IAPP CIPP-US Practice Test - Questions Answers, Page 14
Question list
List of questions
Related questions
SCENARIO
Please use the following to answer the next QUESTION
Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asia. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in the Cross-Border Privacy Rules system of the APEC Privacy Framework.
Unfortunately, Filtration Station suffered a data breach in the previous quarter. An unknown third party was able to gain access to Filtration Station's network and was able to steal data relating to employees in the company's Human Resources database, which is hosted by a third-party cloud provider based in the U.S. The HR data is encrypted. Filtration Station also uses the third-party cloud provider to host its business marketing contact database. The marketing database was not affected by the data breach. It appears that the data breach was caused when a system administrator at the cloud provider stored the encryption keys with the data itself.
The Board has asked Otto to provide information about the data breach and how updates on new developments in privacy laws and regulations apply to Filtration Station. They are particularly concerned about staying up to date on the various U.S. state laws and regulations that have been in the news, especially the California Consumer Privacy Act (CCPA) and breach notification requirements.
What can Otto do to most effectively minimize the privacy risks involved in using a cloud provider for the HR data?
Request that the Board sign off in a written document on the choice of cloud provider.
Ensure that the cloud provider abides by the contractual requirements by conducting an on-site audit.
Obtain express consent from employees for storing the HR data in the cloud and keep a record of the employee consents.
Negotiate a Business Associate Agreement with the cloud provider to protect any health-related data employees might share with Filtration Station.
Which of the following statements is most accurate in regard to data breach notifications under federal and state laws:
You must notify the Federal Trade Commission (FTC) in addition to affected individuals if over 500 individuals are receiving notice.
When providing an individual with required notice of a data breach, you must identify what personal information was actually or likely compromised.
When you are required to provide an individual with notice of a data breach under any state's law, you must provide the individual with an offer for free credit monitoring.
The only obligations to provide data breach notification are under state law because currently there is no federal law or regulation requiring notice for the breach of personal information.
What consumer service was the Fair Credit Reporting Act (FCRA) originally intended to provide?
The ability to receive reports from multiple credit reporting agencies.
The ability to appeal negative credit-based decisions.
The ability to correct inaccurate credit information.
The ability to investigate incidents of identity theft.
Privacy Is Hiring Inc., a CA-based company, is an online specialty recruiting firm focusing on placing privacy professionals in roles at major companies. Job candidates create online profiles outlining their experience and credentials, and can pay $19.99/month via credit card to have their profiles promoted to potential employers. Privacy Is Hiring Inc. keeps all customer data at rest encrypted on its servers.
Under what circumstances would Privacy Is Hiring Inc., need to notify affected individuals in the event of a data breach?
If law enforcement has completed its investigation and has authorized Privacy Is Hiring Inc. to provide the notification to clients and applicable regulators.
If the job candidates' credit card information and the encryption keys were among the information taken.
If Privacy Is Hiring Inc., reasonably believes that job candidates will be harmed by the data breach.
If the personal information stolen included the individuals' names and credit card pin numbers.
SCENARIO
Please use the following to answer the next QUESTION
Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has made better financial decisions in the past two years.
One potential employer, Arnie's Emporium, recently called to tell Noah he did not get a position. As part of the application process, Noah signed a consent form allowing the employer to request his credit report from a consumer reporting agency (CRA). Noah thinks that the report hurt his chances, but believes that he may not ever know whether it was his credit that cost him the job. However, Noah is somewhat relieved that he was not offered this particular position. He noticed that the store where he interviewed was extremely disorganized. He imagines that his credit report could still be sitting in the office, unsecured.
Two days ago, Noah got another interview for a position at Sam's Market. The interviewer told Noah that his credit report would be a factor in the hiring decision. Noah was surprised because he had not seen anything on paper about this when he applied.
Regardless, the effect of Noah's credit on his employability troubles him, especially since he has tried so hard to improve it. Noah made his worst financial decisions fifteen years ago, and they led to bankruptcy. These were decisions he made as a young man, and most of his debt at the time consisted of student loans, credit card debt, and a few unpaid bills -- all of which Noah is still working to pay off. He often laments that decisions he made fifteen years ago are still affecting him today.
