CIPP-US Exam Details

  • Exam Code
    :CIPP-US
  • Exam Name
    :Certified Information Privacy Professional/United States (CIPP/US)
  • Certification
    :IAPP Certifications
  • Vendor
    :IAPP
  • Total Questions
    :198 Q&As
  • Last Updated
    :Jun 28, 2026

IAPP CIPP-US Online Questions & Answers

  • Question 91:

    How did the Fair and Accurate Credit Transactions Act (FACTA) amend the Fair Credit Reporting Act (FCRA)?

    A. It expanded the definition of "consumer reports" to include communications relating to employee investigations
    B. It increased the obligation of organizations to dispose of consumer data in ways that prevent unauthorized access
    C. It stipulated the purpose of obtaining a consumer report can only be for a review of the employee's credit worthiness
    D. It required employers to get an employee's consent in advance of requesting a consumer report for internal investigation purposes

  • Question 92:

    A California resident has created an account on your company's online food delivery platform and placed several orders in the past month. Later she submits a data subject request to access her personal information under the California Privacy Rights Act.

    Assuming that the CPRA is in force, which of the following data elements would your company NOT have to provide to the requester once her identity has been veri ed?

    A. Inferences made about the individual for the company's internal purposes.
    B. The loyalty account number assigned through the individual's use of the services.
    C. The time stamp for the creation of the individual's account in the platform's database.
    D. The email address submitted by the individual as part of the account registration process.

  • Question 93:

    Privacy Is Hiring Inc., a CA-based company, is an online specialty recruiting firm focusing on placing privacy professionals in roles at major companies. Job candidates create online profiles outlining their experience and credentials, and can pay $19.99/month via credit card to have their profiles promoted to potential employers. Privacy Is Hiring Inc. keeps all customer data at rest encrypted on its servers.

    Under what circumstances would Privacy Is Hiring Inc., need to notify affected individuals in the event of a data breach?

    A. If law enforcement has completed its investigation and has authorized Privacy Is Hiring Inc. to provide the notification to clients and applicable regulators.
    B. If the job candidates' credit card information and the encryption keys were among the information taken.
    C. If Privacy Is Hiring Inc., reasonably believes that job candidates will be harmed by the data breach.
    D. If the personal information stolen included the individuals' names and credit card pin numbers.

  • Question 94:

    Under the Driver's Privacy Protection Act (DPPA), which of the following parties would require consent of an individual in order to obtain his or her Department of Motor Vehicle information?

    A. Law enforcement agencies performing investigations.
    B. Insurance companies needing to investigate claims.
    C. Attorneys gathering information related to lawsuits.
    D. Marketers wishing to distribute bulk materials.

  • Question 95:

    The Video Privacy Protection Act of 1988 restricted which of the following?

    A. Which purchase records of audio visual materials may be disclosed
    B. When downloading of copyrighted audio visual materials is allowed
    C. When a user's viewing of online video content can be monitored
    D. Who advertisements for videos and video games may target

  • Question 96:

    Which entity within the Department of Health and Human Services (HHS) is the primary enforcer of the Health Insurance Portability and Accountability Act (HIPAA) "Privacy Rule"?

    A. Office for Civil Rights.
    B. Office of Social Services.
    C. Office of Inspector General.
    D. Office of Public Health and Safety.

  • Question 97:

    What does the Massachusetts Personal Information Security Regulation require as it relates to encryption of personal information?

    A. The encryption of all personal information of Massachusetts residents when all equipment is located in Massachusetts.
    B. The encryption of all personal information stored in Massachusetts-based companies when all equipment is located in Massachusetts.
    C. The encryption of personal information stored in Massachusetts-based companies when stored on portable devices.
    D. The encryption of all personal information of Massachusetts residents when stored on portable devices.

  • Question 98:

    In 2011, the FTC announced a settlement with Google regarding its social networking service Google Buzz. The FTC alleged that in the process of launching the service, the company did all of the following EXCEPT?

    A. Violated its own privacy policies.
    B. Engaged in deceptive trade practices.
    C. Failed to comply with Safe Harbor principles.
    D. Failed to employ sufficient security safeguards.

  • Question 99:

    Smith Memorial Healthcare (SMH) is a hospital network headquartered in New York and operating in 7 other states. SMH uses an electronic medical record to enter and track information about its patients. Recently, SMH suffered a data breach where a third-party hacker was able to gain access to the SMH internal network. Because it is a HIPPA-covered entity, SMH made a notification to the Office of Civil Rights at the U.S. Department of Health and Human Services about the breach.

    Which statement accurately describes SMH's notification responsibilities?

    A. If SMH is compliant with HIPAA, it will not have to make a separate notification to individuals in the state of New York.
    B. If SMH has more than 500 patients in the state of New York, it will need to make separate notifications to these patients.
    C. If SMH must make a notification in any other state in which it operates, it must also make a notification to individuals in New York.
    D. If SMH makes credit monitoring available to individuals who inquire, it will not have to make a separate notification to individuals in the state of New York.

  • Question 100:

    Which entities must comply with the Telemarketing Sales Rule?

    A. For-profit organizations and for-profit telefunders regarding charitable solicitations
    B. Nonprofit organizations calling on their own behalf
    C. For-profit organizations calling businesses when a binding contract exists between them
    D. For-profit and not-for-profit organizations when selling additional services to establish customers

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.