Nearly every state has a data breach noti cation law with a "compromise standard" for determining when notice is required. Which of the following is the best explanation of what a "compromise" is under this framework?
A. Compromise is de ned by the degree to which the affected individuals suffered actual harm or had substantial risk of actual harm.
B. Compromise is de ned by the case law in the jurisdiction and is typically based on the totality of the circumstances.
C. Compromise means that personally identi able information was wrongfully accessed by third parties.
D. Compromise means that the con dentiality, security, or integrity of the information was violated.
A California resident has created an account on your company's online food delivery platform and placed several orders in the past month. Later she submits a data subject request to access her personal information under the California Privacy Rights Act.
Assuming that the CPRA is in force, which of the following data elements would your company NOT have to provide to the requester once her identity has been veri ed?
A. Inferences made about the individual for the company's internal purposes.
B. The loyalty account number assigned through the individual's use of the services.
C. The time stamp for the creation of the individual's account in the platform's database.
D. The email address submitted by the individual as part of the account registration process.
One of the most signi cant elements of Senate Bill No. 260 relating to Internet privacy is the introduction of what term into Nevada law?
A. Data Ethics.
B. Data Brokers.
C. Arti cial Intelligence.
D. Transfer Mechanism.
Mega Corp. is a U.S.-based business with employees in California, Virginia, and Colorado. Which of the following must Mega Corp. comply with in regard to its human resources data?
A. California Privacy Rights Act.
B. California Privacy Rights Act and Virginia Consumer Data Protection Act.
C. California Privacy Rights Act and Colorado Privacy Act.
D. California Privacy Rights Act, Virginia Consumer Data Protection Act, and Colorado Privacy Act.
SCENARIO
Please use the following to answer the next question:
You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also collects credit card information for payment of the monthly subscription fee.
One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage could be done.
However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le, health and location information.
After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.
What answer should be given to the General Counsel?
A. "Users can only sue us if we violate the state breach noti cation laws."
B. "This is a health data incident subject to HIPAA, so the private right of action does not apply."
C. "Users cannot sue us, because only federal and state regulators have enforcement authority in data breaches."
D. "Even if we provide notice, we may still face liability due to mishandling the data and causing potential harm to users."
SCENARIO
Please use the following to answer the next question:
You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of
connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also
collects credit card information for payment of the monthly subscription fee.
One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage
could be done.
However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was
taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le,
health and location information.
After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this
incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.
What answer should be given to the Chief Financial O cer's question?
A. "No, we do not have to provide a free credit monitoring offer since our breach noti cation obligations under HIPAA supersede state breach noti cation laws."
B. "No. we do not have to provide a free credit monitoring offer since the impacted information did not include social security numbers."
C. "Yes, we must include a free credit monitoring offer since this incident involves credit card information."
D. ''Yes, all breach notices must include a free credit monitoring offer."
SCENARIO
Please use the following to answer the next question:
You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of
connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also
collects credit card information for payment of the monthly subscription fee.
One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage
could be done.
However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was
taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le,
health and location information.
After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this
incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.
How does the Monday evening discovery of the malware on the company's database server alter the company's noti cation obligations, if at all?
A. This discovery requires notice also be provided to the U.S. Dept. of Health and Human Services since the impacted information includes health information.
B. This discovery has no effect on the situation, since the user information does not include a social security number or driver's license number.
C. This discovery requires notice also be provided to the FTC since a health app is subject to the Health Breach Noti cation Rule.
D. This discovery has no effect on the situation, since all required noti cations are already being provided.
SCENARIO
Please use the following to answer the next question:
You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also collects credit card information for payment of the monthly subscription fee.
One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage could be done.
However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le, health and location information.
After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.
Who, if anyone, would the company have to notify immediately following the security team's rst call to the privacy manager on Friday?
A. It would have to notify each state's attorney general's o ce since the app is marketed to consumers.
B. It would not have to notify anyone since malware intrusions do not trigger breach noti cation laws.
C. It would have to notify the Federal Trade Commission (FTC) since there was an incident involving a mobile app.
D. It would not have to notify anyone since there was no unauthorized access of user data that would be considered personal information under applicable state laws.
SCENARIO
Please use the following to answer the next question:
You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also collects credit card information for payment of the monthly subscription fee.
One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage could be done.
However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le, health and location information.
After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.
Based on the information the security team provides on Monday morning, what is the company's noti cation obligation?
A. The company does not need to notify anyone since secure credit card information is not subject to breach noti cation laws.
B. The company does not need to notify anyone since the security team is not completely certain the attacker actually took the credit card information.
C. The company must notify its bank and the card brands under its PCI obligations, and potentially provide notice to individuals and state authorities. depending on state law.
D. The company must report the incident to the U.S. Secret Service since the incident involves nancial information, followed by notice to individuals and some state authorities.
A nancial services company install "bossware" software on its employees' remote computers to monitor performance. The software logs screenshots, mouse movements, and keystrokes to determine whether an employee is being productive. The software can also enable the computer webcams to record video footage.
Which of the following would best support an employee claim for an intrusion upon seclusion tort?
A. The webcam is enabled to record video any time the computer is turned on.
B. The company creates and saves a biometric template for each employee based upon keystroke dynamics.
C. The software automatically sends a noti cation to a supervisor any time the employee's mouse is dormant for more than ve minutes.
D. The webcam records video of an employee using a company laptop to perform personal business while at a coffee shop during work hours.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.