CIPP-US Exam Questions

Under state breach notification laws, which is NOT typically included in the definition of personal information?

Which of the following best describes what a "private right of action" is?

Which of the following is NOT a principle found in the APEC Privacy Framework?

What is the most important action an organization can take to comply with the FTC position on retroactive changes to a privacy policy?

Federal laws establish which of the following requirements for collecting personal information of minors under the age of 13?

If an organization maintains data classified as high sensitivity in the same system as data classified as low sensitivity, which of the following is the most likely outcome?

Which of the following best describes the ASIA-Pacific Economic Cooperation (APEC) principles?

Which of the following became the first state to pass a law specifically regulating the practices of data brokers?

Acme Student Loan Company has developed an artificial intelligence algorithm that determines whether an individual is likely to pay their bill or default. A person who is determine...

Global Manufacturing Co's Human Resources department recently purchased a new software tool. This tool helps evaluate future candidates for executive roles by scanning emails to se...

Which of the following would NOT constitute an exception to the authorization requirement under the HIPAA Privacy Rule?

What type of material is exempt from an individual's right to disclosure under the Privacy Act?

Which of the following best describes an employer's privacy-related responsibilities to an employee who has left the workplace?

All of the following common law torts are relevant to employee privacy under US law EXCEPT?

Which law provides employee benefits, but often mandates the collection of medical information?

John, a California resident, receives notification that a major corporation with $500 million in annual revenue has experienced a data breach. John's personal information in their...

Smith Memorial Healthcare (SMH) is a hospital network headquartered in New York and operating in 7 other states. SMH uses an electronic medical record to enter and track informatio...

Sarah lives in San Francisco, California. Based on a dramatic increase in unsolicited commercial emails, Sarah believes that a major social media platform with over 50 million user...

Which of the following is an example of federal preemption?

Which of these organizations would be required to provide its customers with an annual privacy notice?

Which entity within the Department of Health and Human Services (HHS) is the primary enforcer of the Health Insurance Portability and Accountability Act (HIPAA) "Privacy Rule"?

Which of the following best describes how federal anti-discrimination laws protect the privacy of private-sector employees in the United States?

Even when dealing with an organization subject to the CCPA, California residents are NOT legally entitled to request that the organization do what?

Which of the following accurately describes the purpose of a particular federal enforcement agency?

SCENARIO Please use the following to answer the next question: When there was a data breach involving customer personal and financial information at a large retail store, the compa...

SCENARIO Please use the following to answer the next question: When there was a data breach involving customer personal and financial information at a large retail store, the compa...

SCENARIO Please use the following to answer the next question: When there was a data breach involving customer personal and financial information at a large retail store, the compa...

SCENARIO Please use the following to answer the next question: Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop. "Doing your...

Under the California Consumer Privacy Act (as amended by the California Pnvacy Rights Act), a consumer may Initiate a civil action against a business for?

A California resident has created an account on your company's online food delivery platform and placed several orders in the past month Later she submits a data subject request to...

Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from mar...

In a case of civil litigation, what might a defendant who is being sued for distributing an employee's private information face?

The U.S. Supreme Court has recognized an individual's right to privacy over personal issues, such as contraception, by acknowledging which of the following?

Based on the 2012 Federal Trade Commission report "Protecting Consumer Privacy in an Era of Rapid Change", which of the following directives is most important for businesses?

In March 2012, the FTC released a privacy report that outlined three core principles for companies handling consumer data. Which was NOT one of these principles?

What is a key way that the Gramm-Leach-Bliley Act (GLBA) prevents unauthorized access into a person's back account?

In what way is the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN- SPAM) Act intended to help consumers?

SCENARIO Please use the following to answer the next question: Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy p...

SCENARIO Please use the following to answer the next question: Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy p...

Which of the following statements is most accurate in regard to data breach notifications under federal and state laws:

What consumer service was the Fair Credit Reporting Act (FCRA) originally intended to provide?

Privacy Is Hiring Inc., a CA-based company, is an online specialty recruiting firm focusing on placing privacy professionals in roles at major companies. Job candidates create onli...

SCENARIO Please use the following to answer the next question: Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has m...

SCENARIO Please use the following to answer the next question: Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has m...

Which federal agency plays a role in privacy policy, but does NOT have regulatory authority?

Which of the following is NOT one of three broad categories of products offered by data brokers, as identified by the U.S. Federal Trade Commission (FTC)?

What information did the Red Flag Program Clarification Act of 2010 add to the original Red Flags rule?

Although an employer may have a strong incentive or legal obligation to monitor employees' conduct or behavior, some excessive monitoring may be considered an intrusion on employee...

Which of the following became the first state to pass a law specifically regulating the collection of biometric data?

SCENARIO Please use the following to answer the next question: Felicia has spent much of her adult life overseas, and has just recently returned to the U.S. to help her friend Cele...