CIPM Exam Questions

Which privacy assessment describes a process designed to identify risks arising out of the processing of personal data and to minimize these risks as much and as early as possible....

Which type of data assessment must be completed according to the European Data Protection Board when evaluating or scoring an individual to determine his or her economic situation?

Information Security is about preserving and protecting information regarding:

All the following statements are TRUE regarding data processing vendors and vendor selection EXCEPT:

Which elements should be included in an organizations privacy policy?

All the following statements regarding privacy policies are true, EXCEPT:

What is the best way to understand the location, use and importance of personal data within an organization?

What are you doing if you succumb to "overgeneralization" when analyzing data from metrics?

In addition to regulatory requirements and business practices, what important factors must a global privacy strategy consider?

What have experts identified as an important trend in privacy program development?

SCENARIO Please use the following to answer the next question: Manasa is a product manager at Omnipresent Omnimedia, where she is responsible for leading the development of the com...

SCENARIO Please use the following to answer the next question: Manasa is a product manager at Omnipresent Omnimedia, where she is responsible for leading the development of the com...

SCENARIO Please use the following to answer the next question: Manasa is a product manager at Omnipresent Omnimedia, where she is responsible for leading the development of the com...

SCENARIO Please use the following to answer the next question: Manasa is a product manager at Omnipresent Omnimedia, where she is responsible for leading the development of the com...

Which statement is FALSE regarding the use of technical security controls?

An organization's privacy officer was just notified by the benefits manager that she accidentally sent out the retirement enrollment report of all employees to a wrong vendor. Whic...

Within privacy laws and regulations, which of the following is a voluntary code of conduct?

Which of the following laws has the purpose of finding a balance between the free flow of data and the protection of the fundamental rights and freedoms of those to whom the data r...

Which article of the GDPR defines the territorial scope of the GDPR?

All the following are TRUE concerning data assessments EXCEPT:

SCENARIO Please use the following to answer the next question: Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has found...

SCENARIO Please use the following to answer the next question: Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has found...

SCENARIO Please use the following to answer the next question: Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has found...

SCENARIO Please use the following to answer the next question: Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has found...

SCENARIO Please use the following to answer the next question: Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has found...

Why were the nongovernmental privacy organizations, Electronic Frontier Foundation (EFF) and Electronic Privacy Information Center (EPIC), established?

What is the main function of the Asia-Pacific Economic Cooperation Privacy Framework?

Which of the following is TRUE about the Data Protection Impact Assessment (DPIA) process as required under the General Data Protection Regulation (GDPR)?

SCENARIO Please use the following to answer the next question: John is the new privacy officer at the prestigious international law firm - A&M LLP. A&M LLP is very proud of its rep...

In privacy protection, what is a "covered entity"?

Which of the following best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?

SCENARIO Please use the following to answer the next question: Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help...

Which of the following is TRUE of a privacy program with decentralized governance?

SCENARIO Please use the following to answer the next question: Liam is the newly appointed IT Compliance Manager at Mesa, a US-based outdoor clothing brand with a global E-commerce...

SCENARIO Please use the following to answer the next question: Liam is the newly appointed IT Compliance Manager at Mesa, a US-based outdoor clothing brand with a global E-commerce...

SCENARIO Please use the following to answer the next question: Liam is the newly appointed IT Compliance Manager at Mesa, a US-based outdoor clothing brand with a global E-commerce...

SCENARIO Please use the following to answer the next question: Liam is the newly appointed IT Compliance Manager at Mesa, a US-based outdoor clothing brand with a global E-commerce...

Under the General Data Protection Regulation (GDPR), international data transfer is allowed using the mechanisms in all of the following scenarios EXCEPT between companies who?

Which of the following is NOT an important factor to consider when developing a data retention policy?

Which of the following is legally binding and enforceable?

Formosa International operates in 20 different countries including the United States and France. What organizational approach would make complying with a number of different regula...

The most direct way to ensure you are effectively communicating your privacy mission throughout your organization is to?

If done correctly, how can a Data Protection Impact Assessment (DPIA) create a win/win scenario for organizations and individuals?

Which of the following is NOT recommended for effective Identity Access Management?

You would like to better understand how your organization can demonstrate compliance with international privacy standards and identify gaps for remediation. What steps could you ta...

If your organization has a recurring issue with colleagues not reporting personal data breaches, all of the following are advisable to do EXCEPT?

SCENARIO Please use the following to answer the next question: Today is your first day at a fast growing international real estate firm headquartered in New York, with offices in C...

SCENARIO Please use the following to answer the next question: Today is your first day at a fast growing international real estate firm headquartered in New York, with offices in C...

SCENARIO Please use the following to answer the next question: Today is your first day at a fast growing international real estate firm headquartered in New York, with offices in C...

Which of the following forms of monitoring is best described as 'auditing' when aligning with privacy program goals?