
Pass Certified Information Privacy Professional CIPP-US exam [Oct 30, 2021] Updated 152 Questions
IAPP CIPP-US Actual Questions and 100% Cover Real Exam Questions
How to study the IAPP CIPP-US: Certified Information Privacy Professional/United States (CIPP/US) Exam
Preparation of certification exams could be covered with two resource types . The first one are the study guides, reference books and study forums that are elaborated and appropriate for building information from ground up. Apart from them video tutorials and lectures are a good option to ease the pain of through study and are relatively make the study process more interesting nonetheless these demand time and concentration from the learner. Smart candidates who wish to create a solid foundation altogether examination topics and connected technologies typically mix video lectures with study guides to reap the advantages of each but IAPP CIPP/US practice exams or practice exam engines is one important study tool which goes typically unnoted by most candidates. Practice exams are designed with our experts to make exam prospects test their knowledge on skills attained in course, as well as prospects become comfortable and familiar with the real exam environment. Statistics have indicated exam anxiety plays much bigger role of students failure in exam than the fear of the unknown. TorrentExam expert team recommends preparing some notes on these topics along with it don’t forget to practice IAPP CIPP/US exam dumps which had been written by our expert team, each of these can assist you loads to clear this exam with excellent marks. IAPP CIPP/US practice test is the best preparation material in the start of preparation.
NEW QUESTION 80
Global Manufacturing Co's Human Resources department recently purchased a new software tool. This tool helps evaluate future candidates for executive roles by scanning emails to see what those candidates say and what is said about them. This provides the HR department with an automated "360 review" that lets them know how the candidate thinks and operates, what their peers and direct reports say about them, and how well they interact with each other.
What is the most important step for the Human Resources Department to take when implementing this new software?
- A. Making sure that the software does not unintentionally discriminate against protected groups.
- B. Confirming that employees have read and signed the employee handbook where they have been advised that they have no right to privacy as long as they are using the organization's systems, regardless of the protected group or laws enforced by EEOC.
- C. Providing notice to employees that their emails will be scanned by the software and creating automated profiles.
- D. Ensuring that the software contains a privacy notice explaining that employees have no right to privacy as long as they are running this software on organization systems to scan email systems.
Answer: A
Explanation:
Explanation/Reference: https://www.beckage.com/tag/artificial-intelligence/
NEW QUESTION 81
SCENARIO
Please use the following to answer the next QUESTION
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop. "Doing your homework?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?" "It's asking Question:s about my opinions."
"Let me see," Matt said, and began reading the list of Question:s that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten." Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer Question:s about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities.
Depending on where Matt lives, the marketer could be prosecuted for violating which of the following?
- A. Consumer Bill of Rights.
- B. Unfair and Deceptive Acts and Practices laws.
- C. Red Flag Rules.
- D. Investigative Consumer Reporting Agencies Act.
Answer: B
NEW QUESTION 82
SCENARIO
Please use the following to answer the next QUESTION
When there was a data breach involving customer personal and financial information at a large retail store, the company's directors were shocked. However, Roberta, a privacy analyst at the company and a victim of identity theft herself, was not. Prior to the breach, she had been working on a privacy program report for the executives. How the company shared and handled data across its organization was a major concern. There were neither adequate rules about access to customer information nor procedures for purging and destroying outdated dat a. In her research, Roberta had discovered that even low- level employees had access to all of the company's customer data, including financial records, and that the company still had in its possession obsolete customer data going back to the 1980s.
Her report recommended three main reforms. First, permit access on an as-needs-to-know basis. This would mean restricting employees' access to customer information to data that was relevant to the work performed. Second, create a highly secure database for storing customers' financial information (e.g., credit card and bank account numbers) separate from less sensitive information. Third, identify outdated customer information and then develop a process for securely disposing of it.
When the breach occurred, the company's executives called Roberta to a meeting where she presented the recommendations in her report. She explained that the company having a national customer base meant it would have to ensure that it complied with all relevant state breach notification laws. Thanks to Roberta's guidance, the company was able to notify customers quickly and within the specific timeframes set by state breach notification laws.
Soon after, the executives approved the changes to the privacy program that Roberta recommended in her report. The privacy program is far more effective now because of these changes and, also, because privacy and security are now considered the responsibility of every employee.
Based on the problems with the company's privacy security that Roberta identifies, what is the most likely cause of the breach?
- A. Lost company property such as a computer or flash drive.
- B. Fraud involving credit card theft at point-of-service terminals.
- C. Unintended disclosure of information shared with a third party.
- D. Mishandling of information caused by lack of access controls.
Answer: D
NEW QUESTION 83
Which of the following best describes the ASIA-Pacific Economic Cooperation (APEC) principles?
- A. An international court ruling on personal information held in the commercial sector.
