The requester must have lodged a complaint with the Office of the Privacy Commissioner (OPC) within 60 days of having received a response to a formal Privacy Act request.
A. Collection directly relates to, and is necessary for, operating a program of that organization.Which is an exception to the general prohibitions on telephone monitoring that exist under the U.S. Wiretap Act?
A. Call center exceptionWhen developing a company privacy program, which of the following relationships will most help a privacy professional develop useful guidance for the organization?
A. Relationships with individuals within the privacy professional community who are able to share expertise and leading practices for different industries.Which authority supervises and enforces laws regarding advertising to children via the Internet?
A. The Office for Civil RightsIn a case of civil litigation, what might a defendant who is being sued for distributing an employee's private information face?
A. Probation.SCENARIO
You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B. As part of HealthCo's business associate agreement (BAA) with CloudHealth, HealthCo requires
CloudHealth to implement security measures, including industry-standard encryption practices, to adequately protect the data. However, HealthCo did not perform due diligence on CloudHealth before entering the contract and has not conducted audits of CloudHealth's security measures.
A CloudHealth employee has recently become the victim of a phishing attack. When the employee unintentionally clicked on a link from a suspicious email, the PHI of more than 10,000 HealthCo patients was compromised. It has since been published online. The HealthCo cybersecurity team quickly identifies the perpetrator as a known hacker who has launched similar attacks on other hospitals-ones that exposed the PHI of public figures, including celebrities and politicians.
During the course of its investigation, HealthCo discovers that CloudHealth has not encrypted the PHI in accordance with the terms of its contract. In addition, CloudHealth has not provided privacy or security training to its employees. Law enforcement has requested that HealthCo provide its investigative report of the breach and a copy of the PHI of the individuals affected.
A patient affected by the breach then sues HealthCo, claiming that the company did not adequately protect the individual's ePHI and that the patient has suffered substantial harm as a result of the exposed data. The patient's attorney has submitted a discovery request for the ePHI exposed in the breach.
What is the most effective kind of training CloudHealth could have given its employees to help prevent this type of data breach?
A. Training on techniques for identifying phishing attemptsSCENARIO
Felicia has spent much of her adult life overseas and has recently returned to the U.S. to help her friend Celeste open a jewelry store in California. Although Felicia is excited about the prospect, she has a number of security concerns and has only grudgingly accepted the need to hire other employees. In order to guard against the loss of valuable merchandise, Felicia wants to carefully screen applicants. With their permission, Felicia would like to run credit checks, administer polygraph tests, and scrutinize
videos of interviews. She intends to read applicants’ postings on social media, ask questions about drug addiction, and solicit character references. Felicia believes that if potential employees are serious about becoming part of a dynamic new business, they will readily agree to these requirements.
Felicia is also in favor of strict employee oversight. In addition to protecting the inventory, she wants to prevent mistakes during transactions, which will require video monitoring. She also wants to regularly check the company vehicle's GPS for locations visited by employees. She also believes that employees who use their own devices for work-related purposes should agree to a certain amount of supervision.
Given her high standards, Felicia is skeptical about the proposed location of the store. She has been told that many types of background checks are not allowed under California law. Her friend Celeste thinks these worries are unfounded, as long as applicants agree to the checks and are offered access to the results. Nor does Celeste share Felicia's concern about state breach notification laws, which she claims would be costly to implement even on a minor scale. Celeste believes that even if the business
grows a customer database of a few thousand, it is unlikely that a state agency would take action against an honest business if an accidental security incident were to occur.
In any case, Celeste feels that all they need is common sense, such as remembering to shred sensitive documents before throwing them in the recycling bin. Felicia hopes that she is right and that all of her concerns will be put to rest next month when their new business consultant, who is also a privacy professional, arrives to advise them.
Regarding credit checks of potential employees, Celeste has a misconception regarding what?
A. Consent requirements.What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?
A. A consent decreeWhat is required for a provincial law to be considered substantially similar to the Personal Information Protection and Electronic Documents Act (PIPEDA)?
A. Consistency with at least eight of the ten privacy principles, an independent oversight body and a complaint handling mechanism.California's SB 1386 was the first law of its type in the United States to do what?
A. Require commercial entities to disclose a security data breach concerning personal information about the state's residentsNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-C exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.