DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest 2024 CIPP Certification Questions & Mock Tests, Certified International Purchasing Professional | SPOTO

Explore our latest 2024 CIPP Certification Questions & Mock Tests at SPOTO. Our comprehensive resources cater to your exam preparation needs, offering practice tests, free tests, online exam questions, sample questions, and exam dumps. With our meticulously crafted mock exams, you can simulate the exam environment and assess your readiness for the Certified Information Privacy Professional/Europe (CIPP/E) certification. Our exam materials cover crucial topics including European privacy laws, regulations, and the legal requirements for transferring sensitive personal data across borders. Stay ahead with SPOTO's latest practice tests, designed to equip you with the knowledge and skills necessary to excel in your certification journey. Let SPOTO be your trusted partner in achieving success. Prepare effectively, pass confidently, and embark on a rewarding career as a Certified International Purchasing Professional with SPOTO's comprehensive exam resources.

Take other online exams
Question #1
What does the Massachusetts Personal Information Security Regulation require as it relates to encryption of personal information?
A. The encryption of all personal information of Massachusetts residents when all equipment is located in Massachusetts
B. The encryption of all personal information stored in Massachusetts-based companies when all equipment is located in Massachusetts
C. The encryption of personal information stored in Massachusetts-based companies when stored on portable devices
D. The encryption of all personal information of Massachusetts residents when stored on portable devices
View answer
Correct Answer: A
Question #2
What is one major goal that the OECD Guidelines, Convention 108 and the Data Protection Directive (Directive 95/46/EC) all had in common but largely failed to achieve in Europe?
A. The establishment of a list of legitimate data processing criteria
B. The creation of legally binding data protection principles
C. The synchronization of approaches to data protection
D. The restriction of cross-border data flow
View answer
Correct Answer: D
Question #3
Global Manufacturing Co’s Human Resources department recently purchased a new software tool. This tool helps evaluate future candidates for executive roles by scanning emails to see what those candidates say and what is said about them. This provides the HR department with an automated “360 review” that lets them know how the candidate thinks and operates, what their peers and direct reports say about them, and how well they interact with each other. What is the most important step for the Human Resources D
A. Making sure that the software does not unintentionally discriminate against protected groups
B. Ensuring that the software contains a privacy notice explaining that employees have no right to privacy as long as they are running this software on organization systems to scan email systems
C. Confirming that employees have read and signed the employee handbook where they have been advised that they have no right to privacy as long as they are using the organization’s systems, regardless of the protected group or lawsenforced by EEOC
D. Providing notice to employees that their emails will be scanned by the software and creating automated profiles
View answer
Correct Answer: D
Question #4
In what way does the “Red Flags Rule” under the Fair and Accurate Credit Transactions Act (FACTA) relate to the owner of a grocery store who uses a money wire service?
A. It mandates the use of updated technology for securing credit records
B. It requires the owner to implement an identity theft warning system
C. It is not usually enforced in the case of a small financial institution
D. It does not apply because the owner is not a creditor
View answer
Correct Answer: D
Question #5
Within what time period must a commercial message sender remove a recipient’s address once they have asked to stop receiving future e-mail?
A. 7 days
B. 10 daysC
D. 21 days
View answer
Correct Answer: A
Question #6
What practice does the USA FREEDOM Act NOT authorize?
A. Emergency exceptions that allows the government to target roamers
B. An increase in the maximum penalty for material support to terrorism
C. An extension of the expiration for roving wiretaps
D. The bulk collection of telephone data and internet metadata
View answer
Correct Answer: A
Question #7
Sarah lives in San Francisco, California. Based on a dramatic increase in unsolicited commercial emails, Sarah believes that a major social media platform with over 50 million users has collected a lot of personal information about her. The company that runs the platform is based in New York and France. Why is Sarah entitled to ask the social media platform to delete the personal information they have collected about her?
A. Any company with a presence in Europe must comply with the General Data Protection Regulation globally, including in response to data subject deletion requests
B. Under Section 5 of the FTC Act, the Federal Trade Commission has held that refusing to delete an individual’s personal information upon request constitutes an unfair practice
C. The California Consumer Privacy Act entitles Sarah to request deletion of her personal information
D. The New York “Stop Hacks and Improve Electronic Data Security” (SHIELD) Act requires that businesses under New York’s jurisdiction must delete customers’ personal information upon request
View answer
Correct Answer: B
Question #8
If an organization maintains data classified as high sensitivity in the same system as data classified as low sensitivity, which of the following is the most likely outcome?
A. The organization will still be in compliance with most sector-specific privacy and security laws
B. The impact of an organizational data breach will be more severe than if the data had been segregated
C. Temporary employees will be able to find the data necessary to fulfill their responsibilities
D. The organization will be able to address legal discovery requests efficiently without producing more information than necessary
View answer
Correct Answer: C
Question #9
Which of the following best describes an employer’s privacy-related responsibilities to an employee who has left the workplace?
