A California resident has created an account on your company's online food delivery platform and placed several orders in the past month. Later she submits a data subject request to access her personal information under the California Privacy Rights Act.
Assuming that the CPRA is in force, which of the following data elements would your company NOT have to provide to the requester once her identity has been veri ed?
A. Inferences made about the individual for the company's internal purposes.
B. The loyalty account number assigned through the individual's use of the services.
C. The time stamp for the creation of the individual's account in the platform's database.
D. The email address submitted by the individual as part of the account registration process.
One of the most signi cant elements of Senate Bill No. 260 relating to Internet privacy is the introduction of what term into Nevada law?
A. Data Ethics.
B. Data Brokers.
C. Arti cial Intelligence.
D. Transfer Mechanism.
Mega Corp. is a U.S.-based business with employees in California, Virginia, and Colorado. Which of the following must Mega Corp. comply with in regard to its human resources data?
A. California Privacy Rights Act.
B. California Privacy Rights Act and Virginia Consumer Data Protection Act.
C. California Privacy Rights Act and Colorado Privacy Act.
D. California Privacy Rights Act, Virginia Consumer Data Protection Act, and Colorado Privacy Act.
SCENARIO
Please use the following to answer the next question:
You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also collects credit card information for payment of the monthly subscription fee.
One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage could be done.
However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le, health and location information.
After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.
What answer should be given to the General Counsel?
A. "Users can only sue us if we violate the state breach noti cation laws."
B. "This is a health data incident subject to HIPAA, so the private right of action does not apply."
C. "Users cannot sue us, because only federal and state regulators have enforcement authority in data breaches."
D. "Even if we provide notice, we may still face liability due to mishandling the data and causing potential harm to users."
SCENARIO
Please use the following to answer the next question:
You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of
connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also
collects credit card information for payment of the monthly subscription fee.
One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage
could be done.
However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was
taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le,
health and location information.
After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this
incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.
What answer should be given to the Chief Financial O cer's question?
A. "No, we do not have to provide a free credit monitoring offer since our breach noti cation obligations under HIPAA supersede state breach noti cation laws."
B. "No. we do not have to provide a free credit monitoring offer since the impacted information did not include social security numbers."
C. "Yes, we must include a free credit monitoring offer since this incident involves credit card information."
D. ''Yes, all breach notices must include a free credit monitoring offer."
SCENARIO
Please use the following to answer the next question:
You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also collects credit card information for payment of the monthly subscription fee.
One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage could be done.
However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le, health and location information.
After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.
Based on the information the security team provides on Monday morning, what is the company's noti cation obligation?
A. The company does not need to notify anyone since secure credit card information is not subject to breach noti cation laws.
B. The company does not need to notify anyone since the security team is not completely certain the attacker actually took the credit card information.
C. The company must notify its bank and the card brands under its PCI obligations, and potentially provide notice to individuals and state authorities. depending on state law.
D. The company must report the incident to the U.S. Secret Service since the incident involves nancial information, followed by notice to individuals and some state authorities.
SCENARIO
Please use the following to answer the next question:
You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of
connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also
collects credit card information for payment of the monthly subscription fee.
One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage
could be done.
However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was
taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le,
health and location information.
After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this
incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.
How does the Monday evening discovery of the malware on the company's database server alter the company's noti cation obligations, if at all?
A. This discovery requires notice also be provided to the U.S. Dept. of Health and Human Services since the impacted information includes health information.
B. This discovery has no effect on the situation, since the user information does not include a social security number or driver's license number.
C. This discovery requires notice also be provided to the FTC since a health app is subject to the Health Breach Noti cation Rule.
D. This discovery has no effect on the situation, since all required noti cations are already being provided.
SCENARIO
Please use the following to answer the next question:
You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also collects credit card information for payment of the monthly subscription fee.
One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage could be done.
However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le, health and location information.
After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.
Who, if anyone, would the company have to notify immediately following the security team's rst call to the privacy manager on Friday?
A. It would have to notify each state's attorney general's o ce since the app is marketed to consumers.
B. It would not have to notify anyone since malware intrusions do not trigger breach noti cation laws.
C. It would have to notify the Federal Trade Commission (FTC) since there was an incident involving a mobile app.
D. It would not have to notify anyone since there was no unauthorized access of user data that would be considered personal information under applicable state laws.
SCENARIO
Please use the following to answer the next question:
Jane is a U.S. citizen and a senior software engineer at California-based Jones Labs, a major software supplier to the U.S. Department of Defense and other U.S. federal agencies. Jane's manager, Patrick, is a French citizen who has been living in California for over a decade. Patrick has recently begun to suspect that Jane is an insider secretly transmitting trade secrets to foreign intelligence. Unbeknownst to Patrick, the FBI has already received a hint from anonymous whistleblower, and jointly with the National Security Agency is investigating Jane's possible implication in a sophisticated foreign espionage campaign.
Ever since the pandemic, Jane has been working from home. To complete her daily tasks she uses her corporate laptop, which after each login conspicuously provides notice that the equipment belongs to Jones Labs and may be monitored according to the enacted privacy policy and employment handbook. Jane also has a corporate mobile phone that she uses strictly for business, the terms of which are de ned in her employment contract and elaborated upon in her employee handbook. Both the privacy policy and the employee handbook are revised annually by a reputable California law rm specializing in privacy law. Jane also has a personal iPhone that she uses for private purposes only.
Jones Labs has its primary data center in San Francisco, which is managed internally by Jones Labs engineers. The secondary data center, managed by Amazon AWS, is physically located in the UK for disaster recovery purposes. Jones Labs' mobile devices backup is managed by a mid-sized mobile defense company located in Denver, which physically stores the data in Canada to reduce costs. Jones Labs MS O ce documents are securely stored in a Microsoft O ce 365 data center based in Ireland. Manufacturing data of Jones Labs is stored in Taiwan and managed by a local supplier that has no presence in the U.S.
When storing Jane's ngerprint for remote authentication. Jones Labs should consider legality issues under which of the following?
A. The Privacy Rule of the HITECH Act.
B. The California IoT Security Law (SB 327).
C. The applicable state law such as Illinois BIPA.
D. The federal Genetic Information Nondiscrimination Act (GINA).
A nancial services company install "bossware" software on its employees' remote computers to monitor performance. The software logs screenshots, mouse movements, and keystrokes to determine whether an employee is being productive. The software can also enable the computer webcams to record video footage.
Which of the following would best support an employee claim for an intrusion upon seclusion tort?
A. The webcam is enabled to record video any time the computer is turned on.
B. The company creates and saves a biometric template for each employee based upon keystroke dynamics.
C. The software automatically sends a noti cation to a supervisor any time the employee's mouse is dormant for more than ve minutes.
D. The webcam records video of an employee using a company laptop to perform personal business while at a coffee shop during work hours.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.