A company is implementing a new online application and the privacy technologist has advised about potential privacy implications. Who would most likely have final accountability if the recommendations made by the privacy technologist are implemented?
A. The Technology Owner.SCENARIO
Please use the following to answer next question:
EnsureClaim is developing a mobile app platform for managing data used for assessing car accident insurance claims. Individuals use the app to take pictures at the crash site, eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hosting provider to store data collected by the app. EnsureClaim customer service employees also receive and review app data before sharing with insurance claim adjusters.
The app collects the following information:
1.
First and last name
2.
Date of birth (DOB)
3.
Mailing address
4.
Email address
5.
Car VIN number
6.
Car model
7.
License plate
8.
Insurance card number
9.
Photo 10.Vehicle diagnostics 11.Geolocation
The app is designed to collect and transmit geolocation data. How can data collection best be limited to the necessary minimum?
A. Allow user to opt-out geolocation data collection at any time.What is the goal of privacy enhancing technologies (PETS) like multiparty computation and differential privacy?
A. To facilitate audits of third party vendors.SCENARIO
Tom looked forward to starting his new position with a U.S --based automobile leasing company (New Company), now operating in 32 states. New Company was recently formed through the merger of two prominent players, one from the eastern region (East Company) and one from the western region (West Company). Tom, a Certified Information Privacy Technologist (CIPT), is New Company's first Information Privacy and Security Officer. He met today with Dick from East Company, and Harry, from West Company. Dick and Harry are veteran senior information privacy and security professionals at their respective companies, and continue to lead the east and west divisions of New Company. The purpose of the meeting was to conduct a SWOT (strengths/weaknesses/opportunities/threats) analysis for New Company. Their SWOT analysis conclusions are summarized below. Dick was enthusiastic about an opportunity for the New Company to reduce costs and increase computing power and flexibility through cloud services. East Company had been contemplating moving to the cloud, but West Company already had a vendor that was providing it with software-as-a-service (SaaS). Dick was looking forward to extending this service to the eastern region. Harry noted that this was a threat as well, because West Company had to rely on the third party to protect its data.
Tom mentioned that neither of the legacy companies had sufficient data storage space to meet the projected growth of New Company, which he saw as a weakness. Tom stated that one of the team's first projects would be to construct a consolidated New Company data warehouse. Tom would personally lead this project and would be held accountable if information was modified during transmission to or during storage in the new data warehouse.
Tom, Dick and Harry agreed that employee network access could be considered both a strength and a weakness. East Company and West Company had strong performance records in this regard; both had robust network access controls that were working as designed. However, during a projected year-long transition period, New Company employees would need to be able to connect to a New Company network while retaining access to the East Company and West Company networks.
Which statement is correct about addressing New Company stakeholders' expectations for privacy?
A. New Company should expect consumers to read the company's privacy policy.Which of the following occurs when individuals take a specific observable action to indicate and confirm that they give permission for their information to be processed?
A. Passive consentHow can a hacker gain control of a smartphone to perform remote audio and video surveillance?
A. By performing cross-site scripting.Which of these is NOT one of four elements of a design pattern?
A. A problem descriptionWhat is the main privacy threat posed by Radio Frequency Identification (RFID)?
A. An individual with an RFID receiver can track people or consumer products.What element is most conducive to fostering a sound privacy by design culture in an organization?
A. Ensuring all employees acknowledge and understood the privacy policy.There are two groups of users. In a company, where one group Is allowed to see credit card numbers, while the other group Is not. Both are accessing the data through the same application. The most effective and efficient way to achieve this would be?
A. Have two copies of the data, one copy where the credit card numbers are obfuscated, while the other copy has them in the clear. Serve up from the appropriate copy depending on the user accessing it.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPT exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.