CIPP-US Exam Questions

Which of the following most accurately describes the regulatory status ot pandemic contact- tracing apps in the United States?

Which power was NOT granted to the California Privacy Protection Agency by the California Privacy Rights Act (CPRA)?

Which of the following data elements is most likely to be subject to comprehensive state data security and privacy laws?

More than half of U S. states require telemarketers to do which of the following?

In the US, II is a best practice (and in some states a requirement) to conduct a data protection assessment in which instance?

What is the purpose of a cure provision in a stale data privacy law?

Which of the following definitions best defines privacy as cited in the text and related to privacy law?

In most cases, the FTC settles disputes through consent decrees and consent orders. What is the maximum length of a consent decree?

Which step in developing an Information Management Program involves distributing privacy policies and privacy notices?

Regarding data information management, which of the following tasks can help with compliance audits, quickly comply with legal discovery requests, and ensure data is stored efficie...

Which of the following would NOT fall under the jurisdiction of the GDPR?

Which form of malicious online threat targets an individual user and pretends to be a legitimate party, such as a bank, to steal personal data?

Which of the following entities is the PRIMARY enforcer of the HIPAA Privacy Rule and can assess civil monetary penalties?

Which jurisdiction must courts have in order to hear a particular case?

Which authority supervises and enforces laws regarding advertising to children via the Internet?

According to Section 5 of the FTC Act, self-regulation primarily involves a company's right to do what?

Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for...

The "Consumer Privacy Bill of Rights" presented in a 2012 Obama administration report is generally based on?

What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?

Read this notice: Our website uses cookies. Cookies allow us to identify the computer or device you're using to access the site, but they don't identify you personally. For instruc...

SCENARIO Please use the following to answer the next question: Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical...

SCENARIO Please use the following to answer the next question: Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical...

SCENARIO Please use the following to answer the next question: Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical...

SCENARIO Please use the following to answer the next question: Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical...

According to the FTC Report of 2012, what is the main goal of Privacy by Design?

What is the main reason some supporters of the European approach to privacy are skeptical about self- regulation of privacy practices?

Which legislation provides privacy provisions for the exemption of disclosure of certain biomedical information, securing remote access to view PHI, prohibiting the blocking of inf...

Who is responsible for notifying consumers when adverse action is taken based on information in a consumer credit report?

Which two FCRA rules were added with the Fair and Accurate Credit Transitions Act in 2003?

According to the Children's Online Privacy Protection Rule, all the following would be considered personal information EXCEPT:

Which statement is TRUE regarding Sarah and Robert under COPPA?

One of Don's concerns is the easy access to pornography on the internet today. He does not want his children viewing pornography either purposely or accidentally. Which statement i...

Don understands that some location-based services simply enhance the user experience. Others, such as daily fantasy sports applications that allow sports betting, require that loca...

Robert has been having some arguments with another boy at school. The other boy has posted a picture semi-nude picture of Robert on social media that he took in the boy's locker ro...

What is the main purpose of the Global Privacy Enforcement Network?

In 2014, Google was alleged to have violated the Family Educational Rights and Privacy Act (FERPA) through its Apps for Education suite of tools. For what specific practice did stu...

Which venture would be subject to the requirements of Section 5 of the Federal Trade Commission Act?

An organization self-certified under Privacy Shield must, upon request by an individual, do what?

Which of the following federal agencies does NOT enforce the Disposal Rule under the Fair and Accurate Credit Transactions Act (FACTA)?

SCENARIO Please use the following to answer the next question: A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent le...

SCENARIO Please use the following to answer the next question: A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent le...

SCENARIO Please use the following to answer the next question: A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent le...

SCENARIO Please use the following to answer the next question: A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent le...

Which of the following requires financial institutions to maintain security controls to protect personal consumer information for both electronic and paper records, and requires in...

General health records data for private schools who accept no federal funding are subject to:

The criteria for an existing business relationship, as defined by TSR, includes:

Who has the right to private action regarding violations of the CAN-SPAM Act?

What was the primary reason for the creation of HIPAA?

Lawrence works for a healthcare provider, which of the following healthcare entities covered by HIPAA (prior to HITECH) includes third-party organizations that host, handle, or pro...

Which of the following scenarios would NOT be covered under HIPAA?