “It’s asking Questions about my opinions.”

“Let me see,” Matt said, and began reading the list of Questions that his son had already answered. “It’s asking your opinions about the government and citizenship. That’s a little odd. You’re only ten.”

Matt wondered how the web link to the survey had ended up in his son’s email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.

To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer Questions about his favorite games and toys.

Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son’s inbox, and he decided it was time to report the incident to the proper authorities.

How could the marketer have best changed its privacy management program to meet COPPA “Safe Harbor” requirements?

Options:

A.

By receiving FTC approval for the content of its emails

B.

By making a COPPA privacy notice available on website

C.

By participating in an approved self-regulatory program

D.

By regularly assessing the security risks to consumer privacy

Buy Now
Questions 47

Which of the following practices is NOT a key component of a data ethics framework?

Options:

A.

Automated decision-making.

B.

Preferability testing.

C.

Data governance.

D.

Auditing.

Buy Now
Questions 48

What is the most important action an organization can take to comply with the FTC position on retroactive changes to a privacy policy?

Options:

A.

Describing the policy changes on its website.

B.

Obtaining affirmative consent from its customers.

C.

Publicizing the policy changes through social media.

D.

Reassuring customers of the security of their information.

Buy Now
Questions 49

In a case of civil litigation, what might a defendant who is being sued for distributing an employee’s private information face?

Options:

A.

Probation.

B.

Criminal fines.

C.

An injunction.

D.

A jail sentence.

Buy Now
Questions 50

Under the Driver’s Privacy Protection Act (DPPA), which of the following parties would require consent of an individual in order to obtain his or her Department of Motor Vehicle information?

Options:

A.

Law enforcement agencies performing investigations.

B.

Insurance companies needing to investigate claims.

C.

Attorneys gathering information related to lawsuits.

D.

Marketers wishing to distribute bulk materials.

Buy Now
Exam Code: CIPP-US
Exam Name: Certified Information Privacy Professional/United States (CIPP/US)
Last Update: Jul 12, 2024
Questions: 168
$56  $159.99
$42  $119.99
$35  $99.99
buy now CIPP-US