CIPP-US Exam Questions

One of the most significant elements of Senate Bill No. 260 relating to Internet privacy is the introduction of what term into Nevada law?

SCENARIO Please use the following to answer the next question: Felicia has spent much of her adult life overseas, and has just recently returned to the U.S. to help her friend Cele...

Your company, an online store selling digital keys to video games, has received a data access request from an individual. Specifically, the individual wants access to her recent pu...

Which of the following would NOT be regulated by the Illinois Biometnc Information Pnvacy Act (BIPA)?

SCENARIO Please use the following to answer the next question: Felicia has spent much of her adult life overseas, and has just recently returned to the U.S. to help her friend Cele...

What privacy concept grants a consumer the right to view and correct errors on his or her credit report?

A company's employee wellness portal offers an app to track exercise activity via users' mobile devices. Which of the following design techniques would most effectively inform user...

Under the Fair Credit Reporting Act (FCRA), what must a person who is denied employment based upon his credit history receive?

Which statement is FALSE regarding the provisions of the Employee Polygraph Protection Act of 1988 (EPPA)?

U.S. federal laws protect individuals from employment discriminaton based on all of the following EXCEPT?

Which statute is considered part of U.S. federal privacy law?

In 2012, the White House and the FTC both issued reports advocating a new approach to privacy enforcement that can best be described as what?

The FTC often negotiates consent decrees with companies found to be in violation of privacy principles. How does this benefit both parties involved?

When developing a company privacy program, which of the following relationships will most help a privacy professional develop useful guidance for the organization?

The Family Educational Rights and Privacy Act (FERPA) requires schools to do all of the following EXCEPT?

Chanel Hair Studio is a busy high-end hair salon. In an effort to maximize efficiency of its operations and reduce wait times for appointments, Chanel decides to implement artifici...

Which of the following laws is NOT involved in the regulation of employee background checks?

In 2011, the FTC announced a settlement with Google regarding its social networking service Google Buzz. The FTC alleged that in the process of launching the service, the company d...

A financial services company install "bossware" software on its employees' remote computers to monitor performance. The software logs screenshots, mouse movements, and keystrokes t...

The CFO of a pharmaceutical company is duped by a phishing email and discloses many of the company's employee personnel files to an online predator. The files include employee cont...

A company based in United States receives information about its UK subsidiary's employees in connection with the centralized HR service it provides. How can the UK company ensure a...

Which of the following state laws has an entity exemption for organizations subject to the Gramm- Leach-Bliley Act (GLBA)?

When designing contact tracing apps in relation to COVID-19 or any other diagnosed virus, all of the following privacy measures should be considered EXCEPT?

SCENARIO Please use the following to answer the next question: Jane is a U.S. citizen and a senior software engineer at California-based Jones Labs, a major software supplier to th...

Once a breach has been definitively established, which task should be prioritized next?

SCENARIO Please use the following to answer the next question: Miraculous Healthcare is a large medical practice with multiple locations in California and Nevada. Miraculous normal...

Which of the following conditions would NOT be sufficient to excuse an entity from providing breach notification under state law?

The use of cookies on a website by a service provider is generally not deemed a `sale' of personal information by CCPA, as long as which of the following conditions is met?

Under the Driver's Privacy Protection Act (DPPA), which of the following parties would require consent of an individual in order to obtain his or her Department of Motor Vehicle in...

Which of the following federal agencies does NOT have regulatory authority related to privacy?

Which of the following practices is NOT a key component of a data ethics framework?

What was unique about the action that the Federal Trade Commission took against B.J.'s Wholesale Club in 2005?

Mega Corp. is a U.S.-based business with employees in California, Virginia, and Colorado. Which of the following must Mega Corp. comply with in regard to its human resources data?

Which of the following privacy rights is NOT available under the Colorado Privacy Act?

SuperMart is a large Nevada-based business that has recently determined it sells what constitutes "covered information" under Nevada's privacy law, Senate Bill 260. Which of the fo...

Under GLBA. which of these organizations would not be required to provide its customers with an annual privacy notice?

The concept of data portability refers to what?

Which of the following is NOT a common challenge large organizations face when implementing data portability?

Under the EU-US Data Privacy Framework, what must participating organizations provide to individuals in regard to complaints and disputes?

SCENARIO Please use the following to answer the next question: Miraculous Healthcare is a large medical practice with multiple locations in California and Nevada. Miraculous normal...

SCENARIO Please use the following to answer the next question: Miraculous Healthcare is a large medical practice with multiple locations in California and Nevada. Miraculous normal...

SCENARIO Please use the following to answer the next question: Miraculous Healthcare is a large medical practice with multiple locations in California and Nevada. Miraculous normal...

What consumer protection did the Fair and Accurate Credit Transactions Act (FACTA) require?

Which of the following would best provide a sufficient consumer disclosure under the Fair Credit Reporting Act (FCRA) prior to a consumer report being obtained for employment purpo...

SCENARIO Please use the following to answer the next question: Jane is a U.S. citizen and a senior software engineer at California-based Jones Labs, a major software supplier to th...

SCENARIO Please use the following to answer the next question: Jane is a U.S. citizen and a senior software engineer at California-based Jones Labs, a major software supplier to th...

According to the Family Educational Rights and Privacy Act (FERPA). when can a school disclose records without a student's consent?

A software company wants to use web scraping to collect personal data from professional networking websites in order to train an artificial intelligence program to evaluate Job app...

Due to cookie deprecation, businesses will be required to simplify their tracking practices by doing what?

The Clarifying Lawful Overseas Use of Data (CLOUD) Act is primarily intended to do which of the following?