In a data sharing arrangement, which of the following organizations would determine the rules that apply to the processing of the data being shared?
A. The business associate.
B. The hosting provider.
C. The data processor.
D. The data controller.
Your company's most brilliant engineer develops a new Artificial Intelligence (AI) technology he calls OXO-2576. The engineer wants to begin using it to analyze all of the data your company collects about its customers. As the company's privacy professional, you have some privacy concerns about using AI technology with customer data.
Which of the following is the best recommendation to offer the company?
A. Do not publicize that the company is using AI technology with its customer data.
B. De-identify the data collected by the AI technology so it cannot be linked to any individuals.
C. Automate the AI technology so there is no human seeing or handling the customers' personal information.
D. Use the AI technology only for employees, as companies are given more leeway when handling employee personal information.
Edward Snowden's revelations regarding government programs collecting massive amounts of information about U.S. citizens and noncitizens led to the passage of which law?
A. Cybersecurity Information Sharing Act of 2015
B. Foreign Intelligence Surveillance Act
C. USA FREEDOM Act
D. CLOUD Act
In 2011, the FTC announced a settlement with Google regarding its social networking service Google Buzz. The FTC alleged that in the process of launching the service, the company did all of the following EXCEPT?
A. Violated its own privacy policies.
B. Engaged in deceptive trade practices.
C. Failed to comply with Safe Harbor principles.
D. Failed to employ sufficient security safeguards.
Which of the following is a U.S. surveillance program authorized under Section 702 of the Foreign Intelligence Surveillance Act Amendments Act?
A. Upstream
B. NATGRID
C. Project 6
D. SORM
The use of cookies on a website by a service provider is generally not deemed a ‘sale’ of personal information by CCPA, as long as which of the following conditions is met?
A. The third party stores personal information to trigger a response to a consumer's request to exercise their right to opt in.
B. The analytics cookies placed by the service provider are capable of being tracked but cannot be linked to a particular consumer of that business.
C. The service provider retains personal information obtained in the course of providing the services specified in the agreement with the subcontractors.
D. The information collected by the service provider is necessary to perform debugging and the business and service provider have entered into an appropriate agreement.
Which of the following would NOT be considered a method of obtaining verifiable parental consent before collecting, using or disclosing personal information from children under the Children's Online Privacy Protection Act (COPPA) of 1998?
A. Using a credit card, debit card, or other online payment system.
B. Having the parent call a toll-free telephone number staffed by trained personnel.
C. Having the parent sign a consent form and return it to the operator by postal mail, facsimile, or electronic scan.
D. Sending a text message to the parent explaining the intended uses of the information.
A company based in United States receives information about its UK subsidiary's employees in connection with the centralized HR service it provides. How can the UK company ensure an adequate level of data protection that would allow the restricted data transfer to continue?
A. By signing up to an approved code of conduct under UK GDPR to demonstrate compliance with its requirements, both for the parent and the subsidiary companies.
B. By revising the contract with the United States parent company incorporating EU SCCs, as it continues to be valid for restricted transfers under the UK regime.
C. By submitting to the ICO a new application for the UK BCRs using the UK BCR application forms, as their existing authorized EU BCRs are not recognized.
D. By allowing each employee the option to opt-out to the restricted transfer, as it is necessary to send their names in order to book the sales bonuses.
What are the maximum statutory damages for violations of the Fair Credit Reporting Act (FCRA)?
A. $500 per violation
B. $1,000 per violation
C. $2,000 per violation
D. $5,000 per violation
What was unique about the action that the Federal Trade Commission took against B.J.'s Wholesale Club in 2005?
A. It made third-party audits a penalty for policy violations.
B. It was based on matters of fairness rather than deception.
C. It was the first substantial U.S.-EU Safe Harbor enforcement.
D. It made user consent mandatory after any revisions of policy.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.