Question No : 1
A law enforcement subpoenas the ACME telecommunications company for access to text message records of a person suspected of planning a terrorist attack. The company had previously encrypted its text message records so that only the suspect could access this data.
What law did ACME violate by designing the service to prevent access to the information by a law enforcement agency?

• A.SCA
• B.ECPA
• C.CALEA
• D.USA Freedom Act

Show Answers

Answer:
Explanation:
Reference: https://www.nap.edu/read/11896/chapter/11#283

Question No : 2
SCENARIO
Please use the following to answer the next QUESTION:
Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state’s Do Not Call list, as well as the people on it. “If they were really serious about not being bothered,” Evan said, “They’d be on the national DNC list. That’s the only one we’re required to follow. At SunriseLynx, we call until they ask us not to.”
Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call “another time.” This, to Larry, is a clear indication that they don’t want to be called at all. Evan doesn’t see it that way.
Larry believes that Evan’s arrogance also affects the way he treats employees. The U.S. Constitution protects American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly, even connecting with employees on social media. However, following Evan’s political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.
Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan’s leadership.
Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentioned this to a coworker, his concern was met with a shrug. It was the coworker’s belief that employees agreed to be monitored when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.
Larry wants to take action, but is uncertain how to proceed.
In what area does Larry have a misconception about private-sector employee rights?

• A.The applicability of federal law
• B.The enforceability of local law
• C.The strict nature of state law
• D.The definition of tort law

Show Answers

Answer:

Question No : 3
If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?

• A.Uses the transferred data for limited purposes
• B.Provides the same level of privacy protection as the organization
• C.Notifies the organization if it can no longer meet its requirements for proper data handling
• D.Enters a contract with the organization that states the third party will process data according to the consent agreement

Show Answers

Answer:
Explanation:
Reference: https://www.privacyshield.gov/Key-New-Requirements

Question No : 4
SCENARIO
Please use the following to answer the next QUESTION
Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asia. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in the Cross-Border Privacy Rules system of the APEC Privacy Framework.
Unfortunately, Filtration Station suffered a data breach in the previous quarter. An unknown third party was able to gain access to Filtration Station’s network and was able to steal data relating to employees in the company’s Human Resources database, which is hosted by a third-party cloud provider based in the U.S. The HR data is encrypted. Filtration Station also uses the third-party cloud provider to host its business marketing contact database. The marketing database was not affected by the data breach. It appears that the data breach was caused when a system administrator at the cloud provider stored the encryption keys with the data itself.
The Board has asked Otto to provide information about the data breach and how updates on new developments in privacy laws and regulations apply to Filtration Station. They are particularly concerned about staying up to date on the various U.S. state laws and regulations that have been in the news, especially the California Consumer Privacy Act (CCPA) and breach notification requirements.
The Board has asked Otto whether the company will need to comply with the new California Consumer Privacy Law (CCPA).
What should Otto tell the Board?
A. That CCPA will apply to the company only after the California Attorney General determines that it will enforce the statute.
B. That the company is governed by CCPA, but does not need to take any additional steps because it follows CPBR.
C. That business contact information could be considered personal information governed by CCPA.
D. That CCPA only applies to companies based in California, which exempts the company from compliance.

Show Answers

Answer:A

Question No : 5
In what way is the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act intended to help consumers?

• A.By providing consumers with free spam-filtering software.
• B.By requiring a company to receive an opt-in before sending any advertising e-mails.
• C.By prohibiting companies from sending objectionable content through unsolicited e-mails.
• D.By requiring companies to allow consumers to opt-out of future e-mails.

Show Answers

Answer:
Explanation:
Reference: https://www.federalregister.gov/documents/2019/04/04/2019-06562/controlling-the-assault-of-non-solicited-pornography-and-marketing-rule

Question No : 6
When may a financial institution share consumer information with non-affiliated third parties for marketing purposes?

• A.After disclosing information-sharing practices to customers and after giving them an opportunity to opt in.
• B.After disclosing marketing practices to customers and after giving them an opportunity to opt in.
• C.After disclosing information-sharing practices to customers and after giving them an opportunity to opt out.
• D.After disclosing marketing practices to customers and after giving them an opportunity to opt out.

Show Answers

Answer:
Explanation:
Reference: https://www.ftc.gov/tips-advice/business-center/guidance/how-comply-privacy-consumer-financial-information-rule-gramm

Question No : 7
Why was the Privacy Protection Act of 1980 drafted?

• A.To respond to police searches of newspaper facilities
• B.To assist prosecutors in civil litigation against newspaper companies
• C.To assist in the prosecution of white-collar crimes
• D.To protect individuals from personal privacy invasion by the police

Show Answers

Answer:
Explanation:
Reference: https://scholarlycommons.law.northwestern.edu/cgi/viewcontent.cgi?article=1057&context=nulr

Question No : 8
Which action is prohibited under the Electronic Communications Privacy Act of 1986?

• A.Intercepting electronic communications and unauthorized access to stored communications
• B.Monitoring all employee telephone calls
• C.Accessing stored communications with the consent of the sender or recipient of the message
• D.Monitoring employee telephone calls of a personal nature

Show Answers

Answer:
Explanation:
Reference: https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1285

Question No : 9
Federal laws establish which of the following requirements for collecting personal information of minors under the age of 13?

• A.Implied consent from a minor’s parent or guardian, or affirmative consent from the minor.
• B.Affirmative consent from a minor’s parent or guardian before collecting the minor’s personal information online.
• C.Implied consent from a minor’s parent or guardian before collecting a minor’s personal information online, such as when they permit the minor to use the internet.
• D.Affirmative consent of a parent or guardian before collecting personal information of a minor offline (e.g., in person), which also satisfies any requirements for online consent.

Show Answers

Answer:
Explanation:
Reference: https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-Questions-0

Question No : 10
The rules for “e-discovery” mainly prevent which of the following?

• A.A conflict between business practice and technological safeguards
• B.The loss of information due to poor data retention practices
• C.The practice of employees using personal devices for work
• D.A breach of an organization’s data retention program

Show Answers

Answer: