Which of the following is TRUE about the Data Protection Impact Assessment (DPIA) process as required under the General Data Protection Regulation (GDPR)?
Which of the following is TRUE about the Data Protection Impact Assessment (DPIA) process as required under the General Data Protection Regulation (GDPR)?A . The DPIA result must be reported to the corresponding supervisory authority. B. The DPIA report must be published to demonstrate the transparency of the data processing....
What must be done to maintain the program and develop it beyond just a data breach prevention program? How can you build on your success?
SCENARIO Please use the following to answer the next QUESTION: As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomplishments so far. Your hiring was precipitated by warnings from regulatory agencies following a series of relatively minor data breaches that could easily have...
Which of the following privacy frameworks are legally binding?
Which of the following privacy frameworks are legally binding?A . Binding Corporate Rules (BCRs). B. Generally Accepted Privacy Principles (GAPP). C. Asia-Pacific Economic Cooperation (APEC) Privacy Framework. D. Organization for Economic Co-Operation and Development (OECD) Guidelines.View AnswerAnswer: A
What key mistake set the company up to be vulnerable to a security breach?
SCENARIO Please use the following to answer the next QUESTION: Martin Briseño is the director of human resources at the Canyon City location of the U.S. hotel chain Pacific Suites. In 1998, Briseño decided to change the hotel’s on-the-job mentoring model to a standardized training program for employees who were...
What is a key feature of the privacy metric template adapted from the National Institute of Standards and Technology (NIST)?
What is a key feature of the privacy metric template adapted from the National Institute of Standards and Technology (NIST)?A . It provides suggestions about how to collect and measure data. B. It can be tailored to an organization's particular needs. C. It is updated annually to reflect changes in...
Which of the following is TRUE about a PIA (Privacy Impact Analysis)?
Which of the following is TRUE about a PIA (Privacy Impact Analysis)?A . Any project that involves the use of personal data requires a PIA B. A Data Protection Impact Analysis (DPIA) process includes a PIA C. The PIA must be conducted at the early stages of the project lifecycle...
Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?
Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?A . An obligation on the processor to report any personal data breach to the controller within 72 hours. B. An obligation...
What should you advise this company regarding the status of security cameras at their offices in the United States?
SCENARIO Please use the following to answer the next QUESTION: Perhaps Jack Kelly should have stayed in the U.S. He enjoys a formidable reputation inside the company, Special Handling Shipping, for his work in reforming certain "rogue" offices. Last year, news broke that a police sting operation had revealed a...
What process can best answer your Questions about the vendor’s data security safeguards?
SCENARIO Please use the following to answer the next QUESTION: Your organization, the Chicago (U.S.)-based Society for Urban Greenspace, has used the same vendor to operate all aspects of an online store for several years. As a small nonprofit, the Society cannot afford the higher-priced options, but you have been...
What does it mean to have a “managed” privacy program, according to the AICPA/CICA Privacy Maturity Model?
SCENARIO Please use the following to answer the next QUESTION: As they company’s new chief executive officer, Thomas Goddard wants to be known as a leader in data protection. Goddard recently served as the chief financial officer of Hoopy.com, a pioneer in online video viewing with millions of users around...