Home / IAPP / CIPP-US

Question list

List of questions

Question 1

(0)

The Video Privacy Protection Act of 1988 restricted which of the following?

Question 2

(0)

The Cable Communications Policy Act of 1984 requires which activity?

Question 3

(0)

What is the main purpose of requiring marketers to use the Wireless Domain Registry?

Question 4

(0)

SCENARIO Please use the following to answer the next QUESTION: You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity

Question 5

(0)

Which jurisdiction must courts have in order to hear a particular case?

Question 6

(0)

Which authority supervises and enforces laws regarding advertising to children via the Internet?

Question 7

(0)

According to Section 5 of the FTC Act, self-regulation primarily involves a company's right to do what?

Question 8

(0)

Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, ''Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Po

Question 9

(0)

The ''Consumer Privacy Bill of Rights'' presented in a 2012 Obama administration report is generally based on?

Question 10

(0)

What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?

Related questions

Which of the following federal agencies does NOT have regulatory authority related to privacy?

Under the Driver's Privacy Protection Act (DPPA), which of the following parties would require consent of an individual in order to obtain his or her Department of Motor Vehicle information?

The use of cookies on a website by a service provider is generally not deemed a 'sale' of personal information by CCPA, as long as which of the following conditions is met?

Which of the following conditions would NOT be sufficient to excuse an entity from providing breach notification under state law?

Which of the following data elements is most likely to be subject to comprehensive state data security and privacy laws?

Which power was NOT granted to the California Privacy Protection Agency by the California Privacy Rights Act (CPRA)?

Due to cookie deprecation, businesses will be required to simplify their tracking practices by doing what?

A software company wants to use web scraping to collect personal data from professional networking websites in order to train an artificial intelligence program to evaluate Job applications. The company has identified several actions for limiting their potential legal liability regarding affected data subjects and professional networking websites. Which of the following would be the least effective action for helping them do this?

According to the Family Educational Rights and Privacy Act (FERPA). when can a school disclose records without a student's consent?

SCENARIO Please use the following to answer the next question; Jane is a U.S. citizen and a senior software engineer at California-based Jones Labs, a major software supplier to the U.S. Department of Defense and other U.S. federal agencies Jane's manager, Patrick, is a French citizen who has been living in California for over a decade. Patrick has recently begun to suspect that Jane is an insider secretly transmitting trade secrets to foreign intelligence. Unbeknownst to Patrick, the FBI has already received a hint from anonymous whistleblower, and jointly with the National Secunty Agency is investigating Jane's possible implication in a sophisticated foreign espionage campaign Ever since the pandemic. Jane has been working from home. To complete her daily tasks she uses her corporate laptop, which after each togin conspicuously provides notice that the equipment belongs to Jones Labs and may be monitored according to the enacted privacy policy and employment handbook Jane also has a corporate mobile phone that she uses strictly for business, the terms of which are defined in her employment contract and elaborated upon in her employee handbook. Both the privacy policy and the employee handbook are revised annually by a reputable California law firm specializing in privacy law. Jane also has a personal iPhone that she uses for private purposes only. Jones Labs has its primary data center in San Francisco, which is managed internally by Jones Labs engineers The secondary data center, managed by Amazon AWS. is physically located in the UK for disaster recovery purposes. Jones Labs' mobile devices backup is managed by a mid-sized mobile delense company located in Denver, which physically stores the data in Canada to reduce costs. Jones Labs MS Office documents are securely stored in a Microsoft Office 365 data Under Section 702 of F1SA. The NSA may do which of the following without a Foreign Intelligence Surveillance Court warrant?

Question 165 - CIPP-US discussion

When designing contact tracing apps in relation to COVID-19 or any other diagnosed virus, all of the following privacy measures should be considered EXCEPT?

Data retention.

Use limitations.

Opt-out choice.

User confidentiality.

Suggested answer: C

Explanation:

Contact tracing apps are designed to help public health authorities track and contain the spread of COVID-19 or any other diagnosed virus by notifying users who have been in close contact with an infected person. However, these apps also raise privacy concerns, as they collect and process sensitive personal data, such as health status and location information. Therefore, contact tracing apps should follow the principles of privacy by design and default, which means that they should incorporate privacy measures into their development and operation, and offer the highest level of privacy protection to users.

Some of the privacy measures that should be considered when designing contact tracing apps are:

Data retention: Contact tracing apps should only retain the personal data they collect for as long as necessary to achieve their public health purpose, and delete or anonymize the data afterwards. Data retention periods should be clearly communicated to users and based on scientific evidence and legal requirements.

Use limitations: Contact tracing apps should only use the personal data they collect for the specific and legitimate purpose of contact tracing, and not for any other purposes, such as commercial, law enforcement, or surveillance. Use limitations should be enforced by technical and organizational measures, such as encryption, access controls, and audits.

User confidentiality: Contact tracing apps should protect the confidentiality of users' personal data and identity, and not disclose them to third parties without their consent or legal authorization. User confidentiality should be ensured by technical and organizational measures, such as pseudonymization, aggregation, and data minimization.

Opt-out choice, on the other hand, is not a privacy measure that should be considered when designing contact tracing apps, as it would undermine their effectiveness and public health objective. Contact tracing apps rely on voluntary participation and widespread adoption by users to function properly and achieve their purpose. Therefore, offering users the option to opt out of the app or certain features, such as data sharing or notifications, would reduce the app's coverage and accuracy, and potentially expose users and others to greater health risks. Instead of opt-out choice, contact tracing apps should provide users with clear and transparent information about how the app works, what data it collects and how it uses it, what benefits and risks it entails, and what rights and controls users have over their data. This way, users can make an informed and voluntary decision to use the app or not, based on their own preferences and values.

[IAPP CIPP/US Study Guide], Chapter 2: Privacy by Design and Default, pp. 35-36.

[IAPP CIPP/US Body of Knowledge], Section II: Limits on Private-sector Collection and Use of Data, Subsection B: Privacy by Design, pp. 9-10.

[IAPP Glossary], Terms: Contact Tracing, Privacy by Design, Privacy by Default.

Show Answer

asked 22/11/2024

Geetanjali Singh

36 questions

Your answer: A B C D

0 comments

Sorted by