ExamGecko
Search Search Login
Home Home / IAPP / CIPP-US
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following federal agencies does NOT have regulatory authority related to privacy?
Under the Driver's Privacy Protection Act (DPPA), which of the following parties would require consent of an individual in order to obtain his or her Department of Motor Vehicle information?
The use of cookies on a website by a service provider is generally not deemed a 'sale' of personal information by CCPA, as long as which of the following conditions is met?
Which of the following conditions would NOT be sufficient to excuse an entity from providing breach notification under state law?
Which of the following data elements is most likely to be subject to comprehensive state data security and privacy laws?
Which power was NOT granted to the California Privacy Protection Agency by the California Privacy Rights Act (CPRA)?
Which of the following most accurately describes the regulatory status ot pandemic contact-tracing apps in the United States?
The Clarifying Lawful Overseas Use of Data (CLOUD) Act is primarily intended to do which of the following?
Due to cookie deprecation, businesses will be required to simplify their tracking practices by doing what?
A software company wants to use web scraping to collect personal data from professional networking websites in order to train an artificial intelligence program to evaluate Job applications. The company has identified several actions for limiting their potential legal liability regarding affected data subjects and professional networking websites. Which of the following would be the least effective action for helping them do this?

Question 130 - CIPP-US discussion

Report
Export

SCENARIO

Please use the following to answer the next QUESTION

Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asia. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in the Cross-Border Privacy Rules system of the APEC Privacy Framework.

Unfortunately, Filtration Station suffered a data breach in the previous quarter. An unknown third party was able to gain access to Filtration Station's network and was able to steal data relating to employees in the company's Human Resources database, which is hosted by a third-party cloud provider based in the U.S. The HR data is encrypted. Filtration Station also uses the third-party cloud provider to host its business marketing contact database. The marketing database was not affected by the data breach. It appears that the data breach was caused when a system administrator at the cloud provider stored the encryption keys with the data itself.

The Board has asked Otto to provide information about the data breach and how updates on new developments in privacy laws and regulations apply to Filtration Station. They are particularly concerned about staying up to date on the various U.S. state laws and regulations that have been in the news, especially the California Consumer Privacy Act (CCPA) and breach notification requirements.

The Board has asked Otto whether the company will need to comply with the new California Consumer Privacy Law (CCPA). What should Otto tell the Board?

A.

That CCPA will apply to the company only after the California Attorney General determines that it will enforce the statute.

Answers
A.

That CCPA will apply to the company only after the California Attorney General determines that it will enforce the statute.

B.

That the company is governed by CCPA, but does not need to take any additional steps because it follows CPBR.

Answers
B.

That the company is governed by CCPA, but does not need to take any additional steps because it follows CPBR.

C.

That business contact information could be considered personal information governed by CCPA.

Answers
C.

That business contact information could be considered personal information governed by CCPA.

D.

That CCPA only applies to companies based in California, which exempts the company from compliance.

Answers
D.

That CCPA only applies to companies based in California, which exempts the company from compliance.

Suggested answer: C

Explanation:

The CCPA applies to any business that collects personal information of California residents, regardless of where the business is located1.The CCPA defines personal information broadly as any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household2.This could include business contact information, such as name, email address, phone number, or job title, if it is linked to a specific individual3.Therefore, Otto should tell the Board that business contact information could be considered personal information governed by CCPA, and that the company may need to comply with the CCPA requirements, such as providing notice, honoring consumer rights requests, and implementing reasonable security measures4.Reference:

CIPP/US Practice Questions (Sample Questions), Question 124, Answer C, Explanation C.

IAPP CIPP/US Certified Information Privacy Professional Study Guide, Chapter 6, Section 6.2, p. 181-182.

California Consumer Privacy Act (CCPA), Section 1798.140, Subsection (o).

CCPA Compliance Checklist for Businesses, Section 2, Subsection (a).

Show Answer
asked 22/11/2024
soufiane chafik
40 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms