• Home
  • Articles
  • [Aug-2022] Valid Way To Pass IAPP Exam Dumps with CIPP-US Exam Study Guide [Q50-Q73]

[Aug-2022] Valid Way To Pass IAPP Exam Dumps with CIPP-US Exam Study Guide [Q50-Q73]

Share

[Aug-2022] Valid Way To Pass IAPP Exam Dumps with CIPP-US Exam Study Guide

All CIPP-US Dumps and Certified Information Privacy Professional/United States (CIPP/US) Training Courses Help candidates to study and pass the Exams hassle-free!


For more info visit:

The IAPP CIPP-US: Certified Information Privacy Professional/United States (CIPP/US)

 

NEW QUESTION 50
What are banks required to do under the Gramm-Leach-Bliley Act (GLBA)?

  • A. Provide consumers with the opportunity to opt out of receiving telemarketing phone calls
  • B. Offer an Opt-Out before transferring PI to an unaffiliated third party for the latter's own use
  • C. Conduct annual consumer surveys regarding satisfaction with user preferences
  • D. Process requests for changes to user preferences within a designated time frame

Answer: B

Explanation:
Explanation/Reference: https://www.investopedia.com/terms/g/glba.asp

 

NEW QUESTION 51
Which of the following types of information would an organization generally NOT be required to disclose to law enforcement?

  • A. Personal health information under the HIPAA Privacy Rule
  • B. Information about workspace injuries under OSHA requirements
  • C. Money laundering information under the Bank Secrecy Act of 1970
  • D. Information about medication errors under the Food, Drug and Cosmetic Act

Answer: A

 

NEW QUESTION 52
SCENARIO
Please use the following to answer the next QUESTION
When there was a data breach involving customer personal and financial information at a large retail store, the company's directors were shocked. However, Roberta, a privacy analyst at the company and a victim of identity theft herself, was not. Prior to the breach, she had been working on a privacy program report for the executives. How the company shared and handled data across its organization was a major concern. There were neither adequate rules about access to customer information nor procedures for purging and destroying outdated dat a. In her research, Roberta had discovered that even low- level employees had access to all of the company's customer data, including financial records, and that the company still had in its possession obsolete customer data going back to the 1980s.
Her report recommended three main reforms. First, permit access on an as-needs-to-know basis. This would mean restricting employees' access to customer information to data that was relevant to the work performed. Second, create a highly secure database for storing customers' financial information (e.g., credit card and bank account numbers) separate from less sensitive information. Third, identify outdated customer information and then develop a process for securely disposing of it.
When the breach occurred, the company's executives called Roberta to a meeting where she presented the recommendations in her report. She explained that the company having a national customer base meant it would have to ensure that it complied with all relevant state breach notification laws. Thanks to Roberta's guidance, the company was able to notify customers quickly and within the specific timeframes set by state breach notification laws.
Soon after, the executives approved the changes to the privacy program that Roberta recommended in her report. The privacy program is far more effective now because of these changes and, also, because privacy and security are now considered the responsibility of every employee.
Based on the problems with the company's privacy security that Roberta identifies, what is the most likely cause of the breach?

  • A. Fraud involving credit card theft at point-of-service terminals.
  • B. Mishandling of information caused by lack of access controls.
  • C. Lost company property such as a computer or flash drive.
  • D. Unintended disclosure of information shared with a third party.

Answer: B

 

NEW QUESTION 53
What was the original purpose of the Foreign Intelligence Surveillance Act?

  • A. To further define what information can reasonably be under surveillance in public places under the USA PATRIOT Act, such as Internet access in public libraries.
  • B. To further clarify a reasonable expectation of privacy stemming from the Katz v. United States decision.
  • C. To further define a framework for authorizing wiretaps by the executive branch for national security purposes under Article II of the Constitution.
  • D. To further clarify when a warrant is not required for a wiretap performed internally by the telephone company outside the suspect's home, stemming from the Olmstead v. United States decision.

Answer: A

 

NEW QUESTION 54
Which of the following best describes the ASIA-Pacific Economic Cooperation (APEC) principles?

