March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

IAPP CIPP-C Certified Information Privacy Professional/ Canada (CIPP/C) Exam Practice Test

Demo: 22 questions
Total 150 questions

Certified Information Privacy Professional/ Canada (CIPP/C) Questions and Answers

Question 1

Within what time period must a commercial message sender remove a recipient’s address once they have asked to stop receiving future e-mail?

Options:

A.

7 days

B.

10 days

C.

15 days

D.

21 days

Question 2

What type of material is exempt from an individual’s right to disclosure under the Privacy Act?

Options:

A.

Material requires by statute to be maintained and used solely for research purposes.

B.

Material reporting investigative efforts to prevent unlawful persecution of an individual.

C.

Material used to determine potential collaboration with foreign governments in negotiation of trade deals.

D.

Material reporting investigative efforts pertaining to the enforcement of criminal law.

Question 3

Which of the following accurately describes the purpose of a particular federal enforcement agency?

Options:

A.

The National Institute of Standards and Technology (NIST) has established mandatory privacy standards that can then be enforced against all for-profit organizations by the Department of Justice (DOJ).

B.

The Cybersecurity and Infrastructure Security Agency (CISA) is authorized to bring civil enforcement actions against organizations whose website or other online service fails to adequately secure personal information.

C.

The Federal Communications Commission (FCC) regulates privacy practices on the internet and enforces violations relating to websites’ posted privacy disclosures.

D.

The Federal Trade Commission (FTC) is typically recognized as having the broadest authority under the FTC Act to address unfair or deceptive privacy practices.

Question 4

What is the main purpose of the CAN-SPAM Act?

Options:

A.

To diminish the use of electronic messages to send sexually explicit materials

B.

To authorize the states to enforce federal privacy laws for electronic marketing

C.

To empower the FTC to create rules for messages containing sexually explicit content

D.

To ensure that organizations respect individual rights when using electronic advertising

Question 5

Read this notice:

Our website uses cookies. Cookies allow us to identify the computer or device you’re using to access the site, but they don’t identify you personally. For instructions on setting your Web browser to refuse cookies, click here.

What type of legal choice does not notice provide?

Options:

A.

Mandatory

B.

Implied consent

C.

Opt-in

D.

Opt-out

Question 6

Privacy Is Hiring Inc., a CA-based company, is an online specialty recruiting firm focusing on placing privacy professionals in roles at major companies. Job candidates create online profiles

outlining their experience and credentials, and can pay $19.99/month via credit card to have their profiles promoted to potential employers. Privacy Is Hiring Inc. keeps all customer data at rest encrypted on its servers.

Under what circumstances would Privacy Is Hiring Inc., need to notify affected individuals in the event of a data breach?

Options:

A.

If law enforcement has completed its investigation and has authorized Privacy Is Hiring Inc. to provide the notification to clients and applicable regulators.

B.

If the job candidates’ credit card information and the encryption keys were among the information taken.

C.

If Privacy Is Hiring Inc., reasonably believes that job candidates will be harmed by the data breach.

D.

If the personal information stolen included the individuals’ names and credit card pin numbers.

Question 7

Which of the following laws is NOT involved in the regulation of employee background checks?

Options:

A.

The Civil Rights Act.

B.

The Gramm-Leach-Bliley Act (GLBA).

C.

The U.S. Fair Credit Reporting Act (FCRA).

D.

The California Investigative Consumer Reporting Agencies Act (ICRAA).

Question 8

What is the most important action an organization can take to comply with the FTC position on retroactive changes to a privacy policy?

Options:

A.

Describing the policy changes on its website.

B.

Obtaining affirmative consent from its customers.

C.

Publicizing the policy changes through social media.

D.

Reassuring customers of the security of their information.

Question 9

SCENARIO

Please use the following to answer the next QUESTION

Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has made better financial decisions in the past two years.

One potential employer, Arnie’s Emporium, recently called to tell Noah he did not get a position. As part of the application process, Noah signed a consent form allowing the employer to request his credit report from a consumer reporting agency (CRA). Noah thinks that the report hurt his chances, but believes that he may not ever know whether it was his credit that cost him the job. However, Noah is somewhat relieved that he was not offered this particular position. He noticed that the store where he interviewed was extremely disorganized. He imagines that his credit report could still

be sitting in the office, unsecured.

Two days ago, Noah got another interview for a position at Sam’s Market. The interviewer told Noah that his credit report would be a factor in the hiring decision. Noah was surprised because he had not seen anything on paper about this when he applied.

