IAPP CIPP-US Online Practice
Questions and Exam Preparation
CIPP-US Exam Details
Exam Code
:CIPP-US
Exam Name
:Certified Information Privacy Professional/United States (CIPP/US)
Certification
:IAPP Certifications
Vendor
:IAPP
Total Questions
:198 Q&As
Last Updated
:Jun 28, 2026
IAPP CIPP-US Online Questions &
Answers
Question 121:
The U.S. Supreme Court has recognized an individual's right to privacy over personal issues, such as contraception, by acknowledging which of the following?
A. Federal preemption of state constitutions that expressly recognize an individual right to privacy. B. A "penumbra" of unenumerated constitutional rights as well as more general protections of due process of law. C. An interpretation of the U.S. Constitution's explicit definition of privacy that extends to personal issues. D. The doctrine of stare decisis, which allows the U.S. Supreme Court to follow the precedent of previously decided case law.
B. A "penumbra" of unenumerated constitutional rights as well as more general protections of due process of law.
According to FERPA, when can a school disclose records without a student's consent?
A. If the disclosure is not to be conducted through email to the third party B. If the disclosure would not reveal a student's student identification number C. If the disclosure is to practitioners who are involved in a student's health care D. If the disclosure is to provide transcripts to a school where a student intends to enroll
D. If the disclosure is to provide transcripts to a school where a student intends to enroll
Which action is prohibited under the Electronic Communications Privacy Act of 1986?
A. Intercepting electronic communications and unauthorized access to stored communications B. Monitoring all employee telephone calls C. Accessing stored communications with the consent of the sender or recipient of the message D. Monitoring employee telephone calls of a personal nature
A. Intercepting electronic communications and unauthorized access to stored communications
Acme Student Loan Company has developed an artificial intelligence algorithm that determines whether an individual is likely to pay their bill or default. A person who is determined by the algorithm to be more likely to default will receive frequent payment reminder calls, while those who are less likely to default will not receive payment reminders.
Which of the following most accurately reflects the privacy concerns with Acme Student Loan Company using artificial intelligence in this manner?
A. If the algorithm uses risk factors that impact the automatic decision engine. Acme must ensure that the algorithm does not have a disparate impact on protected classes in the output. B. If the algorithm makes automated decisions based on risk factors and public information, Acme need not determine if the algorithm has a disparate impact on protected classes. C. If the algorithm's methodology is disclosed to consumers, then it is acceptable for Acme to have a disparate impact on protected classes. D. If the algorithm uses information about protected classes to make automated decisions, Acme must ensure that the algorithm does not have a disparate impact on protected classes in the output.
B. If the algorithm makes automated decisions based on risk factors and public information, Acme need not determine if the algorithm has a disparate impact on protected classes.
Which of the following types of information would an organization generally NOT be required to disclose to law enforcement?
A. Information about medication errors under the Food, Drug and Cosmetic Act B. Money laundering information under the Bank Secrecy Act of 1970 C. Information about workplace injuries under OSHA requirements D. Personal health information under the HIPAA Privacy Rule
D. Personal health information under the HIPAA Privacy Rule
Explanation
Question 126:
What are banks required to do under the Gramm-Leach-Bliley Act (GLBA)?
A. Conduct annual consumer surveys regarding satisfaction with user preferences B. Process requests for changes to user preferences within a designated time frame C. Provide consumers with the opportunity to opt out of receiving telemarketing phone calls D. Offer an Opt-Out before transferring PI to an unaffiliated third party for the latter's own use
D. Offer an Opt-Out before transferring PI to an unaffiliated third party for the latter's own use
Explanation
https://www.investopedia.com/terms/g/glba.asp
Question 127:
What do the Civil Rights Act, Pregnancy Discrimination Act, Americans with Disabilities Act, Age Discrimination Act, and Equal Pay Act all have in common?
A. They require employers not to discriminate against certain classes when employees use personal information B. They require that employers provide reasonable accommodations to certain classes of employees C. They afford certain classes of employees' privacy protection by limiting inquiries concerning their personal information D. They permit employers to use or disclose personal information specifically about employees who are members of certain classes
A. They require employers not to discriminate against certain classes when employees use personal information
Explanation
Question 128:
All of the following organizations are specified as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) EXCEPT?
A. Healthcare information clearinghouses B. Pharmaceutical companies C. Healthcare providers D. Health plans
Which of the following best describes what a "private right of action" is?
A. The right of individuals to keep their information private. B. The right of individuals to submit a request to access their information. C. The right of individuals harmed by data processing to have their information deleted. D. The right of individuals harmed by a violation of a law to file a lawsuit against the violation.
D. The right of individuals harmed by a violation of a law to file a lawsuit against the violation.
Which of the following accurately describes the purpose of a particular federal enforcement agency?
A. The National Institute of Standards and Technology (NIST) has established mandatory privacy standards that can then be enforced against all for-profit organizations by the Department of Justice (DOJ). B. The Cybersecurity and Infrastructure Security Agency (CISA) is authorized to bring civil enforcement actions against organizations whose website or other online service fails to adequately secure personal information. C. The Federal Communications Commission (FCC) regulates privacy practices on the internet and enforces violations relating to websites' posted privacy disclosures. D. The Federal Trade Commission (FTC) is typically recognized as having the broadest authority under the FTC Act to address unfair or deceptive privacy practices.
D. The Federal Trade Commission (FTC) is typically recognized as having the broadest authority under the FTC Act to address unfair or deceptive privacy practices.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only IAPP exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your CIPP-US exam preparations
and IAPP certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.