A. An employer has a responsibility to maintain a former employee’s access to computer systems and company data needed to support claims against the company such as discrimination
B. An employer has a responsibility to permanently delete or expunge all sensitive employment records to minimize privacy risks to both the employer and former employee
C. An employer may consider any privacy-related responsibilities terminated, as the relationship between employer and employee is considered primarily contractual
D. An employer has a responsibility to maintain the security and privacy of any sensitive employment records retained for a legitimate business purpose
View answer
Correct Answer: C
Question #10
What is the most important action an organization can take to comply with the FTC position on retroactive changes to a privacy policy?
A. Describing the policy changes on its website
B. Obtaining affirmative consent from its customers
C. Publicizing the policy changes through social media
D. Reassuring customers of the security of their information
View answer
Correct Answer: D
Question #11
Which of the following is an important implication of the Dodd-Frank Wall Street Reform and Consumer Protection Act?
A. Financial institutions must avoid collecting a customer’s sensitive personal information
B. Financial institutions must help ensure a customer’s understanding of products and services
C. Financial institutions must use a prescribed level of encryption for most types of customer records
D. Financial institutions must cease sending e-mails and other forms of advertising to customers who opt out of direct marketing
View answer
Correct Answer: C
Question #12
Which of the following would NOT constitute an exception to the authorization requirement under the HIPAA Privacy Rule?
A. Disclosing health information for public health activities
B. Disclosing health information to file a child abuse report
C. Disclosing health information needed to treat a medical emergency
D. Disclosing health information needed to pay a third party billing administrator
View answer
Correct Answer: B
Question #13
Which statement is correct when considering the right to privacy under Article 8 of the European Convention on Human Rights (ECHR)?
A. The right to privacy is an absolute right
B. The right to privacy has to be balanced against other rights under the ECHR
C. The right to freedom of expression under Article 10 of the ECHR will always override the right to privacy
D. The right to privacy protects the right to hold opinions and to receive and impart ideas without interference
View answer
Correct Answer: B
Question #14
A law enforcement subpoenas the ACME telecommunications company for access to text message records of a person suspected of planning a terrorist attack. The company had previously encrypted its text message records so that only the suspect could access this data. What law did ACME violate by designing the service to prevent access to the information by a law enforcement agency?
A. SCA
B. ECPA
C. CALEA
D. USA Freedom Act
View answer
Correct Answer: D
Question #15
Which of the following became the first state to pass a law specifically regulating the practices of data brokers?
A. Washington
B. California
C. New York
D. Vermont
View answer
Correct Answer: C
Question #16
Under state breach notification laws, which is NOT typically included in the definition of personal information?
A. State identification number
B. First and last name
C. Social Security number
D. Medical Information
View answer
Correct Answer: C
Question #17
A key component of the OECD Guidelines is the “Individual Participation Principle”. What parts of the General Data Protection Regulation (GDPR) provide the closest equivalent to that principle?
A. The lawful processing criteria stipulated by Articles 6 to 9
B. The information requirements set out in Articles 13 and 14
C. The breach notification requirements specified in Articles 33 and 34
D. The rights granted to data subjects under Articles 12 to 22
View answer
Correct Answer: D
Question #18
What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?
A. ECHR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot
B. CJEU can force national governments to implement and honor EU law, while the ECHR cannot
C. CJEU can hear appeals on human rights decisions made by national courts, while the ECHR cannot
D. ECHR can enforce human rights laws against governments that fail to implement them, while the CJEU cannot
View answer
Correct Answer: B
Question #19
Most states with data breach notification laws indicate that notice to affected individuals must be sent in the “most expeditious time possible without unreasonable delay.” By contrast, which of the following states currently imposes a definite limit for notification to affected individuals?
A. Maine
B. Florida
C. New York
D. California
View answer
Correct Answer: D
Question #20
What is the main purpose of the CAN-SPAM Act?
A. To diminish the use of electronic messages to send sexually explicit materials
B. To authorize the states to enforce federal privacy laws for electronic marketing
C. To empower the FTC to create rules for messages containing sexually explicit content
D. To ensure that organizations respect individual rights when using electronic advertising
View answer
Correct Answer: A
Question #21
Which is an exception to the general prohibitions on telephone monitoring that exist under the U.S. Wiretap Act?
