Which act violates the Family Educational Rights and Privacy Act of 1974 (FERPA)?
A. A K-12 assessment vendor obtains a student's signed essay about her hometown from her school to use as an exemplar for public releaseSCENARIO
Please use the following to answer the next question:
A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the
letter describes an ongoing investigation by a supervisory authority into the retailer's data handling practices.
The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and
request for erasure of her personal data. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened
the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: "Please act immediately by identifying all personal data received from our company."
This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup's rapid market penetration.
As the Company's data privacy leader, you are sensitive to the criticality of the relationship with the retailer.
At this stage of the investigation, what should the data privacy leader review first?
A. Available data flow diagramsAn organization self-certified under Privacy Shield must, upon request by an individual, do what?
A. Suspend the use of all personal information collected by the organization to fulfill its original purpose.The California Privacy Rights Act (CPRA) expands upon a number of topics previously introduced in the California Consumer Privacy Act (CCPA).
Which of the following was already part of the CCPA?
A. Risk assessments.Which of the following became the first state to pass a law specifically regulating the practices of data brokers?
A. Washington.Your company's most brilliant engineer develops a new Artificial Intelligence (AI) technology he calls OXO-2576. The engineer wants to begin using it to analyze all of the data your company collects about its customers. As the company's privacy professional, you have some privacy concerns about using AI technology with customer data.
Which of the following is the best recommendation to offer the company?
A. Do not publicize that the company is using AI technology with its customer data.Although an employer may have a strong incentive or legal obligation to monitor employees' conduct or behavior, some excessive monitoring may be considered an intrusion on employees' privacy? Which of the following is the strongest example of excessive monitoring by the employer?
A. An employer who installs a video monitor in physical locations, such as a warehouse, to ensure employees are performing tasks in a safe manner and environment.SCENARIO
Please use the following to answer the next question:
Miraculous Healthcare is a large medical practice with multiple locations in California and Nevada. Miraculous normally treats patients in person, but has recently decided to start offering telehealth appointments, where patients can have
virtual appointments with on-site doctors via a phone app.
For this new initiative, Miraculous is considering a product built by MedApps, a company that makes quality telehealth apps for healthcare practices and licenses them to be used with the practices’ branding. MedApps provides technical
support for the app, which it hosts in the cloud. MedApps also offers an optional benchmarking service for providers who wish to compare their practice to others using the service.
Riya is the Privacy Officer at Miraculous, responsible for the practice's compliance with HIPAA and other applicable laws, and she works with the Miraculous procurement team to get vendor agreements in place. She occasionally assists
procurement in vetting vendors and inquiring about their own compliance practices, as well as negotiating the terms of vendor agreements. Riya is currently reviewing the suitability of the MedApps app from a privacy perspective.
Riya has also been asked by the Miraculous Healthcare business operations team to review the MedApps’ optional benchmarking service. Of particular concern is the requirement that Miraculous Healthcare upload information about the
appointments to a portal hosted by MedApps.
If MedApps receives an access request under CCPA from a California-based app user, how should it handle the request?
A. MedApps should decline the request because Protected Health Information is not subject to CCPA.What consumer protection did the Fair and Accurate Credit Transactions Act (FACTA) require?
A. The ability for the consumer to correct inaccurate credit report informationWhich federal act does NOT contain provisions for preempting stricter state laws?
A. The CAN-SPAM ActNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.