In day to day interactions with technology, consumers are presented with privacy choices. Which of the following best represents the Privacy by Design (PbD) methodology of letting the user choose a non-zero-sum choice?
A. Using images, words, and contexts to elicit positive feelings that result in proactive behavior, thus eliminating negativity and biases.
B. Providing plain-language design choices that elicit privacy-related responses, helping users avoid errors and minimize the negative consequences of errors when they do occur.
C. Displaying the percentage of users that chose a particular option, thus enabling the user to choose the most preferred option.
D. Using contexts, antecedent events, and other priming concepts to assist the user in making a better privacy choice.
Which of the following activities would be considered the best method for an organization to achieve the privacy principle of data quality'?
A. Clash customer information with information from a data broker
B. Build a system with user access controls and approval workflows to edit customer data
C. Set a privacy notice covering the purpose for collection of a customer's data
D. Provide a customer with a copy of their data in a machine-readable format
What is the term for information provided to a social network by a member?
A. Profile data.
B. Declared data.
C. Personal choice data.
D. Identifier information.
Which of the following is NOT a valid basis for data retention?
A. Size of the data.
B. Type of the data.
C. Location of the data.
D. Last time the data was accessed.
Which of the following is one of the fundamental principles of information security?
A. Accountability.
B. Accessibility.
C. Confidentiality.
D. Connectivity.
SCENARIO
Please use the following to answer the next question:
Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to
recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.
The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended
treatments with their physicians securely through the app. The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to
review along with the health record. The patient may also delegate access to the app.
LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.
The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user
related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide
consent.
What is the best way to minimize the risk of an exposure violation through the use of the app?
A. Prevent the downloading of photos stored in the app.
B. Dissociate the patient health data from the personal data.
C. Exclude the collection of personal information from the health record.
D. Create a policy to prevent combining data with external data sources.
Which of the following can be used to bypass even the best physical and logical security mechanisms to gain access to a system?
A. Phishing emails.
B. Denial of service.
C. Brute-force attacks.
D. Social engineering.
What is an Access Control List?
A. A list of steps necessary for an individual to access a resource.
B. A list that indicates the type of permission granted to each individual.
C. A list showing the resources that an individual has permission to access.
D. A list of individuals who have had their access privileges to a resource revoked.
What Privacy by Design (PbD) element should include a de-identification or deletion plan?
A. Categorization.
B. Remediation.
C. Retention.
D. Security
Ivan is a nurse for a home healthcare service provider in the US. The company has implemented a mobile application which Ivan uses to record a patient's vital statistics and access a patient's health care records during home visits. During one visitj^van is unable to access the health care application to record the patient's vitals. He instead records the information on his mobile phone's note-taking application to enter the data in the health care application the next time it is accessible. What would be the best course of action by the IT department to ensure the data is protected on his device?
A. Provide all healthcare employees with mandatory annual security awareness training with a focus on the health information protection.
B. Complete a SWOT analysis exercise on the mobile application to identify what caused the application to be inaccessible and remediate any issues.
C. Adopt mobile platform standards to ensure that only mobile devices that support encryption capabilities are used.
D. Implement Mobile Device Management (MDM) to enforce company security policies and configuration settings.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPT exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.