What is the most important action an organization can take to comply with the FTC position on retroactive changes to a privacy policy?
A. Describing the policy changes on its website.
B. Obtaining affirmative consent from its customers.
C. Publicizing the policy changes through social media.
D. Reassuring customers of the security of their information.
What is the main reason some supporters of the European approach to privacy are skeptical about self- regulation of privacy practices?
A. A large amount of money may have to be sent on improved technology and security
B. Industries may not be strict enough in the creation and enforcement of rules
C. A new business owner may not understand the regulations
D. Human rights may be disregarded for the sake of privacy
Felicia is also in favor of strict employee oversight. In addition to protecting the inventory, she wants to prevent mistakes during transactions, which will require video monitoring. She also wants to regularly check the company vehicle's GPS for locations visited by employees. She also believes that employees who use their own devices for work-related purposes should agree to a certain amount of supervision.
Given her high standards, Felicia is skeptical about the proposed location of the store. She has been told that many types of background checks are not allowed under California law. Her friend Celeste thinks these worries are unfounded, as long as applicants verbally agree to the checks and are offered access to the results. Nor does Celeste share Felicia's concern about state breach notification laws, which, she claims, would be costly to implement even on a minor scale. Celeste believes that
even if the business grows a customer database of a few thousand, it's unlikely that a state agency would hassle an honest business if an accidental security incident were to occur.
In any case, Celeste feels that all they need is common sense ?like remembering to tear up sensitive documents before throwing them in the recycling bin. Felicia hopes that she's right, and that all of her concerns will be put to rest next month when their new business consultant (who is also a privacy professional) arrives from North Carolina.
Regarding credit checks of potential employees, Celeste has a misconception regarding what?
A. Consent requirements.
B. Disclosure requirements.
C. Employment-at-will rules.
D. Records retention policies
Federal laws establish which of the following requirements for collecting personal information of minors under the age of 13?
A. Implied consent from a minor's parent or guardian, or affirmative consent from the minor.
B. Affirmative consent from a minor's parent or guardian before collecting the minor's personal information online.
C. Implied consent from a minor's parent or guardian before collecting a minor's personal information online, such as when they permit the minor to use the internet.
D. Affirmative consent of a parent or guardian before collecting personal information of a minor offline (e.g., in person), which also satisfies any requirements for online consent.
All of the following are tasks in the "Discover" phase of building an information management program EXCEPT?
A. Facilitating participation across departments and levels
B. Developing a process for review and update of privacy policies
C. Deciding how aggressive to be in the use of personal information
D. Understanding the laws that regulate a company's collection of information
Under the Personal Information Protection and Electronic Documents Act (PIPEDA), an organization must maintain a record of every breach of security safeguards involving personal information for a minimum of?
A. 3 months.
B. 12 months.
C. 24 months.
D. 36 months.
Which action will help a business prove compliance under Canada's Anti-Spam Legislation (CASL)?
A. Demonstrating the dissolution of a personal relationship before communication was sent.
B. Keeping records of express and implied consent of commercial electronic messages.
C. Posting a list of CASL guidelines on a company's website for customers to read.
D. Providing an opt-out mechanism.
Which province requires its government bodies to store and access personal information exclusively in Canada unless additional consent is obtained, or if outside storage is judged necessary?
A. Nova Scotia
B. Québec.
C. Ontario.
D. Alberta.
What is required through the "circle of care" concept under Canadian health information privacy law?
A. Health information custodians or trustees be specified only by applicable law or regulation
B. An individual's consent may be implied unless the individual has refused consent or if the purpose of the disclosure is not to provide health care.
C. Notification to the individual be made in the event of a data breach of personal health information (PHI) by an organization that is based in Canada
D. Consent must be expressed or implied when a custodian discloses personal health information (PHI) to another custodian for the purpose of providing health care.
The movement toward comprehensive privacy and data protection laws can be attributed to a combination of three major factors: the need to remedy past injustices, the need to promote a digital economy and the need to ensure consistency with?
A. Self-regulatory laws.
B. Pan-European laws.
C. Pan-Asian laws.
D. Global laws.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-C exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.