IAPP CIPP-C Certified Information Privacy Professional/ Canada (CIPP/C) Online Training
IAPP CIPP-C Online Training
The questions for CIPP-C were last updated at Apr 06,2025.
- Exam Code: CIPP-C
- Exam Name: Certified Information Privacy Professional/ Canada (CIPP/C)
- Certification Provider: IAPP
- Latest update: Apr 06,2025
In March 2012, the FTC released a privacy report that outlined three core principles for companies handling consumer data .
Which was NOT one of these principles?
- A . Simplifying consumer choice.
- B . Enhancing security measures.
- C . Practicing Privacy by Design.
- D . Providing greater transparency.
What information did the Red Flag Program Clarification Act of 2010 add to the original Red Flags rule?
- A . The most common methods of identity theft.
- B . The definition of what constitutes a creditor.
- C . The process for proper disposal of sensitive data.
- D . The components of an identity theft detection program.
Under the Fair Credit Reporting Act (FCRA), what must a person who is denied employment based upon his credit history receive?
- A . A prompt notification from the employer.
- B . An opportunity to reapply with the employer.
- C . Information from several consumer reporting agencies (CRAs).
- D . A list of rights from the Consumer Financial Protection Bureau (CFPB).
Which venture would be subject to the requirements of Section 5 of the Federal Trade Commission Act?
- A . A local nonprofit charity’s fundraiser
- B . An online merchant’s free shipping offer
- C . A national bank’s no-fee checking promotion
- D . A city bus system’s frequent rider program
John, a California resident, receives notification that a major corporation with $500 million in annual revenue has experienced a data breach. John’s personal information in their possession has been stolen, including his full name and social security numb. John also learns that the corporation did not have reasonable cybersecurity measures in place to safeguard his personal information.
Which of the following answers most accurately reflects John’s ability to pursue a legal claim against the corporation under the California Consumer Privacy Act (CCPA)?
- A . John has no right to sue the corporation because the CCPA does not address any data breach rights.
- B . John cannot sue the corporation for the data breach because only the state’s Attoney General has authority to file suit under the CCPA.
- C . John can sue the corporation for the data breach but only to recover monetary damages he actually suffered as a result of the data breach.
- D . John can sue the corporation for the data breach to recover monetary damages suffered as a result of the data breach, and in some circumstances seek statutory damages irrespective of whether he suffered any financial harm.
Under the Fair and Accurate Credit Transactions Act (FACTA), what is the most appropriate action for a car dealer holding a paper folder of customer credit reports?
- A . To follow the Disposal Rule by having the reports shredded
- B . To follow the Red Flags Rule by mailing the reports to customers
- C . To follow the Privacy Rule by notifying customers that the reports are being stored
- D . To follow the Safeguards Rule by transferring the reports to a secure electronic file
The rules for “e-discovery” mainly prevent which of the following?
- A . A conflict between business practice and technological safeguards
- B . The loss of information due to poor data retention practices
- C . The practice of employees using personal devices for work
- D . A breach of an organization’s data retention program
What consumer service was the Fair Credit Reporting Act (FCRA) originally intended to provide?
- A . The ability to receive reports from multiple credit reporting agencies.
- B . The ability to appeal negative credit-based decisions.
- C . The ability to correct inaccurate credit information.
- D . The ability to investigate incidents of identity theft.
SCENARIO
Please use the following to answer the next QUESTION:
Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical fitness goals through classes, individual instruction, and access to an extensive indoor gym. She has owned the company for ten years and has always been concerned about protecting customer’s privacy while maintaining the highest level of service. She is proud that she has built long-lasting customer relationships.
Although Cheryl and her staff have tried to make privacy protection a priority, the company has no formal privacy policy. So Cheryl hired Janice, a privacy professional, to help her develop one.
After an initial assessment, Janice created a first of a new policy. Cheryl read through the draft and was concerned about the many changes the policy would bring throughout the company. For example, the draft policy stipulates that a customer’s personal information can only be held for one year after paying for a service such as a session with personal trainer. It also promises that customer information will not be shared with third parties without the written consent of the customer. The wording of these rules worry Cheryl since stored personal information often helps her company to serve her customers, even if there are long pauses between their visits. In addition, there are some third parties that provide crucial services, such as aerobics instructors who teach classes on a contract basis. Having access to customer files and understanding the fitness levels of their students helps instructors to organize their classes.
Janice understood Cheryl’s concerns and was already formulating some ideas for revision. She tried to put Cheryl at ease by pointing out that customer data can still be kept, but that it should be classified according to levels of sensitivity. However, Cheryl was skeptical. It seemed that classifying data and treating each type differently would cause undue difficulties in the company’s day-to-day operations. Cheryl wants one simple data storage and access system that any employee can access if needed.
Even though the privacy policy was only a draft, she was beginning to see that changes within her company were going to be necessary. She told Janice that she would be more comfortable with implementing the new policy gradually over a period of several months, one department at a time. She was also interested in a layered approach by creating documents listing applicable parts of the new policy for each department.
Based on the scenario, which of the following would have helped Janice to better meet the company’s needs?
- A . Creating a more comprehensive plan for implementing a new policy
- B . Spending more time understanding the company’s information goals
- C . Explaining the importance of transparency in implementing a new policy
- D . Removing the financial burden of the company’s employee training program
What is the main challenge financial institutions face when managing user preferences?
- A . Ensuring they are in compliance with numerous complex state and federal privacy laws
- B . Developing a mechanism for opting out that is easy for their consumers to navigate
- C . Ensuring that preferences are applied consistently across channels and platforms
- D . Determining the legal requirements for sharing preferences with their affiliates
Latest CIPP-C Dumps Valid Version with 150 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
