Practice Free IAPP CIPP-C Exam Questions Online, CIPP-C Free Demo

Question 16 Selectable Answer

Under the Fair and Accurate Credit Transactions Act (FACTA), what is the most appropriate action for a car dealer holding a paper folder of customer credit reports?

A. To follow the Disposal Rule by having the reports shredded
B. To follow the Red Flags Rule by mailing the reports to customers
C. To follow the Privacy Rule by notifying customers that the reports are being stored
D. To follow the Safeguards Rule by transferring the reports to a secure electronic file

Answer:

Question 17 Selectable Answer

What is the most important action an organization can take to comply with the FTC position on retroactive changes to a privacy policy?

A. Describing the policy changes on its website.
B. Obtaining affirmative consent from its customers.
C. Publicizing the policy changes through social media.
D. Reassuring customers of the security of their information.

Answer:
Explanation:
Reference: https://iapp.org/news/a/what-does-the-ccpas-purpose-limitation-mean-for-businesses/

Question 18 Selectable Answer

Which of the following became the first state to pass a law specifically regulating the collection of biometric data?

A. California.
B. Texas.
C. Illinois.
D. Washington.

Answer:
Explanation:
Reference: https://www.jdsupra.com/legalnews/state-biometric-laws-are-trending-and-2640319/

Question 19 Selectable Answer

Which law provides employee benefits, but often mandates the collection of medical information?

A. The Occupational Safety and Health Act.
B. The Americans with Disabilities Act.
C. The Employee Medical Security Act.
D. The Family and Medical Leave Act.

Answer:
Explanation:
Reference: https://www.dph.illinois.gov/covid19/community-guidance/workplace-health-and-safety-guidance/ employee-employer-rights-and-safety

Question 20 Selectable Answer

What does the Massachusetts Personal Information Security Regulation require as it relates to encryption of personal information?

A. The encryption of all personal information of Massachusetts residents when all equipment is located in Massachusetts.
B. The encryption of all personal information stored in Massachusetts-based companies when all equipment is located in Massachusetts.
C. The encryption of personal information stored in Massachusetts-based companies when stored on portable devices.
D. The encryption of all personal information of Massachusetts residents when stored on portable devices.

Answer:
Explanation:
Reference: https://www.dataguidance.com/notes/massachusetts-data-protection-overview

Question 21 Selectable Answer

Which of the following became the first state to pass a law specifically regulating the practices of data brokers?

A. Washington.
B. California.
C. New York.
D. Vermont.

Answer:
Explanation:
Reference: https://www.natlawreview.com/article/ringing-2019-new-state-privacy-and-data-security-laws- impacting-data-brokers-and

Question 22 Selectable Answer

According to Section 5 of the FTC Act, self-regulation primarily involves a company’s right to do what?

A. Determine which bodies will be involved in adjudication
B. Decide if any enforcement actions are justified
C. Adhere to its industry’s code of conduct
D. Appeal decisions made against it

Answer:
Explanation:
Reference: https://www.ftc.gov/about-ftc/what-we-do/enforcement-authority

Question 23 Selectable Answer

Which of the following best describes an employer’s privacy-related responsibilities to an employee who has left the workplace?

A. An employer has a responsibility to maintain a former employee’s access to computer systems and company data needed to support claims against the company such as discrimination.
B. An employer has a responsibility to permanently delete or expunge all sensitive employment records to minimize privacy risks to both the employer and former employee.
C. An employer may consider any privacy-related responsibilities terminated, as the relationship between employer and employee is considered primarily contractual.
D. An employer has a responsibility to maintain the security and privacy of any sensitive employment records retained for a legitimate business purpose.

Answer:

Question 24 Selectable Answer

In 2014, Google was alleged to have violated the Family Educational Rights and Privacy Act (FERPA) through its Apps for Education suite of tools. For what specific practice did students sue the company?

A. Scanning emails sent to and received by students
B. Making student education records publicly available
C. Relying on verbal consent for a disclosure of education records
D. Disclosing education records without obtaining required consent

Answer:
Explanation:
Reference: https://www.edweek.org/ew/articles/2014/03/13/26google.h33.html

Question 25 Selectable Answer

California’s SB 1386 was the first law of its type in the United States to do what?

A. Require commercial entities to disclose a security data breach concerning personal information about the state’s residents
B. Require notification of non-California residents of a breach that occurred in California
C. Require encryption of sensitive information stored on servers that are Internet connected
D. Require state attorney general enforcement of federal regulations against unfair and deceptive trade practices

Answer:
Explanation:
Reference: https://corporate.findlaw.com/law-library/california-raises-the-bar-on-data-security-and-privacy.html

Question 26 Selectable Answer

What is the main purpose of requiring marketers to use the Wireless Domain Registry?

A. To access a current list of wireless domain names
B. To prevent unauthorized emails to mobile devices
C. To acquire authorization to send emails to mobile devices
D. To ensure their emails are sent to actual wireless subscribers

Answer:

Question 27 Selectable Answer

SCENARIO
Please use the following to answer the next QUESTION:
A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices.
The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal data. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: “Please act immediately by identifying all personal data received from our company.”
This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup’s rapid market penetration.
As the Company’s data privacy leader, you are sensitive to the criticality of the relationship with the retailer.
Under the GDPR, the complainant’s request regarding her personal information is known as what?

A. Right of Access
B. Right of Removal
C. Right of Rectification
D. Right to Be Forgotten

Answer:

Question 28 Selectable Answer

What consumer service was the Fair Credit Reporting Act (FCRA) originally intended to provide?

A. The ability to receive reports from multiple credit reporting agencies.
B. The ability to appeal negative credit-based decisions.
C. The ability to correct inaccurate credit information.
D. The ability to investigate incidents of identity theft.

Answer:
Explanation:
Reference: https://epic.org/privacy/fcra/

Question 29 Selectable Answer

What was the original purpose of the Federal Trade Commission Act?

A. To ensure privacy rights of
B. citizens
C. To protect consumers
D. To enforce antitrust laws
E. To negotiate consent decrees with companies violating personal privacy

Answer:
Explanation:
Reference: https://www.ftc.gov/about-ftc

Question 30 Selectable Answer

In 2012, the White House and the FTC both issued reports advocating a new approach to privacy enforcement that can best be described as what?

A. Harm-based.
B. Self-regulatory.
C. Comprehensive.
D. Notice and choice.

Answer:
Explanation:
Reference: https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report- november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

Test Online Free IAPP CIPP-C Exam Questions and Answers