Regardless, the effect of Noah’s credit on his employability troubles him, especially since he has tried so hard to improve it. Noah made his worst financial decisions fifteen years ago, and they led to bankruptcy. These were decisions he made as a young man, and most of his debt at the time consisted of student loans, credit card debt, and a few unpaid bills – all of which Noah is still working to pay off. He often laments that decisions he made fifteen years ago are still affecting him today.

In addition, Noah feels that an experience investing with a large bank may have contributed to his financial troubles. In 2007, in an effort to earn money to help pay off his debt, Noah talked to a customer service representative at a large investment company who urged him to purchase stocks. Without understanding the risks, Noah agreed. Unfortunately, Noah lost a great deal of money.

After losing the money, Noah was a customer of another financial institution that suffered a large security breach. Noah was one of millions of customers whose personal information was compromised. He wonders if he may have been a victim of identity theft and whether this may have negatively affected his credit.

Noah hopes that he will soon be able to put these challenges behind him, build excellent credit, and find the perfect job.

Based on the scenario, which legislation should ease Noah’s worry about his credit report as a result of applying at Arnie’s Emporium?

Options:

A.

The Privacy Rule under the Gramm-Leach-Bliley Act (GLBA).

B.

The Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA).

C.

The Disposal Rule under the Fair and Accurate Credit Transactions Act (FACTA).

D.

The Red Flags Rule under the Fair and Accurate Credit Transactions Act (FACTA).

Question 10

The FTC often negotiates consent decrees with companies found to be in violation of privacy principles. How does this benefit both parties involved?

Options:

A.

It standardizes the amount of fines.

B.

It simplifies the audit requirements.

C.

It avoids potentially harmful publicity.

D.

It spares the expense of going to trial.

Question 11

What practice do courts commonly require in order to protect certain personal information on documents, whether paper or electronic, that is involved in litigation?

Options:

A.

Redaction

B.

Encryption

C.

Deletion

D.

Hashing

Question 12

SCENARIO

Please use the following to answer the next QUESTION

Felicia has spent much of her adult life overseas, and has just recently returned to the U.S. to help her friend Celeste open a jewelry store in California. Felicia, despite being excited at the prospect, has a number of security concerns, and has only grudgingly accepted the need to hire other employees. In order to guard against the loss of valuable merchandise, Felicia wants to carefully screen applicants. With their permission, Felicia would like to run credit checks, administer polygraph tests, and scrutinize videos of interviews. She intends to read applicants’ postings on social media, ask QUESTION NO:s about drug addiction, and solicit character references. Felicia believes that if potential employees are serious about becoming part of a dynamic new business, they will readily agree to these requirements.

Felicia is also in favor of strict employee oversight. In addition to protecting the inventory, she wants to prevent mistakes during transactions, which will require video monitoring. She also wants to regularly check the company vehicle’s GPS for locations visited by employees. She also believes that employees who use their own devices for work-related purposes should agree to a certain amount of supervision.

Given her high standards, Felicia is skeptical about the proposed location of the store. She has been told that many types of background checks are not allowed under California law. Her friend Celeste thinks these worries are unfounded, as long as applicants verbally agree to the checks and are offered access to the results. Nor does Celeste share Felicia’s concern about state breach notification laws, which, she claims, would be costly to implement even on a minor scale. Celeste believes that

even if the business grows a customer database of a few thousand, it’s unlikely that a state agency would hassle an honest business if an accidental security incident were to occur.

In any case, Celeste feels that all they need is common sense – like remembering to tear up sensitive documents before throwing them in the recycling bin. Felicia hopes that she’s right, and that all of her concerns will be put to rest next month when their new business consultant (who is also a privacy professional) arrives from North Carolina.

Regarding credit checks of potential employees, Celeste has a misconception regarding what?

Options:

A.

Consent requirements.

B.

Disclosure requirements.

C.

Employment-at-will rules.

D.

Records retention policies

Question 13

SCENARIO

Please use the following to answer the next QUESTION

Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asia. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in the Cross-Border Privacy Rules system of the APEC Privacy Framework.

Unfortunately, Filtration Station suffered a data breach in the previous quarter. An unknown third party was able to gain access to Filtration Station’s network and was able to steal data relating to employees in the company’s Human Resources database, which is hosted by a third-party cloud provider based in the U.S. The HR data is encrypted. Filtration Station also uses the third-party cloud provider to host its business marketing contact database. The marketing database was not affected by the data breach. It appears that the data breach was caused when a system administrator at the cloud provider stored the encryption keys with the data itself.

The Board has asked Otto to provide information about the data breach and how updates on new developments in privacy laws and regulations apply to Filtration Station. They are particularly concerned about staying up to date on the various U.S. state laws and regulations that have been in the news, especially the California Consumer Privacy Act (CCPA) and breach notification requirements.