- B. A bill of rights for individuals seeking access to their personal information.
- C. A code of responsibilities for medical establishments to uphold privacy laws.
- D. A baseline of marketers' minimum responsibilities for providing opt-out mechanisms.
Answer: B
Explanation:
Explanation/Reference: http://documents1.worldbank.org/curated/en/751621525705087132/text/WPS8431.txt
NEW QUESTION 84
All of the following common law torts are relevant to employee privacy under US law EXCEPT?
- A. Infliction of emotional distress.
- B. Defamation
- C. Conversion.
- D. Intrusion upon seclusion.
Answer: D
Explanation:
Explanation/Reference: https://en.wikipedia.org/wiki/Privacy_law
NEW QUESTION 85
If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?
- A. Notifies the organization if it can no longer meet its requirements for proper data handling
- B. Provides the same level of privacy protection as the organization
- C. Uses the transferred data for limited purposes
- D. Enters a contract with the organization that states the third party will process data according to the consent agreement
Answer: D
NEW QUESTION 86
The "Consumer Privacy Bill of Rights" presented in a 2012 Obama administration report is generally based on?
- A. Common law principles
- B. Traditional fair information practices
- C. The 1974 Privacy Act
- D. European Union Directive
Answer: D
NEW QUESTION 87
What practice does the USA FREEDOM Act NOT authorize?
- A. Emergency exceptions that allows the government to target roamers
- B. An increase in the maximum penalty for material support to terrorism
- C. An extension of the expiration for roving wiretaps
- D. The bulk collection of telephone data and internet metadata
Answer: A
NEW QUESTION 88
An organization self-certified under Privacy Shield must, upon request by an individual, do what?
- A. Suspend the use of all personal information collected by the organization to fulfill its original purpose.
- B. Identify all personal information disclosed during a criminal investigation.
- C. Provide the identities of third parties with whom the organization shares personal information.
- D. Provide the identities of third and fourth parties that may potentially receive personal information.
Answer: C
NEW QUESTION 89
Which of the following best describes an employer's privacy-related responsibilities to an employee who has left the workplace?
- A. An employer has a responsibility to maintain a former employee's access to computer systems and company data needed to support claims against the company such as discrimination.
- B. An employer has a responsibility to maintain the security and privacy of any sensitive employment records retained for a legitimate business purpose.
- C. An employer may consider any privacy-related responsibilities terminated, as the relationship between employer and employee is considered primarily contractual.
- D. An employer has a responsibility to permanently delete or expunge all sensitive employment records to minimize privacy risks to both the employer and former employee.
Answer: D
NEW QUESTION 90
Which of the following would NOT constitute an exception to the authorization requirement under the HIPAA Privacy Rule?
- A. Disclosing health information needed to treat a medical emergency.
- B. Disclosing health information to file a child abuse report.
- C. Disclosing health information needed to pay a third party billing administrator.
- D. Disclosing health information for public health activities.
Answer: A
NEW QUESTION 91
What is the main challenge financial institutions face when managing user preferences?
- A. Developing a mechanism for opting out that is easy for their consumers to navigate
- B. Ensuring that preferences are applied consistently across channels and platforms
- C. Ensuring they are in compliance with numerous complex state and federal privacy laws
- D. Determining the legal requirements for sharing preferences with their affiliates
Answer: B
NEW QUESTION 92
What consumer protection did the Fair and Accurate Credit Transactions Act (FACTA) require?
- A. The truncation of account numbers on credit card receipts
- B. Consumer notice when third-party data is used to make an adverse decision
- C. The right to request removal from e-mail lists
- D. The ability for the consumer to correct inaccurate credit report information
Answer: D
NEW QUESTION 93
Which act violates the Family Educational Rights and Privacy Act of 1974 (FERPA)?
- A. University police provide an arrest report to a student's hometown police, who suspect him of a similar crime
- B. A university posts a public student directory that includes names, hometowns, e-mail addresses, and majors
- C. A newspaper prints the names, grade levels, and hometowns of students who made the quarterly honor roll
- D. A K-12 assessment vendor obtains a student's signed essay about her hometown from her school to use as an exemplar for public release
Answer: D
NEW QUESTION 94
California's SB 1386 was the first law of its type in the United States to do what?
- A. Require commercial entities to disclose a security data breach concerning personal information about the state's residents
- B. Require state attorney general enforcement of federal regulations against unfair and deceptive trade practices
- C. Require notification of non-California residents of a breach that occurred in California
- D. Require encryption of sensitive information stored on servers that are Internet connected
Answer: A
Explanation:
Explanation/Reference: https://corporate.findlaw.com/law-library/california-raises-the-bar-on-data-security-and-privacy.html
NEW QUESTION 95
Under the Telemarketing Sales Rule, what characteristics of consent must be in place for an organization to acquire an exception to the Do-Not-Call rules for a particular consumer?
