Home

Home / IAPP / CIPP-US

Question list

List of questions

Question 1

(0)

The Video Privacy Protection Act of 1988 restricted which of the following?

Question 2

(0)

The Cable Communications Policy Act of 1984 requires which activity?

Question 3

(0)

What is the main purpose of requiring marketers to use the Wireless Domain Registry?

Question 4

(0)

SCENARIO Please use the following to answer the next QUESTION: You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity

Question 5

(0)

Which jurisdiction must courts have in order to hear a particular case?

Question 6

(0)

Which authority supervises and enforces laws regarding advertising to children via the Internet?

Question 7

(0)

According to Section 5 of the FTC Act, self-regulation primarily involves a company's right to do what?

Question 8

(0)

Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, ''Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Po

Question 9

(0)

The ''Consumer Privacy Bill of Rights'' presented in a 2012 Obama administration report is generally based on?

Question 10

(0)

What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?

Open VPLUS File

Convert VPLUS to PDF

Related questions

Which of the following federal agencies does NOT have regulatory authority related to privacy?

Under the Driver's Privacy Protection Act (DPPA), which of the following parties would require consent of an individual in order to obtain his or her Department of Motor Vehicle information?

The use of cookies on a website by a service provider is generally not deemed a 'sale' of personal information by CCPA, as long as which of the following conditions is met?

Which of the following conditions would NOT be sufficient to excuse an entity from providing breach notification under state law?

Which of the following data elements is most likely to be subject to comprehensive state data security and privacy laws?

Which power was NOT granted to the California Privacy Protection Agency by the California Privacy Rights Act (CPRA)?

Which of the following most accurately describes the regulatory status ot pandemic contact-tracing apps in the United States?

Due to cookie deprecation, businesses will be required to simplify their tracking practices by doing what?

A software company wants to use web scraping to collect personal data from professional networking websites in order to train an artificial intelligence program to evaluate Job applications. The company has identified several actions for limiting their potential legal liability regarding affected data subjects and professional networking websites. Which of the following would be the least effective action for helping them do this?

According to the Family Educational Rights and Privacy Act (FERPA). when can a school disclose records without a student's consent?

Question 170 - CIPP-US discussion

Report

What was unique about the action that the Federal Trade Commission took against B.J.'s Wholesale Club in 2005?

A.

It made third-party audits a penalty for policy violations.

B.

It was based on matters of fairness rather than deception.

C.

It was the first substantial U.S.-EU Safe Harbor enforcement.

D.

It made user consent mandatory after any revisions of policy.

Suggested answer: B

Explanation:

The Federal Trade Commission (FTC) is the primary federal agency that enforces consumer privacy and data security laws in the United States. The FTC has the authority to bring enforcement actions against businesses that engage in unfair or deceptive acts or practices that affect commerce, under Section 5 of the FTC Act. Unfair acts or practices are those that cause or are likely to cause substantial injury to consumers that is not reasonably avoidable by consumers and is not outweighed by countervailing benefits to consumers or competition. Deceptive acts or practices are those that involve a material representation, omission, or practice that is likely to mislead consumers acting reasonably under the circumstances.

The FTC's action against B.J.'s Wholesale Club in 2005 was unique because it was based on matters of fairness rather than deception. The FTC alleged that B.J.'s Wholesale Club, a retailer that operates warehouse stores and gas stations, failed to provide reasonable security for the sensitive information of its customers, such as name, card number, and expiration date, that it collected from the magnetic stripes of credit and debit cards. The FTC claimed that this information was used by unauthorized persons to make millions of dollars of fraudulent purchases. The FTC did not allege that B.J.'s Wholesale Club made any false or misleading statements or omissions about its data security practices, but rather that its failure to take appropriate security measures was an unfair practice that violated Section 5 of the FTC Act. The FTC argued that B.J.'s Wholesale Club's lax security caused or was likely to cause substantial injury to consumers that was not reasonably avoidable by consumers and was not outweighed by any benefits to consumers or competition.

The FTC's action against B.J.'s Wholesale Club was one of the first cases in which the FTC used its unfairness authority to address data security issues, and it set a precedent for future enforcement actions against businesses that fail to protect consumer data. The settlement required B.J.'s Wholesale Club to implement a comprehensive information security program and obtain audits by an independent third-party security professional every other year for 20 years.Reference:

FTC Complaint, Paragraphs 1-23

FTC Agreement Containing Consent Order, Paragraphs 1-9

FTC Analysis of Proposed Consent Order to Aid Public Comment, Pages 1-3

[IAPP CIPP/US Study Guide], Pages 69-70

Show Answer

asked 22/11/2024

Hicham Kaoussi

28 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first