IAPP Certified Information Privacy Professional/United States (CIPP/US) - CIPP-US Exam Practice Test

What important action should a health care provider take if the she wants to qualify for funds under the Health Information Technology for Economic and Clinical Health Act (HITECH)?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Within what time period must a commercial message sender remove a recipient's address once they have asked to stop receiving future e-mail?
Correct Answer: C Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
SCENARIO
Please use the following to answer the next question:
Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has made better financial decisions in the past two years.
One potential employer, Arnie's Emporium, recently called to tell Noah he did not get a position.
As part of the application process, Noah signed a consent form allowing the employer to request his credit report from a consumer reporting agency (CRA). Noah thinks that the report hurt his chances, but believes that he may not ever know whether it was his credit that cost him the job.
However, Noah is somewhat relieved that he was not offered this particular position. He noticed that the store where he interviewed was extremely disorganized. He imagines that his credit report could still be sitting in the office, unsecured.
Two days ago, Noah got another interview for a position at Sam's Market. The interviewer told Noah that his credit report would be a factor in the hiring decision. Noah was surprised because he had not seen anything on paper about this when he applied.
Regardless, the effect of Noah's credit on his employability troubles him, especially since he has tried so hard to improve it. Noah made his worst financial decisions fifteen years ago, and they led to bankruptcy. These were decisions he made as a young man, and most of his debt at the time consisted of student loans, credit card debt, and a few unpaid bills ?all of which Noah is still working to pay off. He often laments that decisions he made fifteen years ago are still affecting him today.
In addition, Noah feels that an experience investing with a large bank may have contributed to his financial troubles. In 2007, in an effort to earn money to help pay off his debt, Noah talked to a customer service representative at a large investment company who urged him to purchase stocks. Without understanding the risks, Noah agreed. Unfortunately, Noah lost a great deal of money.
After losing the money, Noah was a customer of another financial institution that suffered a large security breach. Noah was one of millions of customers whose personal information was compromised. He wonders if he may have been a victim of identity theft and whether this may have negatively affected his credit.
Noah hopes that he will soon be able to put these challenges behind him, build excellent credit, and find the perfect job.
Based on the scenario, which legislation should ease Noah's worry about his credit report as a result of applying at Arnie's Emporium?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
A software company wants to use web scraping to collect personal data from professional networking websites in order to train an artificial intelligence program to evaluate Job applications. The company has identified several actions for limiting their potential legal liability regarding affected data subjects and professional networking websites. Which of the following would be the least effective action for helping them do this?
Correct Answer: C Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
SCENARIO
Please use the following to answer the next question:
Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asia. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in the Cross-Border Privacy Rules system of the APEC Privacy Framework.
Unfortunately, Filtration Station suffered a data breach in the previous quarter. An unknown third party was able to gain access to Filtration Station's network and was able to steal data relating to employees in the company's Human Resources database, which is hosted by a third-party cloud provider based in the B. S. The HR data is encrypted. Filtration Station also uses the third-party cloud provider to host its business marketing contact database. The marketing database was not affected by the data breach. It appears that the data breach was caused when a system administrator at the cloud provider stored the encryption keys with the data itself.
The Board has asked Otto to provide information about the data breach and how updates on new developments in privacy laws and regulations apply to Filtration Station. They are particularly concerned about staying up to date on the various U.S. state laws and regulations that have been in the news, especially the California Consumer Privacy Act (CCPA) and breach notification requirements.
The Board has asked Otto whether the company will need to comply with the new California Consumer Privacy Law (CCPA). What should Otto tell the Board?
Correct Answer: C Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
In most cases, the FTC settles disputes through consent decrees and consent orders. What is the maximum length of a consent decree?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
All of the following are tasks in the "Discover" phase of building an information management program EXCEPT?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which of the following became the first state to pass a law specifically regulating the practices of data brokers?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which form of malicious online threat targets an individual user and pretends to be a legitimate party, such as a bank, to steal personal data?
Correct Answer: A Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which is an exception to the general prohibitions on telephone monitoring that exist under the
U.S.Wiretap Act?
Correct Answer: A Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Under the California Consumer Privacy Act (as amended by the California Pnvacy Rights Act), a consumer may Initiate a civil action against a business for?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).