SCENARIO
Please use the following to answer the next question:
Hi Zoe,
Thank you so much for your email. I am so glad you have jumped right into your new position as our in-house privacy professional. BastTech greatly needs your expertise. I hope you are comfortably settling into your new home in the United
States after your move from the United Kingdom! Georgia is a wonderful state.
I particularly appreciate your enthusiasm in using your recent informal assessment to begin rectifying gaps in our privacy program and making sure we are in compliance with all laws. However, I also want to make sure that we are prioritizing
our initiatives by spending time on the measures that are most important to our customers, our company, and the tech industry as a whole.
Specifically, I know that you are advocating for an update of our Business Continuity Disaster Response (BCDR) plan with an eye toward privacy concerns. I think this effort is something that we may be able to postpone. I'm sure that after ten
years the document can be updated in spots; however, we have first-rate, experienced executive leaders that would have things well in hand in the unlikely event of a disaster.
Further, you mentioned that you would like to assess our longtime subcontractor's disaster plan through a second-party audit. Papyrus, our longtime subcontractor, does keep a great deal of personal data about our customers. However, I am
not sure I understand your request and would like to discuss this further during our meeting Wednesday.
You also say that your audit uncovered some inadequacies in staff compliance with our security procedures and local laws. I just wanted to emphasize that the audit findings only need to be communicated to the executive leadership. I would
rather not cause unnecessary alarm across departments.
I know you are also looking closely at the recent loss of a file belonging to a staff member in Human Resources (HR). It was an unfortunate incident, but rest assured, we handled the situation according to Georgia state law. The only difficult part was easing the concerns of our many remote employees all across the country whose data was on the computer. But I believe everything is settled. At least this stands as proof that in the event of another breach of any type, Information Security (IS) will take the lead while other departments move on with business as usual without having to get involved. Thankfully, we have taken the measure of supplementing our General Commercial Liability Insurance with cyber insurance.
Anyway, we will talk more on Wednesday. I just wanted to communicate some of my current thinking.
Thanks,
Whitney
Interim Assistant Business Manager, BastTech.
Based on the email, Zoe is most likely to praise Whitney for what?
A. Knowing the business well.
B. Making consumers a priority.
C. Anticipating potential financial impacts.
D. Prioritizing the privacy tasks that Zoe should focus on.
SCENARIO
Please use the following to answer the next question:
Hi Zoe,
Thank you so much for your email. I am so glad you have jumped right into your new position as our in-house privacy professional. BastTech greatly needs your expertise. I hope you are comfortably settling into your new home in the United
States after your move from the United Kingdom! Georgia is a wonderful state.
I particularly appreciate your enthusiasm in using your recent informal assessment to begin rectifying gaps in our privacy program and making sure we are in compliance with all laws. However, I also want to make sure that we are prioritizing
our initiatives by spending time on the measures that are most important to our customers, our company, and the tech industry as a whole.
Specifically, I know that you are advocating for an update of our Business Continuity Disaster Response (BCDR) plan with an eye toward privacy concerns. I think this effort is something that we may be able to postpone. I'm sure that after ten
years the document can be updated in spots; however, we have first-rate, experienced executive leaders that would have things well in hand in the unlikely event of a disaster.
Further, you mentioned that you would like to assess our longtime subcontractor's disaster plan through a second-party audit. Papyrus, our longtime subcontractor, does keep a great deal of personal data about our customers. However, I am
not sure I understand your request and would like to discuss this further during our meeting Wednesday.
You also say that your audit uncovered some inadequacies in staff compliance with our security procedures and local laws. I just wanted to emphasize that the audit findings only need to be communicated to the executive leadership. I would
rather not cause unnecessary alarm across departments.
I know you are also looking closely at the recent loss of a file belonging to a staff member in Human Resources (HR). It was an unfortunate incident, but rest assured, we handled the situation according to Georgia state law. The only difficult
part was easing the concerns of our many remote employees all across the country whose data was on the computer. But I believe everything is settled. At least this stands as proof that in the event of another breach of any type, Information
Security (IS) will take the lead while other departments move on with business as usual without having to get involved. Thankfully, we have taken the measure of supplementing our General Commercial Liability Insurance with cyber
insurance.