- A. The consent must be in writing, must contain the number to which calls can be made and must be signed
- B. The consent must be in writing, must state the times when calls can be made to the consumer and must be signed
- C. The consent must be in writing, must have an end data and must state the times when calls can be made
- D. The consent must be in writing, must contain the number to which calls can be made and must have an end date
Answer: D
NEW QUESTION 96
A large online bookseller decides to contract with a vendor to manage Personal Information (PI). What is the least important factor for the company to consider when selecting the vendor?
- A. The vendor's employee training program
- B. The vendor's financial health
- C. The vendor's reputation
- D. The vendor's employee retention rates
Answer: B
NEW QUESTION 97
Which is an exception to the general prohibitions on telephone monitoring that exist under the U.S. Wiretap Act?
- A. Call center exception
- B. Internet calls exception
- C. Ordinary course of business exception
- D. Inter-company communications exception
Answer: C
NEW QUESTION 98
A company's employee wellness portal offers an app to track exercise activity via users' mobile devices. Which of the following design techniques would most effectively inform users of their data privacy rights and privileges when using the app?
- A. Publish a privacy policy written in clear, concise, and understandable language.
- B. Provide a link to the wellness program privacy policy at the bottom of each screen.
- C. Present a privacy policy to users during the wellness program registration process.
- D. Offer information about data collection and uses at key data entry points.
Answer: C
NEW QUESTION 99
SCENARIO
Please use the following to answer the next QUESTION:
Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical fitness goals through classes, individual instruction, and access to an extensive indoor gym. She has owned the company for ten years and has always been concerned about protecting customer's privacy while maintaining the highest level of service. She is proud that she has built long-lasting customer relationships.
Although Cheryl and her staff have tried to make privacy protection a priority, the company has no formal privacy policy. So Cheryl hired Janice, a privacy professional, to help her develop one.
After an initial assessment, Janice created a first of a new policy. Cheryl read through the draft and was concerned about the many changes the policy would bring throughout the company. For example, the draft policy stipulates that a customer's personal information can only be held for one year after paying for a service such as a session with personal trainer. It also promises that customer information will not be shared with third parties without the written consent of the customer. The wording of these rules worry Cheryl since stored personal information often helps her company to serve her customers, even if there are long pauses between their visits. In addition, there are some third parties that provide crucial services, such as aerobics instructors who teach classes on a contract basis. Having access to customer files and understanding the fitness levels of their students helps instructors to organize their classes.
Janice understood Cheryl's concerns and was already formulating some ideas for revision. She tried to put Cheryl at ease by pointing out that customer data can still be kept, but that it should be classified according to levels of sensitivity. However, Cheryl was skeptical. It seemed that classifying data and treating each type differently would cause undue difficulties in the company's day-to-day operations. Cheryl wants one simple data storage and access system that any employee can access if needed.
Even though the privacy policy was only a draft, she was beginning to see that changes within her company were going to be necessary. She told Janice that she would be more comfortable with implementing the new policy gradually over a period of several months, one department at a time. She was also interested in a layered approach by creating documents listing applicable parts of the new policy for each department.
Based on the scenario, which of the following would have helped Janice to better meet the company's needs?
- A. Creating a more comprehensive plan for implementing a new policy
- B. Removing the financial burden of the company's employee training program
- C. Spending more time understanding the company's information goals
- D. Explaining the importance of transparency in implementing a new policy
Answer: C
NEW QUESTION 100
In which situation would a policy of "no consumer choice" or "no option" be expected?
- A. When a job applicant's credit report is provided to an employer
- B. When a customer's financial information is requested by the government
- C. When a customer's street address is shared with a shipping company
- D. When a patient's health record is made available to a pharmaceutical company
Answer: C
NEW QUESTION 101
A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than
500 individuals. According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?
- A. The affected individuals
- B. Department of Health and Human Services
- C. Medical providers
- D. The local media
Answer: C
Explanation:
Explanation/Reference: https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf (page 6)
NEW QUESTION 102
Which federal act does NOT contain provisions for preempting stricter state laws?
- A. The Fair and Accurate Credit Transactions Act (FACTA)
- B. The CAN-SPAM Act
- C. The Telemarketing Consumer Protection and Fraud Prevention Act
- D. The Children's Online Privacy Protection Act (COPPA)
Answer: C
Explanation:
Explanation
NEW QUESTION 103
......
IAPP CIPP-US Real 2021 Braindumps Mock Exam Dumps: https://www.torrentexam.com/CIPP-US-exam-latest-torrent.html
CIPP-US Free Exam Questions & Answers PDF Updated on Oct-2021: https://drive.google.com/open?id=1bgqnbf1Y0EKunhCHblGgneh46xooSnqU

