CIPP-US exam

What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?A . A consent decreeB . Stare decisis decreeC . A judgment riderD . Common law judgmentView AnswerAnswer: A Explanation: A consent decree is a legal document that resolves...

What practice do courts commonly require in order to protect certain personal information on documents, whether paper or electronic, that is involved in litigation?A . RedactionB . EncryptionC . DeletionD . HashingView AnswerAnswer: A Explanation: Redaction is the permanent removal of sensitive data―the digital equivalent of “blacking out” text in...

SCENARIO Please use the following to answer the next QUESTION: You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth,...

Under the Telemarketing Sales Rule, what characteristics of consent must be in place for an organization to acquire an exception to the Do-Not-Call rules for a particular consumer?A . The consent must be in writing, must state the times when calls can be made to the consumer and must be...

What is the main purpose of the Global Privacy Enforcement Network?A . To promote universal cooperation among privacy authoritiesB . To investigate allegations of privacy violations internationallyC . To protect the interests of privacy consumer groups worldwideD . To arbitrate disputes between countries over jurisdiction for privacy lawsView AnswerAnswer: A...

What are banks required to do under the Gramm-Leach-Bliley Act (GLBA)?A . Conduct annual consumer surveys regarding satisfaction with user preferencesB . Process requests for changes to user preferences within a designated time frameC . Provide consumers with the opportunity to opt out of receiving telemarketing phone callsD . Offer...

What is the main reason some supporters of the European approach to privacy are skeptical about self- regulation of privacy practices?A . A large amount of money may have to be sent on improved technology and securityB . Industries may not be strict enough in the creation and enforcement of...

An organization self-certified under Privacy Shield must, upon request by an individual, do what?A . Suspend the use of all personal information collected by the organization to fulfill its original purpose.B . Provide the identities of third parties with whom the organization shares personal information.C . Provide the identities of...

Which of the following types of information would an organization generally NOT be required to disclose to law enforcement?A . Information about medication errors under the Food, Drug and Cosmetic ActB . Money laundering information under the Bank Secrecy Act of 1970C . Information about workspace injuries under OSHA requirementsD...

If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?A . Uses the transferred data for limited purposesB . Provides the same level of privacy protection as...