ExamGecko
Search Search Login
Home Home / IAPP / CIPP-US
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following federal agencies does NOT have regulatory authority related to privacy?
Under the Driver's Privacy Protection Act (DPPA), which of the following parties would require consent of an individual in order to obtain his or her Department of Motor Vehicle information?
The use of cookies on a website by a service provider is generally not deemed a 'sale' of personal information by CCPA, as long as which of the following conditions is met?
Which of the following conditions would NOT be sufficient to excuse an entity from providing breach notification under state law?
Which of the following data elements is most likely to be subject to comprehensive state data security and privacy laws?
Which power was NOT granted to the California Privacy Protection Agency by the California Privacy Rights Act (CPRA)?
Which of the following most accurately describes the regulatory status ot pandemic contact-tracing apps in the United States?
The Clarifying Lawful Overseas Use of Data (CLOUD) Act is primarily intended to do which of the following?
Due to cookie deprecation, businesses will be required to simplify their tracking practices by doing what?
A software company wants to use web scraping to collect personal data from professional networking websites in order to train an artificial intelligence program to evaluate Job applications. The company has identified several actions for limiting their potential legal liability regarding affected data subjects and professional networking websites. Which of the following would be the least effective action for helping them do this?

Question 105 - CIPP-US discussion

Report
Export

Which of the following best describes an employer's privacy-related responsibilities to an employee who has left the workplace?

A.

An employer has a responsibility to maintain a former employee's access to computer systems and company data needed to support claims against the company such as discrimination.

Answers
A.

An employer has a responsibility to maintain a former employee's access to computer systems and company data needed to support claims against the company such as discrimination.

B.

An employer has a responsibility to permanently delete or expunge all sensitive employment records to minimize privacy risks to both the employer and former employee.

Answers
B.

An employer has a responsibility to permanently delete or expunge all sensitive employment records to minimize privacy risks to both the employer and former employee.

C.

An employer may consider any privacy-related responsibilities terminated, as the relationship between employer and employee is considered primarily contractual.

Answers
C.

An employer may consider any privacy-related responsibilities terminated, as the relationship between employer and employee is considered primarily contractual.

D.

An employer has a responsibility to maintain the security and privacy of any sensitive employment records retained for a legitimate business purpose.

Answers
D.

An employer has a responsibility to maintain the security and privacy of any sensitive employment records retained for a legitimate business purpose.

Suggested answer: D

Explanation:

Employers have a duty to protect the personal information of their current and former employees, as well as applicants, from unauthorized access, use, or disclosure. This duty may arise from federal or state laws, such as the Fair Credit Reporting Act (FCRA), the Health Insurance Portability and Accountability Act (HIPAA), or the California Consumer Privacy Act (CCPA), or from contractual obligations, such as non-disclosure agreements or privacy policies. Employers may retain sensitive employment records, such as performance evaluations, disciplinary actions, medical records, or background checks, for a legitimate business purpose, such as complying with legal requirements, defending against lawsuits, or conducting audits. However, employers must ensure that these records are stored securely, accessed only by authorized personnel, and disposed of properly when no longer needed.Reference:IAPP CIPP/US Study Guide, Chapter 4, Section 4.1.1,IAPP CIPP/US Body of Knowledge, Domain IV, Objective B

Show Answer
asked 22/11/2024
Marek Siwek
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms