IAPP CIPP-C Certified Information Privacy Professional/ Canada (CIPP/C) Online Training
IAPP CIPP-C Online Training
The questions for CIPP-C were last updated at Apr 04,2025.
- Exam Code: CIPP-C
- Exam Name: Certified Information Privacy Professional/ Canada (CIPP/C)
- Certification Provider: IAPP
- Latest update: Apr 04,2025
SCENARIO
Please use the following to answer the next QUESTION:
Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state’s Do Not Call list, as well as the people on it. “If they were really serious about not being bothered,” Evan said, “They’d be on the national DNC list. That’s the only one we’re required to follow. At SunriseLynx, we call until they ask us not to.”
Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call “another time.” This, to Larry, is a clear indication that they don’t want to be called at all. Evan doesn’t see it that way.
Larry believes that Evan’s arrogance also affects the way he treats employees. The U.S. Constitution protects
American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly, even connecting with employees on social media. However, following Evan’s political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.
Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan’s leadership.
Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentioned this to a coworker, his concern was met with a shrug. It was the coworker’s belief that employees agreed to be monitored when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.
Larry wants to take action, but is uncertain how to proceed.
Based on the way he uses social media, Evan is susceptible to a lawsuit based on?
- A . Defamation
- B . Discrimination
- C . Intrusion upon seclusion
- D . Publicity given to private life
SCENARIO
Please use the following to answer the next QUESTION
Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asia. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in the Cross-Border Privacy Rules system of the APEC Privacy Framework.
Unfortunately, Filtration Station suffered a data breach in the previous quarter. An unknown third party was able to gain access to Filtration Station’s network and was able to steal data relating to employees in the company’s Human Resources database, which is hosted by a third-party cloud provider based in the U.S. The HR data is encrypted. Filtration Station also uses the third-party cloud provider to host its business marketing contact database. The marketing database was not affected by the data breach. It appears that the data breach was caused when a system administrator at the cloud provider stored the encryption keys with the data itself.
The Board has asked Otto to provide information about the data breach and how updates on new developments in privacy laws and regulations apply to Filtration Station. They are particularly concerned about staying up to date on the various U.S. state laws and regulations that have been in the news, especially the California Consumer Privacy Act (CCPA) and breach notification requirements.
What can Otto do to most effectively minimize the privacy risks involved in using a cloud provider for the HR data?
- A . Request that the Board sign off in a written document on the choice of cloud provider.
- B . Ensure that the cloud provider abides by the contractual requirements by conducting an on-site audit.
- C . Obtain express consent from employees for storing the HR data in the cloud and keep a record of the employee consents.
- D . Negotiate a Business Associate Agreement with the cloud provider to protect any health-related data employees might share with Filtration Station.
What does the Massachusetts Personal Information Security Regulation require as it relates to encryption of personal information?
- A . The encryption of all personal information of Massachusetts residents when all equipment is located in Massachusetts.
- B . The encryption of all personal information stored in Massachusetts-based companies when all equipment is located in Massachusetts.
- C . The encryption of personal information stored in Massachusetts-based companies when stored on portable devices.
- D . The encryption of all personal information of Massachusetts residents when stored on portable devices.
Within what time period must a commercial message sender remove a recipient’s address once they have asked to stop receiving future e-mail?
- A . 7 days
- B . 10 days
- C . 15 days
- D . 21 days
The Video Privacy Protection Act of 1988 restricted which of the following?
- A . Which purchase records of audio visual materials may be disclosed
- B . When downloading of copyrighted audio visual materials is allowed
- C . When a user’s viewing of online video content can be monitored
- D . Who advertisements for videos and video games may target
Which of the following best describes an employer’s privacy-related responsibilities to an employee who has left the workplace?
- A . An employer has a responsibility to maintain a former employee’s access to computer systems and company data needed to support claims against the company such as discrimination.
- B . An employer has a responsibility to permanently delete or expunge all sensitive employment records to minimize privacy risks to both the employer and former employee.
- C . An employer may consider any privacy-related responsibilities terminated, as the relationship between employer and employee is considered primarily contractual.
- D . An employer has a responsibility to maintain the security and privacy of any sensitive employment records retained for a legitimate business purpose.
SCENARIO
Please use the following to answer the next QUESTION
Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asia. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in the Cross-Border Privacy Rules system of the APEC Privacy Framework.
Unfortunately, Filtration Station suffered a data breach in the previous quarter. An unknown third party was able to gain access to Filtration Station’s network and was able to steal data relating to employees in the company’s Human Resources database, which is hosted by a third-party cloud provider based in the U.S. The HR data is encrypted. Filtration Station also uses the third-party cloud provider to host its business marketing contact database. The marketing database was not affected by the data breach. It appears that the data breach was caused when a system administrator at the cloud provider stored the encryption keys with the data itself.
The Board has asked Otto to provide information about the data breach and how updates on new developments in privacy laws and regulations apply to Filtration Station. They are particularly concerned about staying up to date on the various U.S. state laws and regulations that have been in the news, especially the California Consumer Privacy Act (CCPA) and breach notification requirements.
The Board has asked Otto whether the company will need to comply with the new California Consumer Privacy Law (CCPA) .
What should Otto tell the Board?
- A . That CCPA will apply to the company only after the California Attorney General determines that it will enforce the statute.
- B . That the company is governed by CCPA, but does not need to take any additional steps because it follows CPBR.
- C . That business contact information could be considered personal information governed by CCPA.
- D . That CCPA only applies to companies based in California, which exempts the company from compliance.
What is the main reason some supporters of the European approach to privacy are skeptical about self- regulation of privacy practices?
- A . A large amount of money may have to be sent on improved technology and security
- B . Industries may not be strict enough in the creation and enforcement of rules
- C . A new business owner may not understand the regulations
- D . Human rights may be disregarded for the sake of privacy
The “Consumer Privacy Bill of Rights” presented in a 2012 Obama administration report is generally based on?
- A . The 1974 Privacy Act
- B . Common law principles
- C . European Union Directive
- D . Traditional fair information practices
SCENARIO
Please use the following to answer the next QUESTION:
A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices.
The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal data. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: “Please act immediately by identifying all personal data received from our company.”
This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup’s rapid market penetration.
As the Company’s data privacy leader, you are sensitive to the criticality of the relationship with the retailer.
Upon review, the data privacy leader discovers that the Company’s documented data inventory is obsolete .
What is the data privacy leader’s next best source of information to aid the investigation?
- A . Reports on recent purchase histories
- B . Database schemas held by the retailer
- C . Lists of all customers, sorted by country
- D . Interviews with key marketing personnel
Latest CIPP-C Dumps Valid Version with 150 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
