CIPM Exam Questions

Which of the following changes typically does NOT require a Privacy Impact Assessment (PIA)?

A Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA) and Data Protection Impact Assessment (DPIA) are conducted during what phase of a System Development Life Cycle...

Which privacy principles and guidelines helped form the basis for the EU Data Protection Directive and The General Data Protection Regulation (GDPR)?

Protection from threats to facilities, systems that process and store electronic copies, and IT work/equipment locations best describes which category of security control?

A company has started developing a privacy program. The Data Protection Officer (DPO) has been working long hours to develop cohesive procedures and processes; however, he failed t...

SCENARIO Please use the following to answer the next question: Felicity is the Chief Executive Officer (CEO) of an international clothing company that does business in several coun...

SCENARIO Please use the following to answer the next question: Felicity is the Chief Executive Officer (CEO) of an international clothing company that does business in several coun...

SCENARIO Please use the following to answer the next question: Felicity is the Chief Executive Officer (CEO) of an international clothing company that does business in several coun...

SCENARIO Please use the following to answer the next question: Felicity is the Chief Executive Officer (CEO) of an international clothing company that does business in several coun...

Integrating privacy requirements into functional areas across the organization happens at which stage of the privacy operational lifecycle?

Which item below best represents how a Privacy Group can effectively communicate with functional areas?

What is the most secure standard for disposition of a hard drive containing personal data?

Which of the following would NOT be beneficial in integrating privacy requirements and representation into functional areas across an organization?

Which of the following is a common disadvantage of a third-party audit?

SCENARIO Please use the following to answer the next question: Jonathan recently joined a healthcare payment processing solutions company as a senior privacy manager. One morning,...

SCENARIO Please use the following to answer the next question: Jonathan recently joined a healthcare payment processing solutions company as a senior privacy manager. One morning,...

SCENARIO Please use the following to answer the next question: Jonathan recently joined a healthcare payment processing solutions company as a senior privacy manager. One morning,...

Internal audits add value to the privacy program primarily though what?

The owner of an ice cream store has decided to begin accepting credit and debit cards for payment. To comply with industry standards, the owner will need to do which of the followi...

You are the Privacy Officer (PO) at a University. Recently, the police have contacted you as they suspect that one of your students is using a library computer to commit financial...

What is the name for the privacy strategy model that describes delegated decision making?

Which aspect of a privacy program can best aid an organization's response time to a Data Subject Access Request (DSAR)?

All of the following are components of a data collection notice EXCEPT identification of?

Under the General Data Protection Regulation (GDPR), what obligation does a data controller or processor have after appointing a Data Protection Officer (DPO)?

Under the European Data Protection Board (formerly Article 29 Working Party), which Processing operation would require a Data Protection Impact Assessment (DPIA)?

What is the Privacy Officer's first action after being told that her firm is planning to sell its credit card processing business?

SCENARIO Please use the following to answer the next question: You were recently hired by InStyle Data Corp. as a privacy manager to help InStyle Data Corp. became compliant with a...

SCENARIO Please use the following to answer the next question: You were recently hired by InStyle Data Corp. as a privacy manager to help InStyle Data Corp. became compliant with a...

SCENARIO Please use the following to answer the next question: You were recently hired by InStyle Data Corp. as a privacy manager to help InStyle Data Corp. became compliant with a...

The least useful metric for optimizing the design of your data subject request workflow is tracking the number of data subjects who?

During a merger and acquisition, the most comprehensive review of privacy risks and gaps occurs when conducting what activity?

When vetting third-party processors of data protected by the General Data Protection Regulation (GDPR), why is it important to know the physical location of stored personal data fr...

Which of the following conditions will definitely trigger a Data Protection Impact Assessment (DPIA)?

Which of the following information must be provided by the data controller when complying with the General Data Protection Regulation (GDPR) "right to access" requirements?

Post-liquidation, a company that has acquired assets would require separate consent from a data subject if personally identifiable data were being retained for which purpose?

Training and awareness metrics in a privacy program are necessary to?

A "right to erasure" request could be rejected if the processing of personal data is for?

A marketing team regularly exports spreadsheets to use for analysis including customer name, birthdate and home address. These spreadsheets are routinely shared between members of...

The best way to help ensure that reasonable and appropriate security measures are in place to protect personal data is to establish?

As the Data Protection Officer (DPO) for the growing company, Vision 3468, what would be the most cost effective way to monitor changes in laws and regulations?

All the following are responsibilities of a privacy program manager EXCEPT:

Relating to Privacy Law, which term can best be defined as being able to prove that an organization is acting and demonstrating compliance with applicable laws?

Relating to Privacy Law, which term can best be defined as to guide a privacy function toward compliance with legal obligations and the organization's business objectives and goals...

Regarding privacy governance, which of the following describes where an organization stands on privacy?

In which component of privacy governance does an organization identify what personal information is processed and determine privacy obligations?

Which component of privacy governance is defined as the organization's approach to communicating and obtaining support for the privacy program?

During which component of Privacy Governance might a company gain buy-in to a new privacy program by conducting interviews and establishing program sponsors throughout the organiza...

Which privacy team model gives the most freedom of flexibility and a sense of ownership while allowing everyone to learn what works best for them, but it takes the most time to imp...

Assuming that a candidate is qualified, which requirements must be met when appointing a Data Protection Officer?

Which of the following data assessments is described as, 揳n analysis of the privacy risks associated with processing personal information in relation to a project, product, or serv...