Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers"?
A. International data transfers
B. Large platform providers
C. Promoting enforceable self-regulatory codes
D. Do Not Track
What is the main purpose of requiring marketers to use the Wireless Domain Registry?
A. To access a current list of wireless domain names
B. To prevent unauthorized emails to mobile devices
C. To acquire authorization to send emails to mobile devices
D. To ensure their emails are sent to actual wireless subscribers
SCENARIO
Please use the following to answer the next QUESTION:
You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B. As part of HealthCo's business associate agreement (BAA) with CloudHealth, HealthCo requires CloudHealth to implement security measures, including industry standard encryption practices, to adequately protect the data. However, HealthCo did not perform due diligence on CloudHealth before entering the contract, and has not conducted audits of CloudHealth's security measures.
A CloudHealth employee has recently become the victim of a phishing attack. When the employee unintentionally clicked on a link from a suspicious email, the PHI of more than 10,000 HealthCo patients was compromised. It has since been published online. The HealthCo cybersecurity team quickly identifies the perpetrator as a known hacker who has launched similar attacks on other hospitals ?ones that exposed the PHI of public figures including celebrities and politicians.
During the course of its investigation, HealthCo discovers that CloudHealth has not encrypted the PHI in accordance with the terms of its contract. In addition, CloudHealth has not provided privacy or security training to its employees. Law enforcement has requested that HealthCo provide its investigative report of the breach and a copy of the PHI of the individuals affected.
A patient affected by the breach then sues HealthCo, claiming that the company did not adequately protect the individual's ePHI, and that he has suffered substantial harm as a result of the exposed data. The patient's attorney has submitted a discovery request for the ePHI exposed in the breach.
Of the safeguards required by the HIPAA Security Rule, which of the following is NOT at issue due to HealthCo's actions?
A. Administrative Safeguards
B.
C. Technical Safeguards
D. Physical Safeguards
E. Security Safeguards
SCENARIO
Please use the following to answer the next QUESTION:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.
"Doing your network?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?" "It's asking Questions about my opinions."
"Let me see," Matt said, and began reading the list of Questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten."
Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and
the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his
name, address, telephone number, and date of birth, and to answer Questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and
he decided it was time to report the incident to the proper authorities.
Based on the incident, the FTC's enforcement actions against the marketer would most likely include what violation?
A. Intruding upon the privacy of a family with young children.
B. Collecting information from a child under the age of thirteen.
C. Failing to notify of a breach of children's private information.
D. Disregarding the privacy policy of the children's marketing industry.
In March 2012, the FTC released a privacy report that outlined three core principles for companies handling consumer data. Which was NOT one of these principles?
A. Simplifying consumer choice.
B. Enhancing security measures.
C. Practicing Privacy by Design.
D. Providing greater transparency.
Global Manufacturing Co's Human Resources department recently purchased a new software tool. This tool helps evaluate future candidates for executive roles by scanning emails to see what those candidates say and what is said about them. This provides the HR department with an automated "360 review" that lets them know how the candidate thinks and operates, what their peers and direct reports say about them, and how well they interact with each other.
What is the most important step for the Human Resources Department to take when implementing this new software?
A. Making sure that the software does not unintentionally discriminate against protected groups.
B. Ensuring that the software contains a privacy notice explaining that employees have no right to privacy as long as they are running this software on organization systems to scan email systems.
C. Confirming that employees have read and signed the employee handbook where they have been advised that they have no right to privacy as long as they are using the organization's systems, regardless of the protected group or laws enforced by EEOC.
D. Providing notice to employees that their emails will be scanned by the software and creating automated profiles.
What information did the Red Flag Program Clarification Act of 2010 add to the original Red Flags rule?
A. The most common methods of identity theft.
B. The definition of what constitutes a creditor.
C. The process for proper disposal of sensitive data.
D. The components of an identity theft detection program.
When may a financial institution share consumer information with non-affiliated third parties for marketing purposes?
A. After disclosing information-sharing practices to customers and after giving them an opportunity to opt in.
B. After disclosing marketing practices to customers and after giving them an opportunity to opt in.
C. After disclosing information-sharing practices to customers and after giving them an opportunity to opt out.
D. After disclosing marketing practices to customers and after giving them an opportunity to opt out.
The Video Privacy Protection Act of 1988 restricted which of the following?
A. Which purchase records of audio visual materials may be disclosed
B. When downloading of copyrighted audio visual materials is allowed
C. When a user's viewing of online video content can be monitored
D. Who advertisements for videos and video games may target
Which venture would be subject to the requirements of Section 5 of the Federal Trade Commission Act?
A.
B. A local nonprofit charity's fundraiser
C. An online merchant's free shipping offer
D. A national bank's no-fee checking promotion
E. A city bus system's frequent rider program
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-C exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.