  • A. A baseline of marketers' minimum responsibilities for providing opt-out mechanisms.
  • B. A bill of rights for individuals seeking access to their personal information.
  • C. A code of responsibilities for medical establishments to uphold privacy laws.
  • D. An international court ruling on personal information held in the commercial sector.

Answer: B

 

NEW QUESTION 55
Which of the following laws is NOT involved in the regulation of employee background checks?

  • A. The Gramm-Leach-Bliley Act (GLBA).
  • B. The California Investigative Consumer Reporting Agencies Act (ICRAA).
  • C. The Civil Rights Act.
  • D. The U.S. Fair Credit Reporting Act (FCRA).

Answer: A

 

NEW QUESTION 56
Which of the following describes the most likely risk for a company developing a privacy policy with standards that are much higher than its competitors?

  • A. Attracting skepticism from auditors
  • B. Getting accused of discriminatory practices
  • C. Being more closely scrutinized for any breaches of policy
  • D. Having a security system failure

Answer: C

 

NEW QUESTION 57
The FTC often negotiates consent decrees with companies found to be in violation of privacy principles. How does this benefit both parties involved?

  • A. It standardizes the amount of fines.
  • B. It simplifies the audit requirements.
  • C. It spares the expense of going to trial.
  • D. It avoids potentially harmful publicity.

Answer: D

 

NEW QUESTION 58
Which federal law or regulation preempts state law?

  • A. Electronic Communications Privacy Act of 1986
  • B. Telemarketing Sales Rule
  • C. Health Insurance Portability and Accountability Act
  • D. Controlling the Assault of Non-Solicited Pornography and Marketing Act

Answer: C

 

NEW QUESTION 59
A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than
500 individuals. According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?

  • A. Medical providers
  • B. The local media
  • C. The affected individuals
  • D. Department of Health and Human Services

Answer: A

Explanation:
Explanation/Reference: https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf (page 6)

 

NEW QUESTION 60
In 2014, Google was alleged to have violated the Family Educational Rights and Privacy Act (FERPA) through its Apps for Education suite of tools. For what specific practice did students sue the company?

  • A. Disclosing education records without obtaining required consent
  • B. Relying on verbal consent for a disclosure of education records
  • C. Scanning emails sent to and received by students
  • D. Making student education records publicly available

Answer: C

 

NEW QUESTION 61
Most states with data breach notification laws indicate that notice to affected individuals must be sent in the
"most expeditious time possible without unreasonable delay." By contrast, which of the following states currently imposes a definite limit for notification to affected individuals?

  • A. California
  • B. Maine
  • C. New York
  • D. Florida

Answer: D

Explanation:
Explanation/Reference: https://www.itgovernanceusa.com/data-breach-notification-laws

 

NEW QUESTION 62
In what way is the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act intended to help consumers?

  • A. By requiring companies to allow consumers to opt-out of future e-mails.
  • B. By prohibiting companies from sending objectionable content through unsolicited e-mails.
  • C. By providing consumers with free spam-filtering software.
  • D. By requiring a company to receive an opt-in before sending any advertising e-mails.

Answer: B

 

NEW QUESTION 63
SCENARIO
Please use the following to answer the next QUESTION:
Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state's Do Not Call list, as well as the people on it. "If they were really serious about not being bothered," Evan said, "They'd be on the national DNC list. That's the only one we're required to follow. At SunriseLynx, we call until they ask us not to." Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call "another time." This, to Larry, is a clear indication that they don't want to be called at all. Evan doesn't see it that way.
Larry believes that Evan's arrogance also affects the way he treats employees. The U.S. Constitution protects American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly, even connecting with employees on social medi a. However, following Evan's political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.
Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan's leadership.
Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentioned this to a coworker, his concern was met with a shrug. It was the coworker's belief that employees agreed to be monitored when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.
Larry wants to take action, but is uncertain how to proceed.
Which act would authorize Evan's undercover investigation?

  • A. The Whistleblower Protection Act
  • B. The Fair and Accurate Credit Transactions Act (FACTA)
  • C. The Stored Communications Act (SCA)
  • D. The National Labor Relations Act (NLRA)

Answer: D

 

NEW QUESTION 64
Which federal agency plays a role in privacy policy, but does NOT have regulatory authority?

