ExamGecko
Search Search Login
Home Home / IAPP / CIPP-US
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following federal agencies does NOT have regulatory authority related to privacy?
Under the Driver's Privacy Protection Act (DPPA), which of the following parties would require consent of an individual in order to obtain his or her Department of Motor Vehicle information?
The use of cookies on a website by a service provider is generally not deemed a 'sale' of personal information by CCPA, as long as which of the following conditions is met?
Which of the following conditions would NOT be sufficient to excuse an entity from providing breach notification under state law?
Which of the following data elements is most likely to be subject to comprehensive state data security and privacy laws?
Which power was NOT granted to the California Privacy Protection Agency by the California Privacy Rights Act (CPRA)?
Which of the following most accurately describes the regulatory status ot pandemic contact-tracing apps in the United States?
Due to cookie deprecation, businesses will be required to simplify their tracking practices by doing what?
A software company wants to use web scraping to collect personal data from professional networking websites in order to train an artificial intelligence program to evaluate Job applications. The company has identified several actions for limiting their potential legal liability regarding affected data subjects and professional networking websites. Which of the following would be the least effective action for helping them do this?
According to the Family Educational Rights and Privacy Act (FERPA). when can a school disclose records without a student's consent?

Question 162 - CIPP-US discussion

Report
Export

The CFO of a pharmaceutical company is duped by a phishing email and discloses many of the company's employee personnel files to an online predator. The files include employee contact information, job applications, performance reviews, discipline records, and job descriptions.

Which of the following state laws would be an affected employee's best recourse against the employer?

A.

The state social security number confidentiality statute.

Answers
A.

The state social security number confidentiality statute.

B.

The state personnel record review statute.

Answers
B.

The state personnel record review statute.

C.

The state data destruction statute.

Answers
C.

The state data destruction statute.

D.

The state UDAP statute.

Answers
D.

The state UDAP statute.

Suggested answer: D

Explanation:

The state UDAP statute, which stands for Unfair and Deceptive Acts and Practices, is a law that protects consumers from unfair or deceptive business practices. In this case, the employer's failure to protect the employee's personal information from a phishing attack could be considered an unfair or deceptive act or practice that harmed the employee. The employee could sue the employer under the state UDAP statute for damages, injunctive relief, or other remedies. The other options are not relevant to this scenario, as they deal with different aspects of data protection, such as confidentiality, access, or destruction of personal information.Reference:

[IAPP CIPP/US Study Guide], Chapter 8, Section 8.3.1, page 227

IAPP CIPP/US Practice Questions, Question 153, page 13

Show Answer
asked 22/11/2024
Tomasz Kusmierek
27 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms