An organization based in California, USA is implementing a new online helpdesk solution for recording customer call information. The organization considers the capture of personal data on the online helpdesk solution to be in the interest of the company in best servicing customer calls.
Before implementation, a privacy technologist should conduct which of the following?
A. A Data Protection Impact Assessment (DPIA) and consultation with the appropriate regulator to ensure legal compliance.
B. A privacy risk and impact assessment to evaluate potential risks from the proposed processing operations.
C. A Legitimate Interest Assessment (LIA) to ensure that the processing is proportionate and does not override the privacy, rights and freedoms of the customers.
D. A security assessment of the help desk solution and provider to assess if the technology was developed with a security by design approach.
An organization is deciding between building a solution in-house versus purchasing a solution for a new customer facing application. When security threat are taken into consideration, a key advantage of purchasing a solution would be the availability of?
A. Outsourcing.
B. Persistent VPN.
C. Patching and updates.
D. Digital Rights Management.
Which of the following is a stage in the data life cycle?
A. Data classification.
B. Data inventory.
C. Data masking.
D. Data retention.
What would be an example of an organization transferring the risks associated with a data breach?
A. Using a third-party service to process credit card transactions.
B. Encrypting sensitive personal data during collection and storage
C. Purchasing insurance to cover the organization in case of a breach.
D. Applying industry standard data handling practices to the organization' practices.
SCENARIO
Kyle is a new security compliance manager who will be responsible for coordinating and executing controls to ensure compliance with the company's information security policy and industry standards. Kyle is also new to the company, where collaboration is a core value. On his first day of new-hire orientation, Kyle's schedule included participating in meetings and observing work in the IT and compliance departments.
Kyle spent the morning in the IT department, where the CIO welcomed him and explained that her department was responsible for IT governance. The CIO and Kyle engaged in a conversation about the importance of identifying meaningful IT governance metrics. Following their conversation, the CIO introduced Kyle to Ted and Barney. Ted is implementing a plan to encrypt data at the transportation level of the organization's wireless network. Kyle would need to get up to speed on the project and suggest ways to monitor effectiveness once the implementation was complete. Barney explained that his short-term goals are to establish rules governing where data can be placed and to minimize the use of offline data storage.
Kyle spent the afternoon with Jill, a compliance specialist, and learned that she was exploring an initiative for a compliance program to follow self-regulatory privacy principles. Thanks to a recent internship, Kyle had some experience in this area and knew where Jill could find some support. Jill also shared results of the company's privacy risk assessment, noting that the secondary use of personal information was considered a high risk.
By the end of the day, Kyle was very excited about his new job and his new company. In fact, he learned about an open position for someone with strong qualifications and experience with access privileges, project standards board approval processes, and application-level obligations, and couldn't wait to recommend his friend Ben who would be perfect for the job.
Which data practice is Barney most likely focused on improving?
A. Deletion
B. Inventory.
C. Retention.
D. Sharing
All of the following topics should be included in a workplace surveillance policy EXCEPT?
A. Who can be tracked and when.
B. Who can access surveillance data.
C. What areas can be placed under surveillance.
D. Who benefits from collecting surveillance data.
What is the goal of privacy enhancing technologies (PETS) like multiparty computation and differential privacy?
A. To facilitate audits of third party vendors.
B. To protect sensitive data while maintaining its utility.
C. To standardize privacy activities across organizational groups.
D. To protect the security perimeter and the data items themselves.
Which of the following would best improve an organization' s system of limiting data use?
A. Implementing digital rights management technology.
B. Confirming implied consent for any secondary use of data.
C. Applying audit trails to resources to monitor company personnel.
D. Instituting a system of user authentication for company personnel.
SCENARIO
Looking back at your first two years as the Director of Personal Information Protection and Compliance for the Berry Country Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data-not only records produced recently, but those still on hand from years ago? A data flow diagram generated last year shows multiple servers, databases, and work stations, many of which hold files that have not yet been incorporated into the new records system. While most of this data is encrypted, its persistence may pose security and compliance concerns. The situation is further complicated by several long-term studies being conducted by the medical staff using patient information. Having recently reviewed the major Canadian privacy regulations, you want to make certain that the medical center is observing them.
You also recall a recent visit to the Records Storage Section, often termed "The Dungeon" in the basement of the old hospital next to the modern facility, where you noticed a multitude of paper records. Some of these were in crates marked by years, medical condition or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on the floor. The back shelves of the section housed data tapes and old hard drives that were often unlabeled but appeared to be years old. On your way out of the dungeon, you noticed just ahead of you a small man in a lab coat who you did not recognize. He carried a batch of folders under his arm, apparently records he had removed from storage.
Which data lifecycle phase needs the most attention at this Ontario medical center?
A. Retention
B. Disclosure
C. Collection
D. Use
Which of the following would be the most appropriate solution for preventing privacy violations related to information exposure through an error message?
A. Configuring the environment to use shorter error messages.
B. Handing exceptions internally and not displaying errors to the user.
C. Creating default error pages or error messages which do not include variable data.
D. Logging the session name and necessary parameters once the error occurs to enable trouble shooting.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPT exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.