Anyway, we will talk more on Wednesday. I just wanted to communicate some of my current thinking.
Thanks,
Whitney
Interim Assistant Business Manager, BastTech.
To better respond to privacy incidents, Whitney should consider making better use of what?
A. An appropriate industry framework.
B. Training offered outside the company.
C. Protocols for amending personal data.
D. Roles of stakeholders across departments.
SCENARIO
Please use the following to answer the next question:
Hi Zoe,
Thank you so much for your email. I am so glad you have jumped right into your new position as our in-house privacy professional. BastTech greatly needs your expertise. I hope you are comfortably settling into your new home in the United
States after your move from the United Kingdom! Georgia is a wonderful state.
I particularly appreciate your enthusiasm in using your recent informal assessment to begin rectifying gaps in our privacy program and making sure we are in compliance with all laws. However, I also want to make sure that we are prioritizing
our initiatives by spending time on the measures that are most important to our customers, our company, and the tech industry as a whole.
Specifically, I know that you are advocating for an update of our Business Continuity Disaster Response (BCDR) plan with an eye toward privacy concerns. I think this effort is something that we may be able to postpone. I'm sure that after ten
years the document can be updated in spots; however, we have first-rate, experienced executive leaders that would have things well in hand in the unlikely event of a disaster.
Further, you mentioned that you would like to assess our longtime subcontractor's disaster plan through a second-party audit. Papyrus, our longtime subcontractor, does keep a great deal of personal data about our customers. However, I am
not sure I understand your request and would like to discuss this further during our meeting Wednesday.
You also say that your audit uncovered some inadequacies in staff compliance with our security procedures and local laws. I just wanted to emphasize that the audit findings only need to be communicated to the executive leadership. I would
rather not cause unnecessary alarm across departments.
I know you are also looking closely at the recent loss of a file belonging to a staff member in Human Resources (HR). It was an unfortunate incident, but rest assured, we handled the situation according to Georgia state law. The only difficult part was easing the concerns of our many remote employees all across the country whose data was on the computer. But I believe everything is settled. At least this stands as proof that in the event of another breach of any type, Information Security (IS) will take the lead while other departments move on with business as usual without having to get involved. Thankfully, we have taken the measure of supplementing our General Commercial Liability Insurance with cyber insurance.
Anyway, we will talk more on Wednesday. I just wanted to communicate some of my current thinking.
Thanks,
Whitney
Interim Assistant Business Manager, BastTech.
Based on Whitney's thoughts about the lost file, in what area of privacy law does she have a misunderstanding?
A. The scope of federal law.
B. The applicability of state laws.
C. The requirements under Georgia state law.
D. The applicability of the Health Insurance Portability and Accountability Act (HIPAA) on employee data.
Which of the following is least relevant to establishing a culture of data privacy at a company?
A. Monitoring compliance.
B. Adherence to ISO 27001.
C. Deploying training and awareness.
D. Deploying training and awareness.
A Privacy Program Framework is an implementation roadmap that does all of the following EXCEPT?
A. Measure a successful security program.
B. Incorporate data classification and broad privacy checklists.
C. Provide documented privacy management procedures and processes.
D. Prompt for details to determine all privacy-relevant decisions for the organization.
SCENARIO
Please use the following to answer the next question:
Hi Zoe,
Thank you so much for your email. I am so glad you have jumped right into your new position as our in-house privacy professional. BastTech greatly needs your expertise. I hope you are comfortably settling into your new home in the United
States after your move from the United Kingdom! Georgia is a wonderful state.
I particularly appreciate your enthusiasm in using your recent informal assessment to begin rectifying gaps in our privacy program and making sure we are in compliance with all laws. However, I also want to make sure that we are prioritizing
our initiatives by spending time on the measures that are most important to our customers, our company, and the tech industry as a whole.
Specifically, I know that you are advocating for an update of our Business Continuity Disaster Response (BCDR) plan with an eye toward privacy concerns. I think this effort is something that we may be able to postpone. I'm sure that after ten
years the document can be updated in spots; however, we have first-rate, experienced executive leaders that would have things well in hand in the unlikely event of a disaster.
