SCENARIO
Please use the following to answer the next question:
Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use.
The company is based in Seattle, Washington, with offices throughout the U.S. and Asia. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in the Cross-Border Privacy Rules system
of the APEC Privacy Framework.
Unfortunately, Filtration Station suffered a data breach in the previous quarter. An unknown third party was able to gain access to Filtration Station's network and was able to steal data relating to employees in the company's Human
Resources database, which is hosted by a third-party cloud provider based in the U.S. The HR data is encrypted. Filtration Station also uses the third-party cloud provider to host its business marketing contact database. The marketing
database was not affected by the data breach. It appears that the data breach was caused when a system administrator at the cloud provider stored the encryption keys with the data itself.
The Board has asked Otto to provide information about the data breach and how updates on new developments in privacy laws and regulations apply to Filtration Station. They are particularly concerned about staying up to date on the
various U.S. state laws and regulations that have been in the news, especially the California Consumer Privacy Act (CCPA) and breach notification requirements.
What can Otto do to most effectively minimize the privacy risks involved in using a cloud provider for the HR data?
A. Request that the Board sign off in a written document on the choice of cloud provider.
B. Ensure that the cloud provider abides by the contractual requirements by conducting an on-site audit.
C. Obtain express consent from employees for storing the HR data in the cloud and keep a record of the employee consents.
D. Negotiate a Business Associate Agreement with the cloud provider to protect any health-related data employees might share with Filtration Station.
Which of the following statements is most accurate in regard to data breach notifications under federal and state laws:
A. You must notify the Federal Trade Commission (FTC) in addition to affected individuals if over 500 individuals are receiving notice.
B. When providing an individual with required notice of a data breach, you must identify what personal information was actually or likely compromised.
C. When you are required to provide an individual with notice of a data breach under any state's law, you must provide the individual with an offer for free credit monitoring.
D. The only obligations to provide data breach notification are under state law because currently there is no federal law or regulation requiring notice for the breach of personal information.
In March 2012, the FTC released a privacy report that outlined three core principles for companies handling consumer data. Which was NOT one of these principles?
A. Simplifying consumer choice.
B. Enhancing security measures.
C. Practicing Privacy by Design.
D. Providing greater transparency.
What is a key way that the Gramm-Leach-Bliley Act (GLBA) prevents unauthorized access into a person's back account?
A. By requiring immediate public disclosure after a suspected security breach.
B. By requiring the amount of customer personal information printed on paper.
C. By requiring the financial institutions limit the collection of personal information.
D. By restricting the disclosure of customer account numbers by financial institutions.
In what way is the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act intended to help consumers?
A. By providing consumers with free spam-filtering software.
B. By requiring a company to receive an opt-in before sending any advertising e-mails.
C. By prohibiting companies from sending objectionable content through unsolicited e-mails.
D. By requiring companies to allow consumers to opt-out of future e-mails.
SCENARIO
Please use the following to answer the next question:
Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use.
The company is based in Seattle, Washington, with offices throughout the U.S. and Asia. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in the Cross-Border Privacy Rules system
of the APEC Privacy Framework.
Unfortunately, Filtration Station suffered a data breach in the previous quarter. An unknown third party was able to gain access to Filtration Station's network and was able to steal data relating to employees in the company's Human
Resources database, which is hosted by a third-party cloud provider based in the U.S. The HR data is encrypted. Filtration Station also uses the third-party cloud provider to host its business marketing contact database. The marketing
database was not affected by the data breach. It appears that the data breach was caused when a system administrator at the cloud provider stored the encryption keys with the data itself.
The Board has asked Otto to provide information about the data breach and how updates on new developments in privacy laws and regulations apply to Filtration Station. They are particularly concerned about staying up to date on the
various U.S. state laws and regulations that have been in the news, especially the California Consumer Privacy Act (CCPA) and breach notification requirements.
The Board has asked Otto whether the company will need to comply with the new California Consumer Privacy Law (CCPA). What should Otto tell the Board?
A. That CCPA will apply to the company only after the California Attorney General determines that it will enforce the statute.
B. That the company is governed by CCPA, but does not need to take any additional steps because it follows CPBR.
C. That business contact information could be considered personal information governed by CCPA.
D. That CCPA only applies to companies based in California, which exempts the company from compliance.
Based on the 2012 Federal Trade Commission report "Protecting Consumer Privacy in an Era of Rapid Change", which of the following directives is most important for businesses?
A. Announcing the tracking of online behavior for advertising purposes.
B. Integrating privacy protections during product development.
C. Allowing consumers to opt in before collecting any data.
D. Mitigating harm to consumers after a security breach.
In a case of civil litigation, what might a defendant who is being sued for distributing an employee's private information face?
A. Probation.
B. Criminal fines.
C. An injunction.
D. A jail sentence.
The U.S. Supreme Court has recognized an individual's right to privacy over personal issues, such as contraception, by acknowledging which of the following?
A. Federal preemption of state constitutions that expressly recognize an individual right to privacy.
B. A "penumbra" of unenumerated constitutional rights as well as more general protections of due process of law.
C. An interpretation of the U.S. Constitution's explicit definition of privacy that extends to personal issues.
D. The doctrine of stare decisis, which allows the U.S. Supreme Court to follow the precedent of previously decided case law.
SCENARIO
Please use the following to answer the next question:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.
"Doing your homework?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?"
"It's asking questions about my opinions."
"Let me see," Matt said, and began reading the list of questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten."
Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and
the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his
name, address, telephone number, and date of birth, and to answer questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and
he decided it was time to report the incident to the proper authorities.
Depending on where Matt lives, the marketer could be prosecuted for violating which of the following?
A. Investigative Consumer Reporting Agencies Act.
B. Unfair and Deceptive Acts and Practices laws.
C. Consumer Bill of Rights.
D. Red Flag Rules.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.