A company configures their information system to have the following capabilities:
1.
Allow for selective disclosure of attributes to certain parties, but not to others.
2.
Permit the sharing of attribute references instead of attribute values - such as "I am over 21" instead of birthday date.
3.
Allow for information to be altered or deleted as needed. These capabilities help to achieve which privacy engineering objective?
A. Predictability.
B. Manageability.
C. Disassociability.
D. Integrity.
What is the main reason the Do Not Track (DNT) header is not acknowledged by more companies?
A. Most web browsers incorporate the DNT feature.
B. The financial penalties for violating DNT guidelines are too high.
C. There is a lack of consensus about what the DNT header should mean.
D. It has been difficult to solve the technological challenges surrounding DNT.
A developer is designing a new system that allows an organization's helpdesk to remotely connect into the device of the individual to provide support Which of the following will be a privacy technologist's primary concern"?
A. Geofencing
B. Geo-tracking
C. Geo-tagging
D. Geolocation
There are two groups of users. In a company, where one group Is allowed to see credit card numbers, while the other group Is not. Both are accessing the data through the same application. The most effective and efficient way to achieve this would be?
A. Have two copies of the data, one copy where the credit card numbers are obfuscated, while the other copy has them in the clear. Serve up from the appropriate copy depending on the user accessing it.
B. Have the data encrypted at rest, and selectively decrypt It for the users who have the rights to see it.
C. Obfuscate the credit card numbers whenever a user who does not have the right to see them accesses the data.
D. Drop credit card numbers altogether whenever a user who does not have the right to see them accesses the data.
SCENARIO
Please use the following to answer the next question:
Jordan just joined a fitness-tracker start-up based in California, USA, as its first Information Privacy and Security Officer. The company is quickly growing its business but does not sell any of the fitness trackers itself. Instead, it relies on a distribution network of third-party retailers in all major countries. Despite not having any stores, the company has a 78% market share in the EU. It has a website presenting the company and products, and a member section where customers can access their information. Only the email address and physical address need to be provided as part of the registration process in order to customize the site to the user's region and country. There is also a newsletter sent every month to all members featuring fitness tips, nutrition advice, product spotlights from partner companies based on user behavior and preferences.
Jordan says the General Data Protection Regulation (GDPR) does not apply to the company. He says the company is not established in the EU, nor does it have a processor in the region. Furthermore, it does not do any "offering goods or services" in the EU since it does not do any marketing there, nor sell to consumers directly. Jordan argues that it is the customers who chose to buy the products on their own initiative and there is no "offering" from the company.
The fitness trackers incorporate advanced features such as sleep tracking, GPS tracking, heart rate monitoring. wireless syncing, calorie-counting and step-tracking. The watch must be paired with either a smartphone or a computer in order to collect data on sleep levels, heart rates, etc. All information from the device must be sent to the company's servers in order to be processed, and then the results are sent to the smartphone or computer. Jordan argues that there is no personal information involved since the company does not collect banking or social security information.
Based on the current features of the fitness watch, what would you recommend be implemented into each device in order to most effectively ensure privacy?
A. Hashing.
B. A2DP Bluetooth profile.
C. Persistent unique identifier.
D. Randomized MAC address.
SCENARIO
Please use the following to answer the next question:
Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.
The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app. The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app.
LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.
The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.
What is the best way to ensure that the application only collects personal data that is needed to fulfill its primary purpose of providing potential medical and healthcare recommendations?
A. Obtain consent before using personal health information for data analytics purposes.
B. Provide the user with an option to select which personal data the application may collect.
C. Disclose what personal data the application the collecting in the company Privacy Policy posted online.
D. Document each personal category collected by the app and ensure it maps to an app function or feature.
SCENARIO
Please use the following to answer the next question: Chuck, a compliance auditor for a consulting firm focusing on healthcare clients, was required to travel to the client's office to perform an onsite review of the client's operations. He rented a car from Finley Motors upon arrival at the airport as so he could commute to and from the client's office. The car rental agreement was electronically signed by Chuck and included his name, address, driver's license, make/model of the car, billing rate, and additional details describing the rental transaction. On the second night, Chuck was caught by a red light camera not stopping at an intersection on his way to dinner. Chuck returned the car back to the car rental agency at the end week without mentioning the infraction and Finley Motors emailed a copy of the final receipt to the address on file.
Local law enforcement later reviewed the red light camera footage. As Finley Motors is the registered owner of the car, a notice was sent to them indicating the infraction and fine incurred. This notice included the license plate number, occurrence date and time, a photograph of the driver, and a web portal link to a video clip of the violation for further review. Finley Motors, however, was not responsible for the violation as they were not driving the car at the time and transferred the incident to AMP Payment Resources for further review. AMP Payment Resources identified Chuck as the driver based on the rental agreement he signed when picking up the car and then contacted Chuck directly through a written letter regarding the infraction to collect the fine.
After reviewing the incident through the AMP Payment Resources' web portal, Chuck paid the fine using his personal credit card. Two weeks later, Finley Motors sent Chuck an email promotion offering 10% off a future rental.
What should Finley Motors have done to incorporate the transparency principle of Privacy by Design (PbD)?
A. Signed a data sharing agreement with AMP Payment Resources.
B. Documented that Finley Motors has a legitimate interest to share Chuck's information.
C. Obtained verbal consent from Chuck and recorded it within internal systems.
D. Provided notice of data sharing practices within the electronically signed rental agreement.
What privacy risk is NOT mitigated by the use of encrypted computation to target and serve online ads?
A. The ad being served to the user may not be relevant.
B. The user's sensitive personal information is used to display targeted ads.
C. The personal information used to target ads can be discerned by the server.
D. The user's information can be leaked to an advertiser through weak de-identification techniques.
An organization is considering launching enhancements to improve security and authentication mechanisms in their products. To better identify the user and reduce friction from the authentication process, they plan to track physical attributes of an individual. A privacy technologist assessing privacy implications would be most interested in which of the following?
A. The purpose of the data tracking.
B. That the individual is aware tracking is occurring.
C. The authentication mechanism proposed.
D. The encryption of individual physical attributes.
it Is Important for a privacy technologist to understand dark patterns In order to reduce the risk of which of the following?
A. Breaches of an individual's data.
B. Illicit collection of personal data.
C. Manipulation of a user's choice.
D. Discrimination from profiling.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPT exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.