A. Call center exception
B. Inter-company communications exception
C. Ordinary course of business exception
D. Internet calls exception
View answer
Correct Answer: A
Question #22
Smith Memorial Healthcare (SMH) is a hospital network headquartered in New York and operating in 7 other states. SMH uses an electronic medical record to enter and track information about its patients. Recently, SMH suffered a data breach where a third-party hacker was able to gain access to the SMH internal network. Because it is a HIPPA-covered entity, SMH made a notification to the Office of Civil Rights at the U.S. Department of Health and Human Services about the breach. Which statement accurately desc
A. If SMH is compliant with HIPAA, it will not have to make a separate notification to individuals in the state of New York
B. If SMH has more than 500 patients in the state of New York, it will need to make separate notifications to these patients
C. If SMH must make a notification in any other state in which it operates, it must also make a notification to individuals in New York
D. If SMH makes credit monitoring available to individuals who inquire, it will not have to make a separate notification to individuals in the state of New York
View answer
Correct Answer: A
Question #23
Which law provides employee benefits, but often mandates the collection of medical information?
A. The Occupational Safety and Health Act
B. The Americans with Disabilities Act
C. The Employee Medical Security Act
D. The Family and Medical Leave Act
View answer
Correct Answer: B
Question #24
SCENARIO Please use the following to answer the next question: Anna and Frank both work at Granchester University. Anna is a lawyer responsible for data protection, while Frank is a lecturer in the engineering department. The University maintains a number of types of records: Student records, including names, student numbers, home addresses, pre-university information, university attendance and performance records, details of special educational needs and financial information. Staff records, including auto
A. Student records
B. Staff and alumni records
C. Frank’s performance database
D. Department for Education records
View answer
Correct Answer: B
Question #25
Under the Fair and Accurate Credit Transactions Act (FACTA), what is the most appropriate action for a car dealer holding a paper folder of customer credit reports?
A. To follow the Disposal Rule by having the reports shredded
B. To follow the Red Flags Rule by mailing the reports to customers
C. To follow the Privacy Rule by notifying customers that the reports are being stored
D. To follow the Safeguards Rule by transferring the reports to a secure electronic file
View answer
Correct Answer: D
Question #26
Acme Student Loan Company has developed an artificial intelligence algorithm that determines whether an individual is likely to pay their bill or default. A person who is determined by the algorithm to be more likely to default will receive frequent payment reminder calls, while those who are less likely to default will not receive payment reminders. Which of the following most accurately reflects the privacy concerns with Acme Student Loan Company using artificial intelligence in this manner?
A. If the algorithm uses risk factors that impact the automatic decision engine
B. If the algorithm makes automated decisions based on risk factors and public information, Acme need not determine if the algorithm has a disparate impact on protected classes
C. If the algorithm’s methodology is disclosed to consumers, then it is acceptable for Acme to have a disparate impact on protected classes
D. If the algorithm uses information about protected classes to make automated decisions, Acme must ensure that the algorithm does not have a disparate impact on protected classes in the output
View answer
Correct Answer: C
Question #27
Which of the following is most likely to provide privacy protection to private-sector employees in the United States?
A. State law, contract law, and tort law
B. The Federal Trade Commission Act (FTC Act)
C. Amendments one, four, and five of the U
D. The U
View answer
Correct Answer: B
Question #28
The Cable Communications Policy Act of 1984 requires which activity?
A. Delivery of an annual notice detailing how subscriber information is to be used
B. Destruction of personal information a maximum of six months after it is no longer needed
C. Notice to subscribers of any investigation involving unauthorized reception of cable services
D. Obtaining subscriber consent for disseminating any personal information necessary to render cable services
View answer
Correct Answer: D
Question #29
Which EU institution is vested with the competence to propose new data protection legislation on its own initiative?
A. The European Council
B. The European Parliament
C. The European Commission
D. The Council of the European Union
View answer
Correct Answer: D
Question #30
What practice do courts commonly require in order to protect certain personal information on documents, whether paper or electronic, that is involved in litigation?
A. Redaction
B. Encryption
C. Deletion
D. Hashing
View answer
Correct Answer: B
Question #31
Which of the following is NOT a principle found in the APEC Privacy Framework?
A. Integrity of Personal Information
B. Access and Correction
C. Preventing Harm
D. Privacy by Design
View answer
Correct Answer: C
Question #32
Under the Telemarketing Sales Rule, what characteristics of consent must be in place for an organization to acquire an exception to the Do-Not-Call rules for a particular consumer?
A. The consent must be in writing, must state the times when calls can be made to the consumer and must be signed
B. The consent must be in writing, must contain the number to which calls can be made and must have an end date
C. The consent must be in writing, must contain the number to which calls can be made and must be signed
D. The consent must be in writing, must have an end data and must state the times when calls can be made
View answer
Correct Answer: C
Question #33
Who has rulemaking authority for the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA)?
A. State Attorneys General
B. The Federal Trade Commission
C. The Department of Commerce
D. The Consumer Financial Protection Bureau
View answer
Correct Answer: C
Question #34
Which federal law or regulation preempts state law?
A. Health Insurance Portability and Accountability Act
B. Controlling the Assault of Non-Solicited Pornography and Marketing Act
C. Telemarketing Sales Rule
D. Electronic Communications Privacy Act of 1986
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.