In addition, Noah feels that an experience investing with a large bank may have contributed to his financial troubles. In 2007, in an effort to earn money to help pay off his debt, Noah talked to a customer service representative at a large investment company who urged him to purchase stocks. Without understanding the risks, Noah agreed. Unfortunately, Noah lost a great deal of money.
After losing the money, Noah was a customer of another financial institution that suffered a large security breach. Noah was one of millions of customers whose personal information was compromised. He wonders if he may have been a victim of identity theft and whether this may have negatively affected his credit.
Noah hopes that he will soon be able to put these challenges behind him, build excellent credit, and find the perfect job.
Consumers today are most likely protected from situations like the one Noah had buying stock because of which federal action or legislation?
The rules under the Fair Debt Collection Practices Act.
The creation of the Consumer Financial Protection Bureau.
Federal Trade Commission investigations into ''unfair and deceptive'' acts or practices.
Investigations of ''abusive'' acts and practices under the Dodd-Frank Wall Street Reform and Consumer Protection Act.
More than half of U S. states require telemarketers to do which of the following?
Identify themselves at the beginning of a call
Obtain written consent from potential customers
Register with the state before conducting business.
Provide written contracts for customer transactions
In the US, II is a best practice (and in some states a requirement) to conduct a data protection assessment in which instance?
When a background check is used as part of the hiring process
When any information is processed by a corporation.
When trade secrets are shared with a third party.
When technology is used to monitor employees.
What is the purpose of a cure provision in a stale data privacy law?
To allow a business a limited timeframe to fix alleged violations before facing enforcement.
To allow consumers a period of time to discover their data has been mishandled
To allow a state to initiate formal enforcement actions for a fixed time period.
To allow certain provisions of a law to expire after a defined time period
SCENARIO
Please use the following to answer the next QUESTION
Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has made better financial decisions in the past two years.
One potential employer, Arnie's Emporium, recently called to tell Noah he did not get a position. As part of the application process, Noah signed a consent form allowing the employer to request his credit report from a consumer reporting agency (CRA). Noah thinks that the report hurt his chances, but believes that he may not ever know whether it was his credit that cost him the job. However, Noah is somewhat relieved that he was not offered this particular position. He noticed that the store where he interviewed was extremely disorganized. He imagines that his credit report could still be sitting in the office, unsecured.
Two days ago, Noah got another interview for a position at Sam's Market. The interviewer told Noah that his credit report would be a factor in the hiring decision. Noah was surprised because he had not seen anything on paper about this when he applied.
Regardless, the effect of Noah's credit on his employability troubles him, especially since he has tried so hard to improve it. Noah made his worst financial decisions fifteen years ago, and they led to bankruptcy. These were decisions he made as a young man, and most of his debt at the time consisted of student loans, credit card debt, and a few unpaid bills -- all of which Noah is still working to pay off. He often laments that decisions he made fifteen years ago are still affecting him today.
In addition, Noah feels that an experience investing with a large bank may have contributed to his financial troubles. In 2007, in an effort to earn money to help pay off his debt, Noah talked to a customer service representative at a large investment company who urged him to purchase stocks. Without understanding the risks, Noah agreed. Unfortunately, Noah lost a great deal of money.
After losing the money, Noah was a customer of another financial institution that suffered a large security breach. Noah was one of millions of customers whose personal information was compromised. He wonders if he may have been a victim of identity theft and whether this may have negatively affected his credit.
Noah hopes that he will soon be able to put these challenges behind him, build excellent credit, and find the perfect job.
Based on the scenario, which legislation should ease Noah's worry about his credit report as a result of applying at Arnie's Emporium?
The Privacy Rule under the Gramm-Leach-Bliley Act (GLBA).
The Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA).
The Disposal Rule under the Fair and Accurate Credit Transactions Act (FACTA).
The Red Flags Rule under the Fair and Accurate Credit Transactions Act (FACTA).
Which federal agency plays a role in privacy policy, but does NOT have regulatory authority?
The Office of the Comptroller of the Currency.
The Federal Communications Commission.
The Department of Transportation.
The Department of Commerce.
Question