CIPP-US Exam Details

  • Exam Code
    :CIPP-US
  • Exam Name
    :Certified Information Privacy Professional/United States (CIPP/US)
  • Certification
    :IAPP Certifications
  • Vendor
    :IAPP
  • Total Questions
    :198 Q&As
  • Last Updated
    :Jun 28, 2026

IAPP CIPP-US Online Questions & Answers

  • Question 11:

    The rules for "e-discovery" mainly prevent which of the following?

    A. A conflict between business practice and technological safeguards
    B. The loss of information due to poor data retention practices
    C. The practice of employees using personal devices for work
    D. A breach of an organization's data retention program

  • Question 12:

    Under the Fair and Accurate Credit Transactions Act (FACTA), what is the most appropriate action for a car dealer holding a paper folder of customer credit reports?

    A. To follow the Disposal Rule by having the reports shredded
    B. To follow the Red Flags Rule by mailing the reports to customers
    C. To follow the Privacy Rule by notifying customers that the reports are being stored
    D. To follow the Safeguards Rule by transferring the reports to a secure electronic file

  • Question 13:

    What important action should a health care provider take if the she wants to qualify for funds under the Health Information Technology for Economic and Clinical Health Act (HITECH)?

    A. Make electronic health records (EHRs) part of regular care
    B. Bill the majority of patients electronically for their health care
    C. Send health information and appointment reminders to patients electronically
    D. Keep electronic updates about the Health Insurance Portability and Accountability Act

  • Question 14:

    SCENARIO

    Please use the following to answer the next question:

    Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.

    "Doing your homework?" Matt asked hopefully.

    "No," the boy said. "I'm filling out a survey."

    Matt looked over his son's shoulder at his computer screen. "What kind of survey?"

    "It's asking questions about my opinions."

    "Let me see," Matt said, and began reading the list of questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten."

    Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and

    the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.

    To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his

    name, address, telephone number, and date of birth, and to answer questions about his favorite games and toys.

    Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and

    he decided it was time to report the incident to the proper authorities.

    Depending on where Matt lives, the marketer could be prosecuted for violating which of the following?

    A. Investigative Consumer Reporting Agencies Act.
    B. Unfair and Deceptive Acts and Practices laws.
    C. Consumer Bill of Rights.
    D. Red Flag Rules.

  • Question 15:

    In which situation would a policy of "no consumer choice" or "no option" be expected?

    A. When a job applicant's credit report is provided to an employer
    B. When a customer's financial information is requested by the government
    C. When a patient's health record is made available to a pharmaceutical company
    D. When a customer's street address is shared with a shipping company

  • Question 16:

    What is a key way that the Gramm-Leach-Bliley Act (GLBA) prevents unauthorized access into a person's back account?

    A. By requiring immediate public disclosure after a suspected security breach.
    B. By requiring the amount of customer personal information printed on paper.
    C. By requiring the financial institutions limit the collection of personal information.
    D. By restricting the disclosure of customer account numbers by financial institutions.

  • Question 17:

    SCENARIO

    Please use the following to answer the next question:

    Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state's Do Not Call list, as well as the people on it. "If they

    were really serious about not being bothered," Evan said, "They'd be on the national DNC list. That's the only one we're required to follow. At SunriseLynx, we call until they ask us not to."

    Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call "another time." This, to Larry, is a clear indication that they don't want to be called at all. Evan doesn't see it that way.

    Larry believes that Evan's arrogance also affects the way he treats employees. The U.S. Constitution protects American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly,

    even connecting with employees on social media. However, following Evan's political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.

    Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common

    at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan's leadership.

    Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations

    sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentioned this to a coworker, his concern was met with a shrug. It was the coworker's belief that employees agreed to be monitored

    when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an

    outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.

    Larry wants to take action, but is uncertain how to proceed.

    Which act would authorize Evan's undercover investigation?

    A. The Whistleblower Protection Act
    B. The Stored Communications Act (SCA)
    C. The National Labor Relations Act (NLRA)
    D. The Fair and Accurate Credit Transactions Act (FACTA)

  • Question 18:

    What is the main purpose of requiring marketers to use the Wireless Domain Registry?

    A. To access a current list of wireless domain names
    B. To prevent unauthorized emails to mobile devices
    C. To acquire authorization to send emails to mobile devices
    D. To ensure their emails are sent to actual wireless subscribers

  • Question 19:

    Which of the following practices is NOT a key component of a data ethics framework?

    A. Automated decision-making.
    B. Preferability testing.
    C. Data governance.
    D. Auditing.

  • Question 20:

    Which of the following does Title VII of the Civil Rights Act prohibit an employer from asking a job applicant?

    A. Questions about age
    B. Questions about a disability
    C. Questions about national origin
    D. Questions about intended pregnancy

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.