CIPP-US

The FTC often negotiates consent decrees with companies found to be in violation of privacy principles. How does this benefit both parties involved?A . It standardizes the amount of fines.B . It simplifies the audit requirements.C . It avoids potentially harmful publicity.D . It spares the expense of going to...

The rules for “e-discovery” mainly prevent which of the following?A . A conflict between business practice and technological safeguardsB . The loss of information due to poor data retention practicesC . The practice of employees using personal devices for workD . A breach of an organization’s data retention programView AnswerAnswer:...

In which situation would a policy of “no consumer choice” or “no option” be expected?A . When a job applicant’s credit report is provided to an employerB . When a customer’s financial information is requested by the governmentC . When a patient’s health record is made available to a pharmaceutical...

Which of the following federal agencies does NOT enforce the Disposal Rule under the Fair and Accurate Credit Transactions Act (FACTA)?A . The Office of the Comptroller of the CurrencyB . The Consumer Financial Protection BureauC . The Department of Health and Human ServicesD . The Federal Trade CommissionView AnswerAnswer:...

Which of the following laws is NOT involved in the regulation of employee background checks?A . The Civil Rights Act.B . The Gramm-Leach-Bliley Act (GLBA).C . TheE . Fair Credit Reporting Act (FCRA).F . The California Investigative Consumer Reporting Agencies Act (ICRAA).View AnswerAnswer: B

Which federal act does NOT contain provisions for preempting stricter state laws?A . The CAN-SPAM ActB . The Children’s Online Privacy Protection Act (COPPA)C . The Fair and Accurate Credit Transactions Act (FACTA)D . The Telemarketing Consumer Protection and Fraud Prevention ActView AnswerAnswer: D

SCENARIO Please use the following to answer the next QUESTION: You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth,...

If an organization maintains data classified as high sensitivity in the same system as data classified as low sensitivity, which of the following is the most likely outcome?A . The organization will still be in compliance with most sector-specific privacy and security laws.B . The impact of an organizational data...

SCENARIO Please use the following to answer the next QUESTION When there was a data breach involving customer personal and financial information at a large retail store, the company’s directors were shocked. However, Roberta, a privacy analyst at the company and a victim of identity theft herself, was not. Prior...

What is the most likely reason that states have adopted their own data breach notification laws?A . Many states have unique types of businesses that require specific legislationB . Many lawmakers believe that federal enforcement of current laws has not been effectiveC . Many types of organizations are not currently...