Further, you mentioned that you would like to assess our longtime subcontractor's disaster plan through a second-party audit. Papyrus, our longtime subcontractor, does keep a great deal of personal data about our customers. However, I am
not sure I understand your request and would like to discuss this further during our meeting Wednesday.
You also say that your audit uncovered some inadequacies in staff compliance with our security procedures and local laws. I just wanted to emphasize that the audit findings only need to be communicated to the executive leadership. I would
rather not cause unnecessary alarm across departments.
I know you are also looking closely at the recent loss of a file belonging to a staff member in Human Resources (HR). It was an unfortunate incident, but rest assured, we handled the situation according to Georgia state law. The only difficult part was easing the concerns of our many remote employees all across the country whose data was on the computer. But I believe everything is settled. At least this stands as proof that in the event of another breach of any type, Information Security (IS) will take the lead while other departments move on with business as usual without having to get involved. Thankfully, we have taken the measure of supplementing our General Commercial Liability Insurance with cyber insurance.
Anyway, we will talk more on Wednesday. I just wanted to communicate some of my current thinking.
Thanks,
Whitney
Interim Assistant Business Manager, BastTech.
Based on the email, what should Zoe suggest to Whitney regarding the informal audit?
A. That several audits be conducted in quick succession.
B. That the results of the audit eventually be made public.
C. That more people assist with conducting audits in the future.
D. That the information from the audit be disseminated to key personnel.
When developing a privacy program and selecting a program sponsor or "champion" the most important consideration should be?
A. That they manage the information privacy program.
B. That they have the authority to approve policy and provide funding.
C. That they will be an effective advocate and understand the importance of privacy.
D. That they have the authority to approve any policy the privacy manager deems necessary
All of the following are components of a data collection notice EXCEPT?
A. Identification of who is collecting the information.
B. Identification of with whom the information could be shared.
C. Identification of potential uses of personal information in the future.
D. Identification of the meta-data which could be generated from collection of the information.
SCENARIO
Please use the following to answer the next question:
Penny has recently joined Ace Space, a company that sells homeware accessories online, as its new privacy officer. The company is based in California but thanks to some great publicity from a social media influencer last year, the company
has received an influx of sales from the EU and has set up a regional office in Ireland to support this expansion. To become familiar with Ace Space's practices and assess what her privacy priorities will be, Penny has set up meetings with a
number of colleagues to hear about the work that they have been doing and their compliance efforts.
Penny's colleague in Marketing is excited by the new sales and the company's plans, but is also concerned that Penny may curtail some of the growth opportunities he has planned. He tells her “I heard someone in the breakroom talking
about some new privacy laws but I really don't think it affects us. We’re just a small company. I mean we just sell accessories online, so what's the real risk?” He has also told her that he works with a number of small companies that help him
get projects completed in a hurry. “We’ve got to meet our deadlines otherwise we lose money. I just sign the contracts and get Jim in finance to push through the payment. Reviewing the contracts takes time that we just don't have.”
In her meeting with a member of the IT team, Penny has learned that although Ace Space has taken a number of precautions to protect its website from malicious activity, it has not taken the same level of care of its physical files or internal
infrastructure. Penny's colleague in IT has told her that a former employee lost an encrypted USB key with financial data on it when he left. The company nearly lost access to their customer database last year after they fell victim to a phishing
attack. Penny is told by her IT colleague that the IT team “didn't know what to do or who should do what. We hadn't been trained on it but we’re a small team though, so it worked out OK in the end.” Penny is concerned that these issues will
compromise Ace Space's privacy and data protection.
Penny is aware that the company has solid plans to grow its international sales and will be working closely with the CEO to give the organization a data “shake up”. Her mission is to cultivate a strong privacy culture within the company.
Penny has a meeting with Ace Space's CEO today and has been asked to give her first impressions and an overview of her next steps.
To help Penny and her CEO with their objectives, what would be the most helpful approach to address her IT concerns?
A. Implement audit logging and monitoring tools.
B. Ensure an inventory of IT assets is maintained.
C. Host a town hall discussion for all IT employees to delivery necessary training.
D. Perform a gap analysis of the technical countermeasures required to meet privacy compliance.
Which of the following controls are generally NOT part of a Privacy Impact Assessment (PIA) review?
A. Access.
B. Incident.
C. Retention.
D. Collection.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPM exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.