CIPP-US Exam Details

  • Exam Code
    :CIPP-US
  • Exam Name
    :Certified Information Privacy Professional/United States (CIPP/US)
  • Certification
    :IAPP Certifications
  • Vendor
    :IAPP
  • Total Questions
    :198 Q&As
  • Last Updated
    :Jun 28, 2026

IAPP CIPP-US Online Questions & Answers

  • Question 61:

    Which is an exception to the general prohibitions on telephone monitoring that exist under the U.S. Wiretap Act?

    A. Call center exception
    B. Inter-company communications exception
    C. Ordinary course of business exception
    D. Internet calls exception

  • Question 62:

    SCENARIO

    Please use the following to answer the next question:

    A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the

    letter describes an ongoing investigation by a supervisory authority into the retailer's data handling practices.

    The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and

    request for erasure of her personal data. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened

    the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: "Please act immediately by identifying all personal data received from our company."

    This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup's rapid market penetration.

    As the Company's data privacy leader, you are sensitive to the criticality of the relationship with the retailer.

    Under the General Data Protection Regulation (GDPR), how would the U.S.-based startup company most likely be classified?

    A. As a data supervisor
    B. As a data processor
    C. As a data controller
    D. As a data manager

  • Question 63:

    All of the following common law torts are relevant to employee privacy under US law EXCEPT?

    A. Infliction of emotional distress.
    B. Intrusion upon seclusion.
    C. Defamation
    D. Conversion.

  • Question 64:

    SCENARIO

    Please use the following to answer the next question:

    Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has made better financial decisions in the past two years.

    One potential employer, Arnie's Emporium, recently called to tell Noah he did not get a position. As part of the application process, Noah signed a consent form allowing the employer to request his credit report from a consumer reporting

    agency (CRA). Noah thinks that the report hurt his chances, but believes that he may not ever know whether it was his credit that cost him the job. However, Noah is somewhat relieved that he was not offered this particular position. He

    noticed that the store where he interviewed was extremely disorganized. He imagines that his credit report could still

    be sitting in the office, unsecured.

    Two days ago, Noah got another interview for a position at Sam's Market. The interviewer told Noah that his credit report would be a factor in the hiring decision. Noah was surprised because he had not seen anything on paper about this

    when he applied.

    Regardless, the effect of Noah's credit on his employability troubles him, especially since he has tried so hard to improve it. Noah made his worst financial decisions fifteen years ago, and they led to bankruptcy. These were decisions he

    made as a young man, and most of his debt at the time consisted of student loans, credit card debt, and a few unpaid bills ?all of which Noah is still working to pay off. He often laments that decisions he made fifteen years ago are still

    affecting him today.

    In addition, Noah feels that an experience investing with a large bank may have contributed to his financial troubles. In 2007, in an effort to earn money to help pay off his debt, Noah talked to a customer service representative at a large

    investment company who urged him to purchase stocks. Without understanding the risks, Noah agreed. Unfortunately, Noah lost a great deal of money.

    After losing the money, Noah was a customer of another financial institution that suffered a large security breach. Noah was one of millions of customers whose personal information was compromised. He wonders if he may have been a

    victim of identity theft and whether this may have negatively affected his credit.

    Noah hopes that he will soon be able to put these challenges behind him, build excellent credit, and find the perfect job.

    Based on the scenario, which legislation should ease Noah's worry about his credit report as a result of applying at Arnie's Emporium?

    A. The Privacy Rule under the Gramm-Leach-Bliley Act (GLBA).
    B. The Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA).
    C. The Disposal Rule under the Fair and Accurate Credit Transactions Act (FACTA).
    D. The Red Flags Rule under the Fair and Accurate Credit Transactions Act (FACTA).

  • Question 65:

    Which statement is FALSE regarding the provisions of the Employee Polygraph Protection Act of 1988 (EPPA)?