  • A. The Department of Commerce.
  • B. The Federal Communications Commission.
  • C. The Department of Transportation.
  • D. The Office of the Comptroller of the Currency.

Answer: C

 

NEW QUESTION 65
What does the Massachusetts Personal Information Security Regulation require as it relates to encryption of personal information?

  • A. The encryption of all personal information stored in Massachusetts-based companies when all equipment is located in Massachusetts.
  • B. The encryption of personal information stored in Massachusetts-based companies when stored on portable devices.
  • C. The encryption of all personal information of Massachusetts residents when stored on portable devices.
  • D. The encryption of all personal information of Massachusetts residents when all equipment is located in Massachusetts.

Answer: C

 

NEW QUESTION 66
SCENARIO
Please use the following to answer the next QUESTION:
Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse.
Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients' Protected Health Information (PHI). Therefore, he is thinking carefully about privacy issues.
On the morning of his first day, Declan noticed that the newly hired receptionist handed each patient a HIPAA privacy notice. He wondered if it was necessary to give these privacy notices to returning patients, and if the radiology department could reduce paper waste through a system of one-time distribution.
He was also curious about the hospital's use of a billing company. He Questioned whether the hospital was doing all it could to protect the privacy of its patients if the billing company had details about patients' care.
On his first day Declan became familiar with all areas of the hospital's large radiology department. As he was organizing equipment left in the halfway, he overheard a conversation between two hospital administrators. He was surprised to hear that a portable hard drive containing non-encrypted patient information was missing. The administrators expressed relief that the hospital would be able to avoid liability. Declan was surprised, and wondered whether the hospital had plans to properly report what had happened.
Despite Declan's concern about this issue, he was amazed by the hospital's effort to integrate Electronic Health Records (EHRs) into the everyday care of patients. He thought about the potential for streamlining care even more if they were accessible to all medical facilities nationwide.
Declan had many positive interactions with patients. At the end of his first day, he spoke to one patient, John, whose father had just been diagnosed with a degenerative muscular disease. John was about to get blood work done, and he feared that the blood work could reveal a genetic predisposition to the disease that could affect his ability to obtain insurance coverage. Declan told John that he did not think that was possible, but the patient was wheeled away before he could explain why. John plans to ask a colleague about this.
In one month, Declan has a paper due for one his classes on a health topic of his choice. By then, he will have had many interactions with patients he can use as examples. He will be pleased to give credit to John by name for inspiring him to think more carefully about genetic testing.
Although Declan's day ended with many Questions, he was pleased about his new position.
How can the radiology department address Declan's concern about paper waste and still comply with the Health Insurance Portability and Accountability Act (HIPAA)?

  • A. Post the privacy notice in a prominent location instead
  • B. Confirm that patients are given the privacy notice on their first visit
  • C. State the privacy policy to the patient verbally
  • D. Direct patients to the correct area of the hospital website

Answer: D

Explanation:
Section: (none)
Explanation

 

NEW QUESTION 67
What important action should a health care provider take if the she wants to qualify for funds under the Health Information Technology for Economic and Clinical Health Act (HITECH)?

  • A. Keep electronic updates about the Health Insurance Portability and Accountability Act
  • B. Bill the majority of patients electronically for their health care
  • C. Make electronic health records (EHRs) part of regular care
  • D. Send health information and appointment reminders to patients electronically

Answer: C

 

NEW QUESTION 68
Which authority supervises and enforces laws regarding advertising to children via the Internet?

