Privacy Is Hiring Inc., a CA-based company, is an online specialty recruiting firm focusing on placing privacy professionals in roles at major companies. Job candidates create online profiles
outlining their experience and credentials, and can pay $19.99/month via credit card to have their profiles promoted to potential employers. Privacy Is Hiring Inc. keeps all customer data at rest encrypted on its servers.
Under what circumstances would Privacy Is Hiring Inc., need to notify affected individuals in the event of a data breach?
A. If law enforcement has completed its investigation and has authorized Privacy Is Hiring Inc. to provide the notification to clients and applicable regulators.
B. If the job candidates' credit card information and the encryption keys were among the information taken.
C. If Privacy Is Hiring Inc., reasonably believes that job candidates will be harmed by the data breach.
D. If the personal information stolen included the individuals' names and credit card pin numbers.
More than half of U.S. states require telemarketers to?
A. Identify themselves at the beginning of a call
B. Obtain written consent from potential customers
C. Register with the state before conducting business
D. Provide written contracts for customer transactions
All of the following common law torts are relevant to employee privacy under US law EXCEPT?
A. Infliction of emotional distress.
B. Intrusion upon seclusion.
C. Defamation
D. Conversion.
Sarah lives in San Francisco, California. Based on a dramatic increase in unsolicited commercial emails, Sarah believes that a major social media platform with over 50 million users has collected a lot of personal information about her. The company that runs the platform is based in New York and France.
Why is Sarah entitled to ask the social media platform to delete the personal information they have collected about her?
A. Any company with a presence in Europe must comply with the General Data Protection Regulation globally, including in response to data subject deletion requests.
B. Under Section 5 of the FTC Act, the Federal Trade Commission has held that refusing to delete an individual's personal information upon request constitutes an unfair practice.
C. The California Consumer Privacy Act entitles Sarah to request deletion of her personal information.
D. The New York "Stop Hacks and Improve Electronic Data Security" (SHIELD) Act requires that businesses under New York's jurisdiction must delete customers' personal information upon request.
Which of the following best describes an employer's privacy-related responsibilities to an employee who has left the workplace?
A. An employer has a responsibility to maintain a former employee's access to computer systems and company data needed to support claims against the company such as discrimination.
B. An employer has a responsibility to permanently delete or expunge all sensitive employment records to minimize privacy risks to both the employer and former employee.
C. An employer may consider any privacy-related responsibilities terminated, as the relationship between employer and employee is considered primarily contractual.
D. An employer has a responsibility to maintain the security and privacy of any sensitive employment records retained for a legitimate business purpose.
A company's employee wellness portal offers an app to track exercise activity via users' mobile devices. Which of the following design techniques would most effectively inform users of their data privacy rights and privileges when using the app?
A. Offer information about data collection and uses at key data entry points.
B. Publish a privacy policy written in clear, concise, and understandable language.
C. Present a privacy policy to users during the wellness program registration process.
D. Provide a link to the wellness program privacy policy at the bottom of each screen.
What was the original purpose of the Foreign Intelligence Surveillance Act?
A. To further define what information can reasonably be under surveillance in public places under the USA PATRIOT Act, such as Internet access in public libraries.
B. To further clarify a reasonable expectation of privacy stemming from the Katz v. United States decision.
C. To further define a framework for authorizing wiretaps by the executive branch for national security purposes under Article II of the Constitution.
D. To further clarify when a warrant is not required for a wiretap performed internally by the telephone company outside the suspect's home, stemming from the Olmstead v. United States decision.
Felicia is also in favor of strict employee oversight. In addition to protecting the inventory, she wants to prevent mistakes during transactions, which will require video monitoring. She also wants to regularly check the company vehicle's GPS for locations visited by employees. She also believes that employees who use their own devices for work-related purposes should agree to a certain amount of supervision.
Given her high standards, Felicia is skeptical about the proposed location of the store. She has been told that many types of background checks are not allowed under California law. Her friend Celeste thinks these worries are unfounded, as long as applicants verbally agree to the checks and are offered access to the results. Nor does Celeste share Felicia's concern about state breach notification laws, which, she claims, would be costly to implement even on a minor scale. Celeste believes that
even if the business grows a customer database of a few thousand, it's unlikely that a state agency would hassle an honest business if an accidental security incident were to occur.
In any case, Celeste feels that all they need is common sense ?like remembering to tear up sensitive documents before throwing them in the recycling bin. Felicia hopes that she's right, and that all of her concerns will be put to rest next month when their new business consultant (who is also a privacy professional) arrives from North Carolina.
Which law will be most relevant to Felicia's plan to ask applicants about drug addiction?
A.
B. The Americans with Disabilities Act (ADA).
C. The Occupational Safety and Health Act (OSHA).
D. The Genetic Information Nondiscrimination Act of 2008.
E. The Health Insurance Portability and Accountability Act (HIPAA).
In which situation would a policy of "no consumer choice" or "no option" be expected?
A. When a job applicant's credit report is provided to an employer
B. When a customer's financial information is requested by the government
C. When a patient's health record is made available to a pharmaceutical company
D. When a customer's street address is shared with a shipping company
When developing a company privacy program, which of the following relationships will most help a privacy professional develop useful guidance for the organization?
A. Relationships with individuals within the privacy professional community who are able to share expertise and leading practices for different industries.
B. Relationships with clients, vendors, and customers whose data will be primarily collected and used throughout the organizational program.
C. Relationships with company leaders responsible for approving, implementing, and periodically reviewing the corporate privacy program.
D. Relationships with individuals across company departments and at different levels in the organization's hierarchy.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-C exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.