    A. The EPPA requires that employers post essential information about the Act in a conspicuous location.
    B. The EPPA includes an exception that allows polygraph tests in professions in which employee honesty is necessary for public safety.
    C. Employers are prohibited from administering psychological testing based on personality traits such as honesty, preferences or habits.
    D. Employers involved in the manufacture of controlled substances may terminate employees based on polygraph results if other evidence exists.

  • Question 66:

    Which of the following most accurately describes the regulatory status of pandemic contact-tracing apps in the United States?

    A. Contact tracing is covered exclusively under the Health Insurance Portability and Accountability Act (HIPAA).
    B. Contact tracing is regulated by the U.S. Centers for Disease Control and Prevention (CDC).
    C. Contact tracing is subject to a patchwork of federal and state privacy laws.
    D. Contact tracing is not regulated in the United States.

  • Question 67:

    SCENARIO

    Please use the following to answer the next question:

    Jane is a U.S. citizen and a senior software engineer at California-based Jones Labs, a major software supplier to the U.S. Department of Defense and other U.S. federal agencies. Jane's manager, Patrick, is a French citizen who has been living in California for over a decade. Patrick has recently begun to suspect that Jane is an insider secretly transmitting trade secrets to foreign intelligence. Unbeknownst to Patrick, the FBI has already received a hint from anonymous whistleblower, and jointly with the National Security Agency is investigating Jane's possible implication in a sophisticated foreign espionage campaign.

    Ever since the pandemic, Jane has been working from home. To complete her daily tasks she uses her corporate laptop, which after each login conspicuously provides notice that the equipment belongs to Jones Labs and may be monitored according to the enacted privacy policy and employment handbook. Jane also has a corporate mobile phone that she uses strictly for business, the terms of which are de ned in her employment contract and elaborated upon in her employee handbook. Both the privacy policy and the employee handbook are revised annually by a reputable California law rm specializing in privacy law. Jane also has a personal iPhone that she uses for private purposes only.

    Jones Labs has its primary data center in San Francisco, which is managed internally by Jones Labs engineers. The secondary data center, managed by Amazon AWS, is physically located in the UK for disaster recovery purposes. Jones Labs' mobile devices backup is managed by a mid-sized mobile defense company located in Denver, which physically stores the data in Canada to reduce costs. Jones Labs MS O ce documents are securely stored in a Microsoft O ce 365 data center based in Ireland. Manufacturing data of Jones Labs is stored in Taiwan and managed by a local supplier that has no presence in the U.S.

    Before inspecting any GPS geolocation data from Jane's corporate mobile phone, Patrick should rst do what?

    A. Obtain prior consent from Jane pursuant to the Telephone Consumer Protection Act
    B. Revise emerging workplace privacy best practices with a reputable advocacy organization.
    C. Obtain a subpoena from law enforcement, or a court order, directing Jones Labs to collect the GPS geolocation data.
    D. Ensure that such activity is permitted under Jane's employment contract or the company's employee privacy policy.

  • Question 68:

    U.S.

    federal laws protect individuals from employment discrimination based on all of the following EXCEPT?

    A. Age.
    B. Pregnancy.
    C. Marital status.
    D. Genetic information.

  • Question 69:

    As a result of the Schrems II decision and CJEU opinion, what would the preferred course of action be if a Section 702 disclosure related to a foreign entity is required?

    A. Ensure that the most recent SCC from the European Commission is being executed as a valid method of adequacy.
    B. Provide 30 days notice to affected parties to allow the opportunity for ling a motion to quash with the court.
    C. Seek redress from the court pursuing a protective order, since the consumer is unable to le a motion to quash.
    D. Seek the advice of outside counsel and conduct a transfer impact assessment.

  • Question 70:

    What practice does the USA FREEDOM Act NOT authorize?

    A. Emergency exceptions that allow the government to target roamers
    B. An increase in the maximum penalty for material support to terrorism
    C. An extension of the expiration for roving wiretaps
    D. The bulk collection of telephone data and internet metadata

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.