IAPP CIPT Practice Test - Questions Answers, Page 3
Question list
List of questions
Related questions
Which is NOT a suitable method for assuring the quality of data collected by a third-party company?
Verifying the accuracy of the data by contacting users.
Validating the company's data collection procedures.
Introducing erroneous data to see if its detected.
Tracking changes to data through auditing.
A valid argument against data minimization is that it?
Can limit business opportunities.
Decreases the speed of data transfers.
Can have an adverse effect on data quality.
Increases the chance that someone can be identified from data.
What is the main reason a company relies on implied consent instead of explicit consent from a user to process her data?
The implied consent model provides the user with more detailed data collection information.
To secure explicit consent, a user's website browsing would be significantly disrupted.
An explicit consent model is more expensive to implement.
Regulators prefer the implied consent model.
What is the main benefit of using dummy data during software testing?
The data comes in a format convenient for testing.
Statistical disclosure controls are applied to the data.
The data enables the suppression of particular values in a set.
Developers do not need special privacy training to test the software.
How does k-anonymity help to protect privacy in micro data sets?
By ensuring that every record in a set is part of a group of "k" records having similar identifying information.
By switching values between records in order to preserve most statistics while still maintaining privacy.
By adding sufficient noise to the data in order to hide the impact of any one individual.
By top-coding all age data above a value of "k."
Which of the following statements describes an acceptable disclosure practice?
An organization's privacy policy discloses how data will be used among groups within the organization itself.
With regard to limitation of use, internal disclosure policies override contractual agreements with third parties.
Intermediaries processing sensitive data on behalf of an organization require stricter disclosure oversight than vendors.
When an organization discloses data to a vendor, the terms of the vendor' privacy notice prevail over the organization' privacy notice.
How should the sharing of information within an organization be documented?
With a binding contract.
With a data flow diagram.
With a disclosure statement.
With a memorandum of agreement.
What can be used to determine the type of data in storage without exposing its contents?
Collection records.
Data mapping.
Server logs.
Metadata.
What must be done to destroy data stored on "write once read many" (WORM) media?
The data must be made inaccessible by encryption.
The erase function must be used to remove all data.
The media must be physically destroyed.
The media must be reformatted.
Which of the following would best improve an organization' s system of limiting data use?
Implementing digital rights management technology.
Confirming implied consent for any secondary use of data.
Applying audit trails to resources to monitor company personnel.
Instituting a system of user authentication for company personnel.
Question