What can Otto do to most effectively minimize the privacy risks involved in using a cloud provider for the HR data?

Options:

A.

Request that the Board sign off in a written document on the choice of cloud provider.

B.

Ensure that the cloud provider abides by the contractual requirements by conducting an on-site audit.

C.

Obtain express consent from employees for storing the HR data in the cloud and keep a record of the employee consents.

D.

Negotiate a Business Associate Agreement with the cloud provider to protect any health-related data employees might share with Filtration Station.

Question 14

Which law provides employee benefits, but often mandates the collection of medical information?

Options:

A.

The Occupational Safety and Health Act.

B.

The Americans with Disabilities Act.

C.

The Employee Medical Security Act.

D.

The Family and Medical Leave Act.

Question 15

Which of the following best describes the ASIA-Pacific Economic Cooperation (APEC) principles?

Options:

A.

A bill of rights for individuals seeking access to their personal information.

B.

A code of responsibilities for medical establishments to uphold privacy laws.

C.

An international court ruling on personal information held in the commercial sector.

D.

A baseline of marketers’ minimum responsibilities for providing opt-out mechanisms.

Question 16

Which of the following statements is most accurate in regard to data breach notifications under federal and

state laws:

Options:

A.

You must notify the Federal Trade Commission (FTC) in addition to affected individuals if over 500 individuals are receiving notice.

B.

When providing an individual with required notice of a data breach, you must identify what personal information was actually or likely compromised.

C.

When you are required to provide an individual with notice of a data breach under any state’s law, you must provide the individual with an offer for free credit monitoring.

D.

The only obligations to provide data breach notification are under state law because currently there is no federal law or regulation requiring notice for the breach of personal information.

Question 17

What role does the U.S. Constitution play in the area of workplace privacy?

Options:

A.

It provides enforcement resources to large employers, but not to small businesses

B.

It provides legal precedent for physical information security, but not for electronic security

C.

It provides contractual protections to members of labor unions, but not to employees at will

D.

It provides significant protections to federal and state governments, but not to private-sector employment

Question 18

SCENARIO

Please use the following to answer the next QUESTION:

Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state’s Do Not Call list, as well as the people on it. “If they were really serious about not being bothered,” Evan said, “They’d be on the national DNC list. That’s the only one we’re required to follow. At SunriseLynx, we call until they ask us not to.”

Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call “another time.” This, to Larry, is a clear indication that they don’t want to be called at all. Evan doesn’t see it that way.

Larry believes that Evan’s arrogance also affects the way he treats employees. The U.S. Constitution protects American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly, even connecting with employees on social media. However, following Evan’s political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.

Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan’s leadership.

Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentioned this to a coworker, his concern was met with a shrug. It was the coworker’s belief that employees agreed to be monitored when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.

Larry wants to take action, but is uncertain how to proceed.

In regard to telemarketing practices, Evan the supervisor has a misconception regarding?

Options:

A.

The conditions under which recipients can opt out

B.

The wishes of recipients who request callbacks

C.

The right to monitor calls for quality assurance

D.

The relationship of state law to federal law

Question 19

What was the original purpose of the Federal Trade Commission Act?

Options:

A.

To ensure privacy rights of U.S. citizens

B.

To protect consumers

C.

To enforce antitrust laws

D.

To negotiate consent decrees with companies violating personal privacy

Question 20

Which of the following is NOT one of three broad categories of products offered by data brokers, as identified by the U.S. Federal Trade Commission (FTC)?

Options:

A.

Research (such as information for understanding consumer trends).

B.

Risk mitigation (such as information that may reduce the risk of fraud).

C.

Location of individuals (such as identifying an individual from partial information).

D.

Marketing (such as appending data to customer information that a marketing company already has).

Question 21

Which act violates the Family Educational Rights and Privacy Act of 1974 (FERPA)?

Options:

A.

A K-12 assessment vendor obtains a student’s signed essay about her hometown from her school to use as an exemplar for public release

B.

A university posts a public student directory that includes names, hometowns, e-mail addresses, and majors

C.

A newspaper prints the names, grade levels, and hometowns of students who made the quarterly honor roll

D.

University police provide an arrest report to a student’s hometown police, who suspect him of a similar crime

Question 22

Based on the 2012 Federal Trade Commission report “Protecting Consumer Privacy in an Era of Rapid Change”, which of the following directives is most important for businesses?

Options:

A.

Announcing the tracking of online behavior for advertising purposes.

B.

Integrating privacy protections during product development.

C.

Allowing consumers to opt in before collecting any data.

D.

Mitigating harm to consumers after a security breach.

Demo: 22 questions
Total 150 questions