  • A. The Federal Communications Commission
  • B. The Department of Homeland Security
  • C. The Office for Civil Rights
  • D. The Federal Trade Commission

Answer: D

 

NEW QUESTION 69
SCENARIO
Please use the following to answer the next QUESTION
Felicia has spent much of her adult life overseas, and has just recently returned to the U.S. to help her friend Celeste open a jewelry store in Californi a. Felicia, despite being excited at the prospect, has a number of security concerns, and has only grudgingly accepted the need to hire other employees. In order to guard against the loss of valuable merchandise, Felicia wants to carefully screen applicants. With their permission, Felicia would like to run credit checks, administer polygraph tests, and scrutinize videos of interviews. She intends to read applicants' postings on social media, ask Question:s about drug addiction, and solicit character references. Felicia believes that if potential employees are serious about becoming part of a dynamic new business, they will readily agree to these requirements.
Felicia is also in favor of strict employee oversight. In addition to protecting the inventory, she wants to prevent mistakes during transactions, which will require video monitoring. She also wants to regularly check the company vehicle's GPS for locations visited by employees. She also believes that employees who use their own devices for work-related purposes should agree to a certain amount of supervision.
Given her high standards, Felicia is skeptical about the proposed location of the store. She has been told that many types of background checks are not allowed under California law. Her friend Celeste thinks these worries are unfounded, as long as applicants verbally agree to the checks and are offered access to the results. Nor does Celeste share Felicia's concern about state breach notification laws, which, she claims, would be costly to implement even on a minor scale. Celeste believes that even if the business grows a customer database of a few thousand, it's unlikely that a state agency would hassle an honest business if an accidental security incident were to occur.
In any case, Celeste feels that all they need is common sense - like remembering to tear up sensitive documents before throwing them in the recycling bin. Felicia hopes that she's right, and that all of her concerns will be put to rest next month when their new business consultant (who is also a privacy professional) arrives from North Carolina.
Regarding credit checks of potential employees, Celeste has a misconception regarding what?

  • A. Records retention policies
  • B. Consent requirements.
  • C. Disclosure requirements.
  • D. Employment-at-will rules.

Answer: B

 

NEW QUESTION 70
A company's employee wellness portal offers an app to track exercise activity via users' mobile devices. Which of the following design techniques would most effectively inform users of their data privacy rights and privileges when using the app?

  • A. Offer information about data collection and uses at key data entry points.
  • B. Provide a link to the wellness program privacy policy at the bottom of each screen.
  • C. Present a privacy policy to users during the wellness program registration process.
  • D. Publish a privacy policy written in clear, concise, and understandable language.

Answer: C

 

NEW QUESTION 71
What role does the U.S. Constitution play in the area of workplace privacy?

  • A. It provides significant protections to federal and state governments, but not to private-sector employment
  • B. It provides contractual protections to members of labor unions, but not to employees at will
  • C. It provides enforcement resources to large employers, but not to small businesses
  • D. It provides legal precedent for physical information security, but not for electronic security

Answer: D

 

NEW QUESTION 72
SCENARIO
Please use the following to answer the next question:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.
"Doing your network?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?"
"It's asking questions about my opinions."
"Let me see," Matt said, and began reading the list of questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten." Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities.
Based on the incident, the FTC's enforcement actions against the marketer would most likely include what violation?

  • A. Failing to notify of a breach of children's private information.
  • B. Intruding upon the privacy of a family with young children.
  • C. Collecting information from a child under the age of thirteen.
  • D. Disregarding the privacy policy of the children's marketing industry.

Answer: D

Explanation:
Explanation/Reference: https://www.ftc.gov/system/files/2012-31341.pdf

 

NEW QUESTION 73
......


IAPP CIPP-US: Certified Information Privacy Professional/United States (CIPP/US) Certification Path

The IAPP CIPP-US: Certified Information Privacy Professional/United States (CIPP/US) Certification is one of the major certification organized by IAPP mainly focussing to the area of data privacy. There is no prerequisite for this exam but those professional who having keen to work in the stream of data privacy and want to learn about how to keep your data records safely then IAPP CIPP-US: Certified Information Privacy Professional/United States (CIPP/US) is the right option for them. For more information related to IAPP certification track IAPP-certification-path

 

Get Latest [Aug-2022] Conduct effective penetration tests using ValidTorrent CIPP-US: https://troytec.validtorrent.com/CIPP-US-valid-exam-torrent.html

Related Articles

more
IAPP CIPP-US Certification Practice Exam

Copyright © 2026 ValidTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy