DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

IAPP CIPP/C Exam Questions and Answers, Certified Information Privacy Professional | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
Under the Fair and Accurate Credit Transactions Act (FACTA), what is the most appropriate action for a car dealer holding a paper folder of customer credit reports?
A. To follow the Disposal Rule by having the reports shredded
B. To follow the Red Flags Rule by mailing the reports to customers
C. To follow the Privacy Rule by notifying customers that the reports are being storedcorrect
D. To follow the Safeguards Rule by transferring the reports to a secure electronic file
View answer
Correct Answer: C
Question #2
SCENARIO Please use the following to answer the next QUESTION: Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state’s Do Not Call list, as well as the people on it. “If they were really serious about not being bothered,” Evan said, “They’d be on the national DNC list. That’s the only one we’re required to follow. At SunriseLynx, we call until they ask us not to.” Bizarrely, E
A. Defamation
B. Discriminationcorrect
C. Intrusion upon seclusion
D. Publicity given to private life
View answer
Correct Answer: B
Question #3
The “Consumer Privacy Bill of Rights” presented in a 2012 Obama administration report is generally based on?
A. The 1974 Privacy Act
B. Common law principles
C. European Union Directivecorrect
D. Traditional fair information practices
View answer
Correct Answer: C
Question #4
Within what time period must a commercial message sender remove a recipient’s address once they have asked to stop receiving future e-mail?
A. 7 days
B. 10 dayscorrect
C. 15 days
D. 21 days
View answer
Correct Answer: B
Question #5
Which law provides employee benefits, but often mandates the collection of medical information?
A. The Occupational Safety and Health Act
B. The Americans with Disabilities Act
C. The Employee Medical Security Act
D. The Family and Medical Leave Act
View answer
Correct Answer: B
Question #6
What role does the U.S. Constitution play in the area of workplace privacy?
A. It provides enforcement resources to large employers, but not to small businesses
B. It provides legal precedent for physical information security, but not for electronic securitycorrect
C. It provides contractual protections to members of labor unions, but not to employees at will
D. It provides significant protections to federal and state governments, but not to private-sector employment
View answer
Correct Answer: B
Question #7
SCENARIO Please use the following to answer the next QUESTION Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has made better financial decisions in the past two years. One potential employer, Arnie’s Emporium, recently called to tell Noah he did not get a position. As part of the application process, Noah signed a consent form allowing the employer to request his credit report from a consumer reporting agency (CRA). Noah thinks that the report
A. The rules under the Fair Debt Collection Practices Act
B. The creation of the Consumer Financial Protection Bureau
C. Federal Trade Commission investigations into “unfair and deceptive” acts or practices
D. Investigations of “abusive” acts and practices under the Dodd-Frank Wall Street Reform and Consumer Protection Act
View answer
Correct Answer: D
Question #8
What is the main purpose of the CAN-SPAM Act?
A. To diminish the use of electronic messages to send sexually explicit materials
B. To authorize the states to enforce federal privacy laws for electronic marketing
C. To empower the FTC to create rules for messages containing sexually explicit content
D. To ensure that organizations respect individual rights when using electronic advertisingcorrect
View answer
Correct Answer: D
Question #9
What does the Massachusetts Personal Information Security Regulation require as it relates to encryption of personal information?
A. The encryption of all personal information of Massachusetts residents when all equipment is located in Massachusetts
B. The encryption of all personal information stored in Massachusetts-based companies when all equipment is located in Massachusetts
C. The encryption of personal information stored in Massachusetts-based companies when stored on portable devices
D. The encryption of all personal information of Massachusetts residents when stored on portable devices
View answer
Correct Answer: D
Question #10
What information did the Red Flag Program Clarification Act of 2010 add to the original Red Flags rule?
A. The most common methods of identity theft
B. The definition of what constitutes a creditor
C. The process for proper disposal of sensitive data
D. The components of an identity theft detection program
View answer
Correct Answer: B
Question #11
SCENARIO Please use the following to answer the next QUESTION Matt went into his son’s bedroom one evening and found him stretched out on his bed typing on his laptop. “Doing your homework?” Matt asked hopefully. “No,” the boy said. “I’m filling out a survey.” Matt looked over his son’s shoulder at his computer screen. “What kind of survey?” “It’s asking QUESTION NO:s about my opinions.” “Let me see,” Matt said, and began reading the list of QUESTION NO:s that his son had already answered. “It’s asking your
A. Investigative Consumer Reporting Agencies Act
B. Unfair and Deceptive Acts and Practices laws
C. Consumer Bill of Rights
D. Red Flag Rules
View answer
Correct Answer: B
Question #12
Under the Personal Information Protection and Electronic Documents Act (PIPEDA), when engaging in a third-party transfer of personal information for processing, an organization is expected to have the technology to protect the information during transit and to?
A. Establish a contract outlining the individual outsourcing arrangement
B. Obtain additional consent for the use of the information by the third party
C. Confirm the jurisdictional protections of the receiving organization are the same as PIPEDA
D. Review the cross-border data flow completed and approved by the Treasury Board of Canada Secretariat
View answer
Correct Answer: A
Question #13
Which of these organizations would be required to provide its customers with an annual privacy notice?
A. The Four Winds Tribal College
B. The Golden Gavel Auction House
C. The King County Savings and Loan
D. The Breezy City Housing Commission
View answer
Correct Answer: B
Question #14
SCENARIO Please use the following to answer the next QUESTION: Matt went into his son’s bedroom one evening and found him stretched out on his bed typing on his laptop. “Doing your network?” Matt asked hopefully. “No,” the boy said. “I’m filling out a survey.” Matt looked over his son’s shoulder at his computer screen. “What kind of survey?” “It’s asking Questions about my opinions.” “Let me see,” Matt said, and began reading the list of Questions that his son had already answered. “It’s asking your opinion
A. Intruding upon the privacy of a family with young children
B. Collecting information from a child under the age of thirteen
C. Failing to notify of a breach of children’s private information
D. Disregarding the privacy policy of the children’s marketing industry
View answer
Correct Answer: D
Question #15
SCENARIO Please use the following to answer the next QUESTION: Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical fitness goals through classes, individual instruction, and access to an extensive indoor gym. She has owned the company for ten years and has always been concerned about protecting customer’s privacy while maintaining the highest level of service. She is proud that she has built long-lasting customer relationships. Although Chery
A. It will help employees stay better organized
B. It will help the company meet a federal mandate
C. It will increase the security of customers’ personal information (PI)correct
D. It will prevent the company from collecting too much personal information (PI)
View answer
Correct Answer: C
Question #16
SCENARIO Please use the following to answer the next QUESTION: Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state’s Do Not Call list, as well as the people on it. “If they were really serious about not being bothered,” Evan said, “They’d be on the national DNC list. That’s the only one we’re required to follow. At SunriseLynx, we call until they ask us not to.” Bizarrely, E
A. The Whistleblower Protection Act
B. The Stored Communications Act (SCA)
C. The National Labor Relations Act (NLRA)correct
D. The Fair and Accurate Credit Transactions Act (FACTA)
View answer
Correct Answer: C
Question #17
What consumer service was the Fair Credit Reporting Act (FCRA) originally intended to provide?
A. The ability to receive reports from multiple credit reporting agencies
B. The ability to appeal negative credit-based decisions
C. The ability to correct inaccurate credit information
D. The ability to investigate incidents of identity theft
View answer
Correct Answer: D
Question #18
What is an exception to the Electronic Communications Privacy Act of 1986 ban on interception of wire, oral and electronic communications?
A. Where one of the parties has given consent
B. Where state law permits such interception
C. If an organization intercepts an employee’s purely personal callcorrect
D. Only if all parties have given consent
View answer
Correct Answer: C
Question #19
SCENARIO Please use the following to answer the next QUESTION: A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices. The complainant accuses the retailer of improperly disclosing her personal data, without consent, to par
A. Right of Access
B. Right of Removalcorrect
C. Right of Rectification
D. Right to Be Forgotten
View answer
Correct Answer: B
Question #20
All of the following are tasks in the “Discover” phase of building an information management program EXCEPT?
A. Facilitating participation across departments and levels
B. Developing a process for review and update of privacy policies
C. Deciding how aggressive to be in the use of personal information
D. Understanding the laws that regulate a company’s collection of informationcorrect
View answer
Correct Answer: D
Question #21
What is the main reason some supporters of the European approach to privacy are skeptical about self- regulation of privacy practices?
A. A large amount of money may have to be sent on improved technology and security
B. Industries may not be strict enough in the creation and enforcement of rulescorrect
C. A new business owner may not understand the regulations
D. Human rights may be disregarded for the sake of privacy
View answer
Correct Answer: B
Question #22
In March 2012, the FTC released a privacy report that outlined three core principles for companies handling consumer data . Which was NOT one of these principles?
A. Simplifying consumer choice
B. Enhancing security measures
C. Practicing Privacy by Design
D. Providing greater transparency
View answer
Correct Answer: B
Question #23
Who has rulemaking authority for the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA)?
A. State Attorneys General
B. The Federal Trade Commission
C. The Department of Commerce
D. The Consumer Financial Protection Bureaucorrect
View answer
Correct Answer: D
Question #24
SCENARIO Please use the following to answer the next QUESTION Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asia. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in
A. Request that the Board sign off in a written document on the choice of cloud provider
B. Ensure that the cloud provider abides by the contractual requirements by conducting an on-site audit
C. Obtain express consent from employees for storing the HR data in the cloud and keep a record of the employee consents
D. Negotiate a Business Associate Agreement with the cloud provider to protect any health-related data employees might share with Filtration Station
View answer
Correct Answer: B
Question #25
SCENARIO Please use the following to answer the next QUESTION: You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B. As part of HealthCo’s business associ
A. Reject the request because the HIPAA privacy rule only permits disclosure for payment, treatment or healthcare operations
B. Respond with a request for satisfactory assurances such as a qualified protective order
C. Turn over all of the compromised patient records to the plaintiff’s attorneycorrect
D. Respond with a redacted document only relative to the plaintiff
View answer
Correct Answer: C
Question #26
SCENARIO Please use the following to answer the next QUESTION: Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical fitness goals through classes, individual instruction, and access to an extensive indoor gym. She has owned the company for ten years and has always been concerned about protecting customer’s privacy while maintaining the highest level of service. She is proud that she has built long-lasting customer relationships. Although Chery
A. Creating a more comprehensive plan for implementing a new policy
B. Spending more time understanding the company’s information goalscorrect
C. Explaining the importance of transparency in implementing a new policy
D. Removing the financial burden of the company’s employee training program
View answer
Correct Answer: B
Question #27
Which of the following best describes an employer’s privacy-related responsibilities to an employee who has left the workplace?
A. An employer has a responsibility to maintain a former employee’s access to computer systems and company data needed to support claims against the company such as discrimination
B. An employer has a responsibility to permanently delete or expunge all sensitive employment records to minimize privacy risks to both the employer and former employee
C. An employer may consider any privacy-related responsibilities terminated, as the relationship between employer and employee is considered primarily contractual
D. An employer has a responsibility to maintain the security and privacy of any sensitive employment records retained for a legitimate business purpose
View answer
Correct Answer: B
Question #28
SCENARIO Please use the following to answer the next QUESTION: A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices. The complainant accuses the retailer of improperly disclosing her personal data, without consent, to par
A. Reports on recent purchase histories
B. Database schemas held by the retailer
C. Lists of all customers, sorted by countrycorrect
D. Interviews with key marketing personnel
View answer
Correct Answer: C
Question #29
SCENARIO Please use the following to answer the next QUESTION: Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse. Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients’ Protected Health Information (PHI). Therefore, he is thinking carefully about privacy issu
A. By being present when patients are checking in
B. By speaking to a patient without prior authorization
C. By ignoring the conversation about a potential breachcorrect
D. By following through with his plans for his upcoming paper
View answer
Correct Answer: C
Question #30
What is the most important action an organization can take to comply with the FTC position on retroactive changes to a privacy policy?
A. Describing the policy changes on its website
B. Obtaining affirmative consent from its customers
C. Publicizing the policy changes through social media
D. Reassuring customers of the security of their information
View answer
Correct Answer: B

View The Updated IAPP Exam Questions

SPOTO Provides 100% Real IAPP Exam Questions for You to Pass Your IAPP Exam!

Get IAPP Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.